Russian-linked hackers target Ukrainian iPhone users with DarkSword exploit, steal data and crypto

Russian government-linked hackers have launched a sophisticated cyberattack targeting Ukrainian iPhone users using a hacking toolkit called DarkSword.

“New forensic findings reveal a stealthy iPhone exploit used against Ukrainians, showing rapid data theft and possible cryptocurrency targeting”

mezha.net

Google analysts working in collaboration with iVerify and Lookout have identified the campaign carried out by a group known as UNC6353.

mezha.net

The campaign demonstrates advanced capabilities for stealthy data theft and cryptocurrency targeting.

The discovery of DarkSword follows similar patterns to previous hacking tools, suggesting that sophisticated iPhone spyware may be more prevalent than previously believed.

The campaign shows clear geographic limitations, focusing primarily on Ukrainian users rather than launching a widescale attack targeting users worldwide.

This geographic focus indicates some restraint in the hackers' operational scope despite having access to powerful tools.

The DarkSword toolkit represents a significant advancement in iPhone exploit technology.

The hacking tools are capable of rapid data extraction and cryptocurrency targeting.

TechCrunch

The campaign uses more modern tools and exploits different vulnerabilities compared to previous hacking efforts.

The technical sophistication of DarkSword suggests access to advanced cybersecurity resources and expertise.

This indicates potential state-level backing for the hacking group.

The focus on cryptocurrency theft shows a dual motive of intelligence gathering and financial gain.

The DarkSword campaign is closely related to a previous sophisticated iPhone hacking toolkit called Coruna.

“New forensic findings reveal a stealthy iPhone exploit used against Ukrainians, showing rapid data theft and possible cryptocurrency targeting”

mezha.net

Coruna was originally developed by the American defense company L3Harris and its Trenchant division.

It was initially created for use by Western government structures, particularly those in the Five Eyes intelligence alliance.

According to former L3Harris employees, the original purpose of Coruna was governmental surveillance.

After being used by Russian spies targeting Ukrainians, the toolkit was later adopted by Chinese cybercriminals.

This demonstrates how sophisticated hacking tools can proliferate across different threat actors and regions.

The emergence of sophisticated hacking toolkits like DarkSword and Coruna raises significant concerns.

These tools highlight the proliferation of advanced iPhone spyware and blurring lines between state-sponsored cyber warfare and criminal activities.

TechCrunch

The geographic targeting pattern suggests strategic limitation to specific regions and objectives.

The development of such tools by defense contractors for Western governments before adoption by adversaries is concerning.

The dual-use nature of these technologies creates complex challenges for global cybersecurity.

This raises questions about effectiveness of export controls and monitoring mechanisms for advanced cyber weapons.