Russian state-sponsored threat operation TA446, also known as COLDRIVER, Callisto, and Star Blizzard, has leveraged the DarkSword iOS exploit kit in a new targeted spear-phishing campaign, The Hacker News reports.Malicious emails purporting to be discussion invites from the Atlantic Council have been delivered by TA466 to harness DarkSword for the eventual injection of the GHOSTBLADE dataminer malware in the iPhones of high-profile targets, including Russian opposition politician and Anti-Corruption Foundation director Leonid Volkov, according to Proofpoint and Malfors researchers."We have not previously observed TA446 target users' iCloud accounts or Apple devices, but the adoption of the leaked DarkSword iOS exploit kit has now enabled the actor to target iOS devices," said Proofpoint analysts, who discovered that TA446 has ramped up intrusions over the past two weeks to spread the MAYBEROBOT backdoor. Such findings come amid the reported emergence of a plug-and-play version of DarkSword, which reduces the barriers to iOS-targeted intrusions."DarkSword refutes the common belief that iPhones are immune to cyber threats, and that advanced mobile attacks are only used in targeted efforts against governments and high-ranking officials," said Lookout principal researcher Justin Albrecht.
Threat Intelligence, Phishing
New Russian spear-phishing campaign weaponizes DarkSword iOS exploit kit

(Adobe Stock)
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds



