tr-26-084-001 - X-Industry - Red Sky Alliance

A new iOS exploit chain and payload called ‘DarkSword’ is stealing sensitive personal information from iPhones running iOS 18.4 to 18.7. The toolkit is linked to multiple threat actors, including Russian-aligned UNC6353, who previously leveraged a similar exploit chain called Coruna. DarkSword was subsequently uncovered while various researchers analyzed Coruna’s infrastructure.

In early November 2025, NC6748 used DarkSword against Saudi Arabian users via a Snapchat-themed website. Subsequentl

tr-26-084-001 (1)

DarkSword Steals on iPhones

Note: this page contains paid content.