Proofpoint has disclosed details of a targeted email campaign in which threat actors with ties to Russia are leveraging the recently disclosed DarkSword exploit kit to target iOS devices.
The activity has been attributed with high confidence to the Russian state-sponsored threat group known as TA446, which is also tracked by the broader cybersecurity community under the monikers Callisto, COLDRIVE...
The strongest version of this narrative highlights a concerning evolution in state-sponsored cyber threats: a Russian-linked group, TA446, has expanded its arsenal to include the DarkSword exploit kit, enabling attacks on iOS devices—a platform previously considered more secure. The campaign's use of spoofed emails from a reputable think tank (Atlantic Council) and targeting of high-profile individuals like Leonid Volkov underscores the group's strategic focus on intelligence collection. The bro...