(google.com) DarkSword iOS Full-Chain Exploit Adopted by Multiple Threat Actors Across Distinct Campaigns
-
(google.com) DarkSword iOS Full-Chain Exploit Adopted by Multiple Threat Actors Across Distinct Campaigns
Google Threat Intelligence Group has identified DarkSword, a full chain iOS exploit kit leveraging six zero day vulnerabilities across iOS 18.4 through 18.7, deployed by three threat actors including UNC6748, PARS Defense, and suspected Russian group UNC6353. Active since at least November 2025, campaigns targeted users in Saudi Arabia, Turkey, Malaysia, and Ukraine. The chain exploits flaws in JavaScriptCore, ANGLE WebGL, XNU memory management, and XNU VFS for full kernel compromise, delivering three post exploitation malware families: GHOSTBLADE, GHOSTKNIFE, and GHOSTSABER. All vulnerabilities have been patched by Apple.
IOCs in the article.
Source: https://cloud.google.com/blog/topics/threat-intelligence/darksword-ios-exploit-chain/
-
R relay@relay.infosec.exchange shared this topic
