Russian state-sponsored hacking group Star Blizzard has adopted the DarkSword iOS exploit kit in an ongoing campaign, using GhostBlade malware to target Apple devices and iCloud accounts. Proofpoint observed a March 26 spike in link-based emails using Atlantic Council lures, and evidence from VirusTotal and URLScan links DarkSword components and a second-stage domain to the group. #StarBlizzard #DarkSword
Keypoints
- Star Blizzard (also tracked as TA446/Callisto) has added the DarkSword iOS exploit kit to its toolkit.
- The campaign delivered GhostBlade and used Atlantic Council-themed lures to entice targets.
- Proofpoint observed a March 26 spike in malicious link-based emails from multiple compromised senders.
- Evidence includes a DarkSword loader on VirusTotal and an @URLScan submission showing exploit use tied to a Star Blizzard domain.
- Targets span financial, government, higher education, legal entities, and think tanks, suggesting credential harvesting and intelligence collection.
Read More: https://www.securityweek.com/russian-apt-star-blizzard-adopts-darksword-ios-exploit-kit/