A planned cyberattack that uses links to Russia is using the newly released DarkSword exploit kit to go after iPhone users This article explores planned cyberattack uses. . It is clear that the Russian state-sponsored threat group TA446 is behind the activity.

The fact that a DarkSword loader uploaded to VirusTotal has been found to link to "escofiringbijou[. ]com," a second-stage domain linked to the threat actor, also supports the group's use of DarkSword. Apple is sending Lock Screen notifications to older iOS and iPadOS devices to warn users about web-based attacks and get them to update their apps. The company sees this as a serious threat that needs to be dealt with right away by users, which is why they did this strange thing.

It also makes people worry that it could make nation-state attacks easier to carry out, which would change the mobile threat landscape in a big way. The company's warning goes against the idea that iPhones are safe from cyber threats and suggests that anyone can now use advanced attacks. Proofpoint and Malfors have pointed out that the most recent activity involves sending fake "discussion invitation" emails that look like they come from the Atlantic Council to make it easier to send GHOSTBLADE, a data-mining malware.

Leonid Volkov, a well-known Russian opposition politician and the political director of the Anti-Corruption Foundation, was one of the people who got the email. This makes it seem like TA446 might be using the new features that DarkSword gives them to run opportunistic campaigns against a wider range of targets.

A URLScan.io check showed that the TA446-controlled domain hosted the Dark sword exploit kit, which included initial redirectors, exploit loaders, remote code execution components, and Pointer Authentication Code (PAC) bypass elements. There is no sign that sandbox escapes are being sent. The threat actor is thought to be using the Dark Sword exploit kit to steal credentials and gather information, and they are going after more people than usual.