Ethical Hacking News
CISA has ordered U.S. government agencies to patch three iOS vulnerabilities targeted in cryptocurrency theft and cyberespionage attacks using the DarkSword exploit kit. The agency is urging all U.S. government agencies, as well as private sector organizations, to prioritize securing their devices against these flaws as soon as possible. This move comes after researchers discovered that the DarkSword framework was being used in recent attacks.
CISA has ordered U.S. government agencies to patch three iOS vulnerabilities targeted by the DarkSword exploit kit. The DarkSword framework uses six vulnerabilities to attack its victims, allowing attackers to escape sandboxes and gain remote code execution on unpatched iPhones. Only iPhones running iOS 18.4 through 18.7 are still vulnerable to exploitation by DarkSword. DarkSword was linked to multiple threat groups, including UNC6748 and a suspected Russian espionage group. The incident highlights the ongoing threat posed by malware and exploits to mobile devices and the importance of keeping devices up-to-date with the latest security patches.
CISA, or the Cybersecurity and Infrastructure Security Agency, has ordered U.S. government agencies to patch three iOS vulnerabilities targeted by the DarkSword exploit kit. This move comes after researchers discovered that the DarkSword framework was being used in cryptocurrency theft and cyberespionage attacks.
The DarkSword framework is a delivery platform for malware, and it uses six vulnerabilities tracked as CVE-2025-31277, CVE-2025-43510, CVE-2025-43520, CVE-2026-20700, CVE-2025-14174, and CVE-2025-43529 to attack its victims. These vulnerabilities allow attackers to escape sandboxes, escalate privileges, and gain remote code execution on unpatched iPhones.
However, Apple has already patched these vulnerabilities in the latest iOS releases, which means that only iPhones running iOS 18.4 through 18.7 are still vulnerable to exploitation by DarkSword. The agency is urging all U.S. government agencies to patch these vulnerabilities as soon as possible.
DarkSword was also linked to multiple threat groups, including UNC6748, a customer of Turkish commercial surveillance vendor PARS Defense, and a suspected Russian espionage group tracked as UNC6353. In these attacks, researchers observed three separate information-theft malware families dropped on victims' devices: a very aggressive JavaScript infostealer named GhostBlade, the GhostKnife backdoor that can exfiltrate large swaths of data, and the GhostSaber JavaScript that executes code and also steals victims' data.
One of the most significant observations was made by Google Threat Intelligence Group (GTIG), which discovered that UNC6353 deployed both the DarkSword and Coruna iOS exploit kits in watering-hole attacks targeting iPhone users visiting compromised Ukrainian websites of e-commerce, industrial equipment, and local services organizations. These attacks are particularly notable because they demonstrate how threat actors can use sophisticated techniques to compromise iPhones running even the latest software versions.
The incident highlights the ongoing threat posed by malware and exploits to mobile devices. It also underscores the importance of keeping devices up-to-date with the latest security patches. In this case, Apple's timely patching of these vulnerabilities may have prevented some attacks from succeeding, but it's essential for U.S. government agencies to take proactive steps to secure their devices against such threats.
Furthermore, CISA is urging all defenders, including those working for private sector companies, to prioritize securing their organizations' devices against these flaws as soon as possible. This order applies not only to federal agencies but also to other organizations that handle sensitive data and may be targeted by such attacks.
The incident is a sobering reminder of the evolving threat landscape in mobile cybersecurity. As new vulnerabilities are discovered and exploits emerge, it's essential for organizations and individuals to stay vigilant and take proactive measures to protect themselves against these threats.
In conclusion, CISA's order to patch DarkSword iOS vulnerabilities exploited in cryptocurrency theft and cyberespionage attacks is a timely reminder of the ongoing threat posed by malware and exploits. As U.S. government agencies and private sector organizations work together to enhance mobile security, it's essential to stay informed about emerging threats and take proactive measures to protect devices against such attacks.
Related Information:
https://www.ethicalhackingnews.com/articles/CISA-Urges-US-Government-Agencies-to-Patch-DarkSword-iOS-Vulnerabilities-Exploited-in-Cryptocurrency-Theft-and-Cyberespionage-Attacks-ehn.shtml
https://www.bleepingcomputer.com/news/security/cisa-orders-feds-to-patch-darksword-ios-flaws-exploited-attacks/
https://cyberpress.org/apple-flaws-darksword-ios-attack-chain/
https://nvd.nist.gov/vuln/detail/CVE-2025-31277
https://www.cvedetails.com/cve/CVE-2025-31277/
https://nvd.nist.gov/vuln/detail/CVE-2025-43510
https://www.cvedetails.com/cve/CVE-2025-43510/
https://nvd.nist.gov/vuln/detail/CVE-2025-43520
https://www.cvedetails.com/cve/CVE-2025-43520/
https://nvd.nist.gov/vuln/detail/CVE-2026-20700
https://www.cvedetails.com/cve/CVE-2026-20700/
https://nvd.nist.gov/vuln/detail/CVE-2025-14174
https://www.cvedetails.com/cve/CVE-2025-14174/
https://nvd.nist.gov/vuln/detail/CVE-2025-43529
https://www.cvedetails.com/cve/CVE-2025-43529/
Published: Mon Mar 23 04:18:28 2026 by llama3.2 3B Q4_K_M
