Russian State-Sponsored Hackers TA446 Leverage DarkSword iOS Exploit Kit in Spear-Phishing Attacks

A recent targeted email campaign has been uncovered, in which Russian threat actors are utilizing the DarkSword exploit kit to compromise iOS devices. The campaign is attributed to the TA446 group, a Russian state-sponsored threat actor also known as Callisto.

The use of the DarkSword exploit kit in this campaign is significant, as it marks a new tactic employed by the TA446 group to target iOS devices. The DarkSword kit is designed to exploit vulnerabilities in iOS devices, allowing attackers to gain unauthorized access to sensitive information.

Proofpoint has disclosed details of the campaign, which involves highly targeted spear-phishing emails designed to trick victims into installing the DarkSword exploit kit on their iOS devices. The kit can exploit multiple vulnerabilities, including unpatched CVEs, to gain control of the device.

The TA446 group is known for its sophisticated tactics and techniques, and the use of the DarkSword exploit kit is a testament to the group’s continued evolution and adaptation. The campaign highlights the importance of keeping iOS devices up to date with the latest security patches and being cautious when interacting with suspicious emails.

The attribution of the campaign to the TA446 group is based on high-confidence intelligence, and the group’s ties to Russia have been well-documented. The use of the DarkSword exploit kit in this campaign is a significant development, and it is likely that the kit will be used in future campaigns by the TA446 group and other threat actors.

Source: Original Article

Press ESC to close

Share Article:

Tarang Parmar

Vulnerability in Open VSX Allows Malicious VS Code Extensions to Evade Security Checks

CISA Flags Critical F5 BIG-IP APM Vulnerability CVE-2025-53521 Amid Active Exploitation