‘DarkSword’ iOS Exploit Kit Used by State-Sponsored Hackers, Spyware Vendors

Security researchers have discovered another sophisticated iOS exploit kit and found evidence that it has been used by both state-sponsored hackers and commercial spyware vendors.

A Russian state-sponsored espionage group tracked as UNC6353 has been using the iOS exploit kit in attacks against Ukraine.

In early March, Google and iVerify shared details on Coruna, a powerful exploit kit targeting 23 vulnerabilities in iOS 13 through 17.2.1, including nearly a dozen zero-days.

Flagged as the first mass-exploitation kit targeting iOS devices, Coruna was used by UNC6353 in watering hole attacks against Ukraine and later leveraged by financially motivated groups due to its cryptocurrency-theft capabilities.

On Wednesday, iVerify, Google, and Lookout shared details on a second mass-exploitation iOS kit used by UNC6353. Named DarkSword, it targets six vulnerabilities in Apple’s mobile platform and leads to full device compromise with minimal user interaction.

DarkSword shares infrastructure with Coruna and was ...