THREAT OPS › Threat News › The Proliferation of DarkSword: iOS Exploit Chain Adopted by Multiple Threat Actors
The Proliferation of DarkSword: iOS Exploit Chain Adopted by Multiple Threat Actors
<div class="block-paragraph_advanced"><h3><span style="vertical-align: baseline;">Introduction</span><strong style="vertical-align: baseline;"> </strong></h3> <p><span style="vertical-align: baseline;">Google Threat Intelligence Group (GTIG) has identified a new iOS full-chain exploit that leveraged multiple zero-day vulnerabilities to fully compromise devices. Based on toolmarks in recovered payl
MITRE ATT&CK techniques
Indicators of compromise
- bd631d6c4cec1759bc298b8da180d9ed1d7d89475376bc614176c3541460f40csha256
- 2e5a56beb63f21d9347310412ae6efb29fd3db2d3a3fc0798865a29a3c578d35sha256
- CVE-2025-31277cve
- CVE-2026-20700cve
- CVE-2025-43529cve
- CVE-2025-14174cve
- CVE-2025-43510cve
- CVE-2025-43520cve
- https://www.lookout.com/blog/darkswordurl
- https://iverify.io/blog/darksword-ios-exploit-kit-explainedurl
- https://snapshare.chat/<redacted>url
- https://<redacted>url
- https://projectzero.google/2023/10/an-analysis-of-an-in-the-wild-ios-safari-sandbox-escape.htmlurl
- https://www.gov.uk/government/publications/the-pall-mall-process-declaration-tackling-proliferation-and-irresponsible-use-of-commercial-cyber-intrusion-capabilitiesurl
- https://www.federalregister.gov/documents/2023/03/30/2023-06730/prohibition-on-use-by-the-united-states-government-of-commercial-spyware-that-poses-risks-tourl
- https://2021-2025.state.gov/joint-statement-on-efforts-to-counter-the-proliferation-and-misuse-of-commercial-spyware/url
- http://projectzero.google/url
- https://www.virustotal.com/gui/collection/bd631d6c4cec1759bc298b8da180d9ed1d7d89475376bc614176c3541460f40c/summaryurl
- 62.72.21.10ipv4
- 72.60.98.48ipv4
- static.cdncounter.netdomain
- systemgroup.comdomain
- sahibndn.iodomain
- e5.malaymoil.comdomain
- sqwas.shapelie.comdomain