"The latest activity, highlighted by Proofpoint and Malfors, involves using fake 'discussion invitation' emails spoofing the Atlantic Council to facilitate the delivery of GHOSTBLADE, a dataminer malware, via the DarkSword exploit kit."
"We have not previously observed TA446 target users' iCloud accounts or Apple devices, but the adoption of the leaked DarkSword iOS exploit kit has now enabled the actor to target iOS devices."
Proofpoint revealed that the Russian state-sponsored group TA446 is exploiting the DarkSword exploit kit to target iOS devices. This group, linked to the FSB, is known for spear-phishing campaigns aimed at credential harvesting. Recent attacks have included targeting WhatsApp accounts and deploying custom malware. The latest campaign involved fake emails spoofing the Atlantic Council to deliver GHOSTBLADE malware. The volume of emails from TA446 has increased significantly, with a focus on deploying the MAYBEROBOT backdoor through password-protected ZIP files.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]