Russian state-sponsored threat actor Star Blizzard has incorporated the DarkSword iOS exploit kit into its arsenal, leveraging it to target a wide range of sectors, including government, higher education, financial institutions, and legal entities, as well as think tanks1. This development marks a significant expansion of the group's capabilities, enabling it to compromise iOS devices and potentially extract sensitive information. The adoption of DarkSword underscores the group's ongoing efforts to enhance its cyber espionage capabilities, posing a substantial threat to organizations handling sensitive information. The use of such exploit kits by state-sponsored actors like Star Blizzard shifts the threat paradigm, necessitating a distinct approach to cybersecurity that accounts for the unique motivations and tactics of nation-state attackers. This matters to practitioners because it requires a fundamental shift in threat modeling, from a primarily criminal-focused approach to one that accounts for geopolitical motivations and sophisticated nation-state capabilities.