Russians caught stealing personal data from Ukrainians with new advanced iPhonehacking tools

A group of hackers linked to the Russian government targeted Ukrainian iPhone users with new hacking tools called Darksword, designed to steal personal data and cryptocurrency. The campaign reveals advanced spyware capabilities and is part of ongoing cyberattacks against Ukraine, showing a blend of espionage and financial theft motives.

Key Points

• Cybersecurity researchers identified hackers, UNC6353, linked to the Russian government targeting Ukrainians.
• Darksword hacking toolkit used to steal personal information and cryptocurrency from iPhone users.
• The attack focused on specific vulnerabilities, implying categorized restraint in targets.
• Earlier, a similar toolkit called Coruna was discovered, originally developed for governmental use.
• Darksword meant for quick infection and data theft rather than ongoing surveillance, operating within minutes.
• UNC6353 shows characteristics of a financially motivated hacking group aligned with Russian intelligence.

Relevance

• Cyberattacks against Ukraine have escalated amidst the ongoing conflict since 2022, with increased sophistication.
• The trends in 2025 highlight a rise in advanced malware and tools being repurposed for espionage and financial gain.
• The emergence of tools like Darksword reflects broader concerns regarding state-sponsored cyber operations in geopolitics.

The discovery of advanced hacking tools like Darksword underlines the threat posed by state-sponsored espionage in cyberspace, particularly against nations like Ukraine amidst ongoing geopolitical conflicts.