DarkSword Malware

GTIG identified "DarkSword," a full-chain iOS exploit leveraging six zero-day vulnerabilities (affecting iOS 18.4–18.7) used to install multiple malware families (GHOSTBLADE, GHOSTKNIFE, GHOSTSABER). The chain has been observed in campaigns by commercial surveillance vendors and suspected state-sponsored groups (including UNC6353) across Saudi Arabia, Turkey, Malaysia, and Ukraine; a leaked version has since enabled wider use.