TA446 Deploys DarkSword iOS Exploit Kit in Targeted Spear-Phishing Campaign

TA446 used leaked DarkSword on March 26 to target iOS devices, prompting Apple alerts and widening mobile espionage risks.

TA446, a threat actor linked to Russia, deployed the leaked DarkSword iOS exploit kit in a targeted spear-phishing campaign on March 26, 2026. The campaign targeted iOS devices, exploiting vulnerabilities to gain unauthorized access and deploy malware. Apple issued alerts to users about the attacks, highlighting the growing risk of mobile espionage. The use of DarkSword, which was previously leaked online, underscores how threat actors are leveraging publicly available tools for sophisticated attacks. This incident marks a significant escalation in mobile security threats, particularly for high-value targets in government, corporate, and critical infrastructure sectors. Security experts warn that such campaigns could lead to data theft, surveillance, and further exploitation of compromised devices. The response from Apple and cybersecurity firms is ongoing, with efforts to patch vulnerabilities and mitigate the impact. Users are advised to update their devices, enable security features, and be cautious of suspicious emails or links.