Breaking news

Report Links Darksword Toolkit To Attacks On Ukrainian iPhone Users

by THEFUTURE.TEAM

Recent investigations have revealed a sophisticated iPhone hacking campaign orchestrated by a group suspected of having ties to the Russian government. Dubbed Darksword, the new toolkit is engineered to target Ukrainian citizens through compromised websites to extract personal data and potentially siphon cryptocurrency.

New Wave Of Cyber Intrusions

Researchers from Google, along with cybersecurity experts at iVerify and Lookout, have analyzed a campaign executed by the group identified as UNC6353. This operation, leveraging the Darksword toolkit, closely follows earlier revelations in cyberattack trends yet displays distinct operational parameters, notably focusing solely on the Ukrainian region.

Toolkit Capabilities And Operational Design

Darksword is meticulously engineered to harvest a broad array of personal information, including passwords, photos, messaging details from WhatsApp, Telegram, and text messages, as well as browser history. The malware is designed for short-term engagement, infecting devices briefly to exfiltrate data quickly before disappearing. Intriguingly, the toolkit also incorporates features capable of targeting cryptocurrency wallet apps, an unusual addition that hints at either financial motivations or an expanded operational agenda.

State-Sponsored Espionage And Criminal Proxies

The discovery of Darksword reinforces suspicions of state-sponsored cyber operations, mirroring earlier campaigns such as the Coruna toolkit. Originally developed for Western intelligence allies, Coruna’s transition from government use to deployment against Ukrainian targets underscores the blurred line between espionage and cybercrime. As Justin Albrecht, principal security researcher at Lookout, noted, UNC6353 is not only well-funded but also exhibits dual objectives—financial theft and intelligence gathering—in alignment with Russian intelligence imperatives.

Implications For Cybersecurity And The Financial Sector

For Rocky Cole, co-founder of iVerify, the operation appears to adopt a “smash-and-grab” approach, aiming to capture a victim’s digital footprint without necessitating prolonged surveillance. Although definitive evidence that the group prioritized cryptocurrency theft is lacking, the inclusion of such capabilities indicates the toolkit’s versatility and the evolving nature of cyber threats.

This development underscores the critical need for enhanced cybersecurity measures as advanced, state-aligned hacking tools become increasingly prevalent. Both governmental and private sectors must adapt rapidly to fortify defenses in an environment where sophisticated digital threats are a growing reality.

Passkeys Are The Gold Standard For Account Security. So Why Don’t More Major Apps Offer Them?

by THEFUTURE.TEAM

Passkeys are increasingly being promoted as one of the most effective ways to protect online accounts. By reducing reliance on passwords, they help prevent phishing attacks, simplify sign-ins and strengthen account security. Despite those advantages, however, many major digital platforms have yet to adopt the technology.

A Security Upgrade Still Missing At Scale

That gap is the focus of whynopasskeys.com, a new site created by security researcher Scott Helme to highlight companies that have not yet enabled passkeys for their users. The site tracks major consumer brands that continue to rely on older login methods even as passkeys become the industry standard.

Among the services still without passkey support are Instagram, Netflix and Spotify, according to the site’s data.

Why Passkeys Matter

Unlike traditional passwords, passkeys are generated on a user’s device and linked both to that device and to a specific website or application. Authentication can be completed through biometrics such as Face ID or Touch ID, a hardware security key or a password manager.

Because users do not need to create or remember passwords, opportunities for credential theft, phishing attacks and password reuse are significantly reduced. In most cases, gaining access to an account would require direct access to the user’s device.

Public Accountability As A Pressure Tactic

In a blog post explaining the project, Helme said the goal is to create pressure by making the absence of passkey support visible. “A list is a surprisingly effective motivator. Nobody wants to be on the list,” he wrote.

That approach has already worked elsewhere in cybersecurity: when businesses are publicly compared against peers on basic protections, they often move faster to close the gap. In this case, the list is intended to push platforms to give users a stronger and simpler login option.

The Companies Moving Faster

Many large technology companies have already adopted passkeys, including Apple, Google and Microsoft, reflecting the technology’s growing role in account security.

Implementation, however, remains uneven. Instagram users can currently access passkeys only when their account is linked to a Facebook account that already has passkey support enabled, highlighting differences in adoption even within the same company.

The Bigger Business Question

Meta has not publicly explained why passkeys are available on some of its platforms, including Facebook and WhatsApp, but not fully across Instagram.

Debate within the industry is no longer centred on whether passkeys work, but on how quickly companies are willing to deploy them. As phishing, credential theft and account fraud remain persistent cybersecurity challenges, passkeys are increasingly being viewed not as an optional feature but as an emerging security standard.

Uol
The Future Forbes Realty Global Properties
Aretilaw firm
eCredo

Become a Speaker

Become a Speaker

Become a Partner

Subscribe for our weekly newsletter