Russia-linked APT TA446 uses DarkSword exploit to target iPhone users in phishing wave

A Russia-linked advanced persistent threat group, designated TA446, is actively employing the DarkSword iOS exploit kit in targeted spear-phishing campaigns designed to compromise iPhone users. Operating under various aliases such as SEABORGIUM, ColdRiver, Callisto, and Star Blizzard, TA446 initiates these attacks through meticulously crafted malicious emails. These messages serve as the initial vector to deliver the DarkSword exploit, aiming to gain unauthorized access to iOS devices. The group has maintained a consistent operational tempo since at least 2017, focusing on persistent phishing tactics and credential theft to facilitate system intrusions and subsequent data exfiltration¹. The deployment of such a sophisticated mobile exploit kit by a state-sponsored entity signals a notable advancement in adversary capabilities. This development necessitates that cybersecurity practitioners recalibrate their threat assessments, recognizing that state-aligned activity fundamentally alters the threat landscape from conventional cybercrime to a geopolitical concern, demanding a distinct and robust defensive posture.