好的,我现在需要帮用户总结一篇文章的内容,控制在100字以内,并且直接描述内容,不需要特定的开头。首先,我得仔细阅读这篇文章,了解主要信息。 文章讲的是一个名为UNC6353的黑客组织,他们被怀疑与俄罗斯政府有关联。他们针对乌克兰的iPhone用户开发了一种名为Darksword的新工具包。这个工具包可以窃取个人数据,包括密码、照片、消息和浏览器历史记录。此外,它还能从加密货币钱包中窃取资金。 接下来,我需要提取关键点:黑客组织、目标国家、使用的工具、窃取的数据类型以及可能的动机。然后将这些信息浓缩成一句话或几句话,确保不超过100字。 还要注意不要使用“文章内容总结”之类的开头词,直接进入描述。可能的结构是:黑客组织名称、目标、工具名称、窃取的数据和动机。 最后检查字数是否符合要求,并确保信息准确无误。 </think> 俄罗斯相关黑客组织UNC6353利用名为Darksword的新工具包针对乌克兰iPhone用户进行攻击,窃取个人数据和加密货币。 2026-3-18 14:48:38 Author: techcrunch.com(查看原文) 阅读量:3 收藏
A group of hackers suspected of working at least in part for the Russian government targeted iPhone users in Ukraine with a new set of hacking tools designed to steal their personal data, as well as potentially steal cryptocurrency, according to cybersecurity researchers.
Researchers at Google and security firms iVerify and Lookout analyzed new cyberattacks against Ukrainians which were launched by a group identified only as UNC6353. The researchers looked at compromised websites in a hacking campaign that, they say, is related to one uncovered earlier this month. This most recent campaign used a hacking toolkit the companies called Darksword.
The discovery of Darksword, which follows that of a similar hacking toolkit, suggests that advanced, stealthy, and powerful spyware for iPhones may not be as rare as previously thought. Even then, Darksword only targeted users in Ukraine, implying some restraint in what could have otherwise been a widescale hacking campaign targeting users worldwide.
In early March, Google revealed details of a sophisticated iPhone-hacking toolkit called Coruna. The search giant said that the tool was used first by a government customer of a surveillance tech vendor, then by Russian spies targeting Ukrainians, and finally Chinese cybercriminals looking to steal cryptocurrency. As TechCrunch later revealed, the hacking toolkit was originally developed at U.S. defense contractor L3Harris, in particular by its hacking and surveillance tech department Trenchant.
Coruna was originally designed for use by Western governments, in particular those part of the so-called Five Eyes intelligence alliance, consisting of Australia, Canada, New Zealand, the United States, and the United Kingdom, according to former L3Harris employees with knowledge of the company’s iPhone hacking tools.
Now, researchers said they uncovered a related campaign using more recent hacking tools exploiting different vulnerabilities.
The Darksword toolkit, according to the researchers, was built to steal personal information such as passwords; photos; WhatsApp, Telegram, and text messages; and browser history. Interestingly, Darksword was not designed for persistent surveillance, but rather to infect victims, steal information, and quickly disappear.
Contact Us
Do you have more information about Darksword, Coruna, or other government hacking and spyware tools? From a non-work device, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram, Keybase and Wire @lorenzofb, or by email.
Darksword’s “dwell time on the device is likely in the range of minutes, depending on the amount of data it discovers and exfiltrates,” Lookout researchers wrote.
For Rocky Cole, the co-founder of iVerify, the most likely explanation is that the hackers were interested in learning about the victims’ pattern of life, which didn’t require them to do constant surveillance, but rather a smash-and-grab operation.
Darksword was also designed to steal cryptocurrency from popular wallet apps, something that is unusual for a suspected government hacking group.
“This may indicate that this threat actor is financially motivated, or alternatively it may indicate that this (likely) Russian state-aligned activity has expanded into financial theft targeting mobile devices,” Lookout wrote in its report.
But, Cole told TechCrunch, there is no evidence that the Russian hacking group actually cared about stealing crypto, only that the malware could have been used for that.
The malware was professionally developed to be modular and to make it easy to add new functionality, something that shows it was professionally designed, according to Lookout. Cole said he believes it’s possible that the same person who sold Coruna to the Russian government hacking group also sold Darksword.
In terms of who was behind Darksword, for Cole “all signs point to the Russian government,” while Lookout said it’s the same group that used Coruna against Ukrainians, also a suspected Russian government group.
“UNC6353 is a well-funded and connected threat actor conducting attacks for financial gain and espionage in alignment with Russian intelligence requirements,” Justin Albrecht, principal security researcher at Lookout, told TechCrunch. “We believe that a case can be made that UNC6363 is potentially a Russian criminal proxy, given the dual goals of financial theft and intelligence collection.”
As for victims, Cole said that the malware was designed to infect anyone visiting certain Ukrainian websites, as long as they were visiting them from within Ukraine, so it wasn’t a particularly targeted campaign.
Lorenzo Franceschi-Bicchierai is a Senior Writer at TechCrunch, where he covers hacking, cybersecurity, surveillance, and privacy.
You can contact or verify outreach from Lorenzo by emailing [email protected], via encrypted message at +1 917 257 1382 on Signal, and @lorenzofb on Keybase/Telegram.
如有侵权请联系:admin#unsafe.sh