Russian state-sponsored threat group TA446, also known as Callisto, has been identified deploying the recently leaked DarkSword iOS exploit kit in targeted spear-phishing campaigns. Proofpoint researchers disclosed details of the campaign with high confidence attribution to the Russian group.
The threat actors are leveraging the DarkSword exploit kit, which was recently disclosed publicly, to specifically target iOS devices through email-based attacks. The campaign represents a shift toward mobile device targeting by the Russian group.