Russian state-backed group TA446 launches spear-phishing attack with DarkSword iOS exploit kit
Contents
[Proofpoint investigation has revealed] that the attack group TA446 under the Russian FSB (Federal Security Service) is conducting large-scale spear phishing attacks using the iOS exploit kit DarkSword'' leaked to GitHub (https://thehackernews.com/2026/03/ta446-deploys-leaked-darksword-ios.html). This is the first time TA446 has been seen targeting iOS devices or iCloud accounts, and the democratization” of leaked exploit kits is spreading to nation-state attackers.
Who is TA446?
TA446, also known in the security industry as Callisto, COLDRIVER, and Star Blizzard (formerly SEABORGIUM), is a Russian state-sponsored attack group tracked by MITER ATT&CK as G1033. Up until now, spear phishing has been the main purpose of stealing credentials, but attacks on WhatsApp accounts have and the deployment of custom malware also been observed.
What is noteworthy about this campaign is that TA446 has never targeted iOS devices or Apple services. The DarkSword leak enabled an expansion of attack vectors.
Overall picture of the attack
On March 26, 2026, TA446 sent an “invitation to discussion” email impersonating the Atlantic Council. The emails were sent from legitimate compromised accounts, and one of the named targets was Leonid Volkov, a Russian opposition politician and political director of the Anti-Corruption Foundation.
The targets ranged from government agencies, think tanks, higher education institutions, financial institutions, and law firms, with Proofpoint saying it was “much broader in scope than usual.” Email volume has also “increased significantly” over the past two weeks.
The attack chain proceeds as follows.
graph TD
A[侵害済みアカウントから<br/>偽装メール送信] --> B{受信デバイスの判定}
B -->|iPhone/iPad| C[DarkSwordエクスプロイトキット<br/>へリダイレクト]
B -->|自動分析ツール| D[無害なデコイPDFを返却]
B -->|PC| E[パスワード付きZIPファイル<br/>MAYBEROBOTバックドア配信]
C --> F[Safari WebKit脆弱性で<br/>初期侵害]
F --> G[PAC/TPROバイパス<br/>CVE-2026-20700]
G --> H[ANGLE経由<br/>サンドボックス脱出]
H --> I[カーネル特権昇格]
I --> J[GHOSTBLADEデータマイナー<br/>インストール]The server side is clever in sorting out access sources, and when automatic analysis tools (sandboxes and crawlers) access it, it returns a harmless PDF, and only delivers an exploit kit when accessed from Safari on an iPhone. For access via a PC, a backdoor called MAYBEROBOT is sent in a password-protected ZIP.
DarkSword Exploit Kit Technical Details
DarkSword is an iOS exploit kit jointly discovered by iVerify, Google Threat Intelligence Group, and Lookout in mid-March 2026, and as mentioned in previous CISA KEV addition, it takes full control of iOS devices by chaining vulnerabilities in Apple WebKit and Kernel. It is linked to the same attacker infrastructure as the Coruna exploit kit investigated two weeks prior to its discovery, both of which were used against targets in Ukraine.
On March 23rd, the DarkSword code was leaked to GitHub, making advanced iOS exploits previously available only to nation-state attackers available to everyone. “DarkSword overturns the conventional wisdom that iPhones are invulnerable to cyber threats and that sophisticated mobile attacks only target government officials,” said Lookout’s Justin Albrecht.
6 CVEs being exploited
DarkSword chained six vulnerabilities and exploited three as zero-days.
| CVE | Components | Content | Zero Day |
|---|---|---|---|
| CVE-2025-31277 | Safari WebContent JIT RegExp | RCE due to type confusion | Yes |
| CVE-2025-43529 | Safari WebContent JIT | Use-After-Free arbitrary memory read/write | Yes |
| CVE-2026-20700 | dyld TPRO/PAC bypass | Pointer Authentication bypass | Yes |
| CVE-2025-14174 | ANGLE GPU process | Sandbox escape due to out-of-bounds write | No |
| CVE-2025-43510 | AppleM2ScalerCSCDriver | Kernel compromise with Copy-On-Write vulnerability | No |
| CVE-2025-43520 | XNU kernel | Privilege Escalation | No |
It affects iOS 18.4 to 18.6.2, and iVerify estimates that approximately 221.5 million iPhones may be affected.
