A Russia-linked threat group known as TA446 (also tracked as Callisto / COLDRIVER / Star Blizzard) has been observed using the newly leaked DarkSword iOS exploit kit to target Apple devices in sophisticated cyber-espionage campaigns.
TA446 is believed to be affiliated with Russia’s Federal Security Service (FSB) and is known for credential harvesting and spear-phishing operations.
Why This Is Dangerous
- Leaked exploit = wider abuse:
The DarkSword toolkit was recently leaked online, making it easier for less-skilled hackers to launch advanced iOS attacks. - Advanced exploitation:
DarkSword is a full-chain exploit using multiple vulnerabilities, capable of silently compromising devices and stealing sensitive data. - Shift in threat landscape:
Previously limited to nation-state actors, such tools are now becoming commodity malware, increasing global risk.
