"Proofpoint automated analysis was redirected to a benign decoy PDF, likely because of server-side filtering to only redirect iPhone browsers to the exploit kit."
"The known Star Blizzard domain was serving the DarkSword exploit kit, including the initial redirector, exploit loader, RCE, and PAC bypass components."
"Star Blizzard has significantly increased the volume of malicious emails compared to its normal operational tempo, with a notable spike observed on March 26."
Star Blizzard, a Russian state-sponsored hacking group, has adopted the DarkSword iOS exploit kit in a campaign involving GhostBlade malware. The group, linked to the FSB, has increased its email attacks, utilizing Atlantic Council lures. The emails, observed on March 26, contained links instead of attachments, marking a shift in tactics. This is the first instance of Star Blizzard targeting iCloud accounts and Apple devices. Evidence includes a DarkSword loader and a known domain serving the exploit kit components.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]