Ukrainian iPhone Users Targeted by Advanced Hacking Group

Jack Hunter

Summary

Researchers uncover a hacking campaign in Ukraine using the Darksword toolkit, aimed at iPhone users' data theft.

Why this matters

This story highlights the ongoing intersection of cybersecurity, international conflict, and personal data risk, underscoring the complex challenges in global cyber warfare.

A group identified as UNC6353, suspected of having ties to the Russian government, targeted iPhone users in Ukraine with advanced hacking tools, cybersecurity researchers from Google, iVerify, and Lookout revealed. This campaign, related to previous attacks, employs a toolkit named Darksword to access personal data such as passwords, photos, and messages, but avoids persistent surveillance.

Darksword’s brief presence on devices indicates a quick operation, likely aimed at understanding the victims’ activities. The toolkit also has features to target cryptocurrency storages, a rarity for government-tied hackers. This suggests potential financial motivations but lacks concrete evidence of interest from the hackers.

Darksword was professionally developed, allowing modular applications, making it adaptable for additional functions. Researchers see a possible connection to the Coruna toolkit, initially developed by U.S. defense contractor L3Harris. This toolkit was used by various state actors, including Russian spies, against Ukrainians.

Experts believe Darksword’s creation might involve similar parties as Coruna. Justin Albrecht of Lookout suggested UNC6353 operates with significant resources, possibly acting as a Russian criminal proxy, focusing on financial and intelligence objectives.

Rocky Cole from iVerify noted the campaign targeted any visitors to specific Ukrainian websites, implicating a strategy less about specific individuals and more about widespread data collection opportunities within Ukraine.

Get Camp Lejeune & New River Updates

Essential base alerts, local events, and military news delivered to your inbox

We don’t spam! Read our privacy policy for more info.

More top news
  • Virginia Attorney General Joins Push for Tariff Refunds
    Virginia Attorney General Jay Jones is advocating for Congress to mandate refunds of tariffs imposed under President Donald Trump, after the U.S. Supreme Court invalidated the use of such tariffs. Jones, alongside attorneys general from 16 other states, is calling for legislation to automatically reimburse tariffs collected under the International Emergency Economic Powers Act (IEEPA). This initiative comes after a Supreme Court ruling on February 20 struck down the application of this law for enforcing global tariffs.
  • SC Supreme Court: Amazon Owes Sales Taxes on Third-Party Sales
    The South Carolina Supreme Court ruled Wednesday that Amazon must pay millions in uncollected sales taxes. In a 3-2 decision, the court concluded a long-standing dispute between Amazon and the South Carolina Department of Revenue over tax obligations for third-party sellers on Amazon’s platform. The ruling specifically addresses $12.5 million owed for early 2016, following the end of a sales tax exemption. However, the decision may result in Amazon owing more than $277 million related to other cases, as previously indicated by the state’s department. Amazon argued it was a marketplace provider rather than the seller, suggesting independent sellers were responsible for tax collection. However, the Administrative Law Court, the Court of Appeals, and finally the state Supreme Court found that Amazon’s control over transactions made it liable for tax collection. Justice John Few, joined by Justices Gary Hill and George James, wrote that Amazon’s control over third-party transactions equated to selling, thus requiring tax collection. Chief Justice John Kittredge, dissenting, argued that state law’s ambiguity should favor the taxpayer. Despite Amazon disputing the legal interpretation, it paid the initial $12.5 million, as required to contest the case further. However, the company delayed taxing third-party sales until April 30, 2019. State audits indicate Amazon owes $277.2 million in taxes and interest since April 1, 2016. Revenue Director Hartley Powell expressed satisfaction with the court’s alignment with his department’s stance. “The Supreme Court rightly rejected Amazon’s contention it was not engaged in the business of selling,” Powell stated. Prior to a 2018 U.S. Supreme Court ruling, companies needed a physical presence in a state to mandate tax collection. Amazon, having received a five-year tax exemption from South Carolina in 2010 for job creation, began operations exempt from such taxes. Following the exemption’s expiration, Amazon collected sales taxes only on direct sales, opting to send third-party seller taxes collected to the seller. Many sellers did not remit these taxes. Amazon’s disputes over subsequent bills have been on hold pending this ruling.
  • Fed Holds Rates Steady, Anticipates 2026 Rate Cut
    The Federal Reserve announced on Wednesday that interest rates will remain unchanged in the 3.5% to 3.75% range following its two-day policy meeting. This decision aligns with market expectations. In conjunction with its policy decision, the Fed released its first Summary of Economic Projections (SEP) for 2026, indicating that officials predict one rate cut in that year. Back in December, the Federal Open Market Committee’s median forecast also included a single rate cut for this year.
  • Ukrainian iPhone Users Targeted by Advanced Hacking Group
    A group identified as UNC6353, suspected of having ties to the Russian government, targeted iPhone users in Ukraine with advanced hacking tools, cybersecurity researchers from Google, iVerify, and Lookout revealed. This campaign, related to previous attacks, employs a toolkit named Darksword to access personal data such as passwords, photos, and messages, but avoids persistent surveillance. Darksword’s brief presence on devices indicates a quick operation, likely aimed at understanding the victims’ activities. The toolkit also has features to target cryptocurrency storages, a rarity for government-tied hackers. This suggests potential financial motivations but lacks concrete evidence of interest from the hackers. Darksword was professionally developed, allowing modular applications, making it adaptable for additional functions. Researchers see a possible connection to the Coruna toolkit, initially developed by U.S. defense contractor L3Harris. This toolkit was used by various state actors, including Russian spies, against Ukrainians. Experts believe Darksword’s creation might involve similar parties as Coruna. Justin Albrecht of Lookout suggested UNC6353 operates with significant resources, possibly acting as a Russian criminal proxy, focusing on financial and intelligence objectives. Rocky Cole from iVerify noted the campaign targeted any visitors to specific Ukrainian websites, implicating a strategy less about specific individuals and more about widespread data collection opportunities within Ukraine.
  • Gabbard Reports Iran’s Government Intact Despite Degradation
    Iran’s government remains intact despite facing significant degradation since the conflict began on Feb. 28, according to U.S. Director of National Intelligence Tulsi Gabbard. In her statement to the Senate Intelligence Committee on Worldwide Threats to the United States, she noted that Iran and its allies still have the capacity to attack U.S. and allied interests in the Middle East. The House Intelligence Committee will hold a separate Worldwide Threats hearing on Thursday.