TA446 Expands DarkSword iOS Attacks in Broad Spear-Phishing Campaign
TA446, a Russia-linked threat group, used the DarkSword iOS exploit kit in a targeted spear-phishing operation to deliver the GHOSTBLADE dataminer and the MAYBEROBOT backdoor via password-protected ZIPs; emails spoofed Atlantic Council discussion invites and redirected iPhone users (March 26, 2026) to the exploit kit through decoy PDFs, with server-side filtering guiding iOS browsers to the kit but no sandbox escapes observed. The campaign broadened targets to government, think tanks, higher education, finance, and legal entities, suggesting opportunistic credential harvesting and intel collection. Apple warns users with Lock Screen alerts and urges updates; a leaked DarkSword version on GitHub could democratize the exploit, potentially expanding mobile threats, per researchers.
- TA446 Deploys DarkSword iOS Exploit Kit in Targeted Spear-Phishing Campaign The Hacker News
- A major hacking tool has leaked online, putting millions of iPhones at risk. Here’s what you need to know. TechCrunch
- ‘Update Now’: Apple Issues Urgent Warning to iPhone Users inc.com
- This Week In Security: Second Verse, Worse Than The First Hackaday
- DarkSword leak puts millions of iPhone users at risk Fox News
Reading Insights
1
13
3 min
vs 4 min read
82%
614 → 109 words
Want the full story? Read the original article
Read on The Hacker News