Russian State Hackers TA446 Deploy Leaked DarkSword iOS Exploit Kit in Targeted Phishing Campaign

atadmin
By
atadmin
1 Min Read

Proofpoint has disclosed details of a targeted email campaign in which the Russian state-sponsored threat group TA446 (also known as Callisto, COLDRIVER, and Star Blizzard) is leveraging the leaked DarkSword exploit kit to target iOS devices.

The campaign uses fake “discussion invitation” emails spoofing the Atlantic Council to deliver the GHOSTBLADE malware via the DarkSword exploit kit. One of the recipients was prominent Russian opposition politician Leonid Volkov. The targeting was “much wider than usual” and included government, think tank, higher education, financial, and legal entities.

“We have not previously observed TA446 target users’ iCloud accounts or Apple devices, but the adoption of the leaked DarkSword iOS exploit kit has now enabled the actor to target iOS devices,” Proofpoint said. The group is affiliated with Russia’s Federal Security Service (FSB) and may be leveraging the exploit kit for opportunistic credential harvesting and intelligence collection.

Source: The Hacker News →

Share This Article
Leave a Comment

Leave a Reply

Your email address will not be published. Required fields are marked *