Stages of the exploit chain
The attack is divided into 7 stages.
graph TD
S1[Stage 1: 初期侵害<br/>悪意あるiframeを埋め込んだ<br/>Webサイトにアクセス] --> S2[Stage 2: ローダー配信<br/>rce_loader.jsがiOSバージョンを判定<br/>適切なエクスプロイトを選択]
S2 --> S3[Stage 3: Safari RCE<br/>JIT脆弱性で任意メモリ<br/>読み書きを確立]
S3 --> S4[Stage 4: サンドボックス脱出<br/>ANGLE OOB Writeで<br/>GPUプロセスへ移行]
S4 --> S5[Stage 5: デーモン侵害<br/>AppleM2ScalerCSCDriverの<br/>COW脆弱性で<br/>mediaplaybackdに侵入]
S5 --> S6[Stage 6: カーネル特権昇格<br/>pe_main.jsがカーネルレベル<br/>の読み書きを確立]
S6 --> S7[Stage 7: インプラント注入<br/>SpringBoard/configd/wifid等<br/>複数プロセスにJSを注入]The method of bypassing PAC (Pointer Authentication Code) is particularly clever. PAC is a mechanism used by Apple Silicon to add cryptographic signatures to function pointers to prevent corruption attacks, but DarkSword exploits the fact that the internal structure of dyld (dynamic linker) exists on writable stack memory, allowing it to bypass both TPRO (Trusted Path Read-Only) and PAC. It also disables SPRR (System Page Read-only Region Register) and JIT Cage mitigations by manipulating thread state.
Data stolen by GHOSTBLADE
The GHOSTBLADE data miner, which is injected at the final stage, sucks out almost all data from the device.
| Category | Target |
|---|---|
| Credentials | Entire keychain (user/system/backup/device) |
| Communication | SMS/iMessage, call history, contacts |
| Messenger | Telegram, WhatsApp, Signal |
| Cryptoassets | Over 40 wallet apps (Coinbase, MetaMask, Phantom, Ledger, etc.) |
| Browsing | Safari history, bookmarks, and cookies |
| Location information | consolidated.db (location history) |
| Miscellaneous | Email, notes, calendar, photo metadata, health data, WiFi credentials |
The attacker uses a dual injection technique to steal WiFi credentials by injecting into two processes, wifid and securityd.
Uniqueness of TA446’s latest attack
TA446/COLDRIVER is a group whose main tactic has been phishing credentials. “This is the first time we have observed TA446 targeting iCloud accounts or Apple devices,” Proofpoint said in a statement. By incorporating the leaked DarkSword, attack capabilities have been greatly expanded from stealing credentials to directly intruding into iOS devices.
Another change is the C2 (command and control) infrastructure. The DarkSword loader uploaded to VirusTotal references the domain escofiringbijou[.]com, which has been identified as a second stage C2 domain belonging to TA446. However, the distribution of the sandbox escape component has not been confirmed, and it is still unclear whether all stages of the exploit chain have been used in actual combat.
Measures
Apple has already distributed patches for all components, and updating to iOS 18.7.6 or iOS 26.3.1 will address all exploitable vulnerabilities. In addition, Apple has taken the unusual step of displaying a lock screen notification warning of “web-based attacks” on devices running older iOS/iPadOS, suggesting that Apple considers this threat to have a wide-ranging impact.
DarkSword’s GitHub leak leaves iOS exploit chains accessible to a wide range of attackers, not just state-sponsored groups. The risks of postponing iOS device updates are incomparable.