Cybersecurity researchers have discovered a new wave of attacks targeting Ukrainian iPhone users, using the DarkSword tool, which allows for the rapid extraction of personal data from a phone without extensive monitoring of the victim.
Cybersecurity researchers have discovered a new wave of attacks targeting Ukrainian iPhone users, using the DarkSword tool, which allows for the rapid extraction of personal data from a phone without extensive monitoring of the victim.
According to TechCrunch, the campaign was carried out by a group called UNC6353, which researchers have linked to Russian intelligence services. The attacks were specifically targeted at Ukrainians: the malicious chain was triggered when a person opened an infected website from an iPhone while in Ukraine.
DarkSword was not designed for long-term covert surveillance, but for quick data collection. The tool could steal passwords, photos, browser history, SMS, as well as WhatsApp and Telegram correspondence. After that, the malicious code ran on the device for only a few minutes and disappeared, making it difficult to detect the attack.
Separately, researchers noted that DarkSword was also able to work with popular crypto wallets. However, there is currently no evidence that Russian hackers actually withdrew cryptocurrency in this campaign. The very fact of such a function rather indicates that the tool was designed to be flexible and modular so that it could be used for both espionage and financial crimes.
This is the second such iPhone hacking toolkit linked to attacks on Ukrainians in a short period of time. In early March, Google described another toolkit called Coruna. The new discovery suggests that expensive and sophisticated iPhone hacking tools are no longer as rare as they once were, and that the attacks on Ukrainians themselves may be part of a broader market for such cyber tools.
Google Threat Intelligence Group reports that DarkSword used a different chain of vulnerabilities than Coruna, but had related infrastructure. Apple has already closed some of the vulnerabilities, and researchers are advising users to update iOS as soon as possible. According to estimates by Reuters and Wired, hundreds of millions of devices could be at risk if they are still running vulnerable versions of the system.
Previously, dev.ua wrote about how Ukrainian institutions were targeted by a new cyber campaign. According to experts from the Spanish security company S2 Grupo LAB52, Russian hackers are likely behind the attacks.
