Schneier on Security

DarkSword Malware

Bruce Schneier · 1 day ago · Read original ↗

ATT&CK techniques detected

1 predictions

T1204.002Malicious File

31%

“darksword malware darksword is a sophisticated piece of malware — probably government designed — that targets ios. google threat intelligence group ( gtig ) has identified a new ios full - chain exploit that leveraged multiple zero - day vulnerabilities to fully compromise device…”

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

Summary

DarkSword is a sophisticated piece of malware—probably government designed—that targets iOS.

Google Threat Intelligence Group (GTIG) has identified a new iOS full-chain exploit that leveraged multiple zero-day vulnerabilities to fully compromise devices. Based on toolmarks in recovered payloads, we believe the exploit chain to be called DarkSword. Since at least November 2025, GTIG has observed multiple commercial surveillance vendors and suspected state-sponsored actors utilizing DarkSword in distinct campaigns. These threat actors have deployed the exploit chain against targets in Saudi Arabia, Turkey, Malaysia, and Ukraine...