Google researchers uncovered Coruna, an exploit kit targeting iPhones from iOS 13 to 17.2.1, used by Russian espionage and Chinese hackers.
Discovery of Coruna Exploit Kit
Google's security researchers recently identified a sophisticated suite of hacking tools, dubbed Coruna, which can compromise iPhones running older software. Initially spotted in February 2025, the exploit kit was first detected during a surveillance vendor's attempt to hack into a phone for a government customer. Over the following months, the same exploit kit was found targeting Ukrainian users as part of a broad-scale campaign by a Russian espionage group, and later used by financially motivated hackers in China.
Scope and Impact of Coruna
Coruna can hack into an iPhone through a series of five different methods, leveraging 23 separate vulnerabilities. The tools are potent enough to bypass an iPhone's defenses merely by visiting a malicious website containing the exploit code. Affected devices range from iPhone models running iOS 13 up to 17.2.1, which was released in December 2023. TechCrunch reported that Coruna includes components from a previous hacking campaign known as Operation Triangulation. In 2023, Russian cybersecurity firm Kaspersky alleged that the U.S. government attempted to hack iPhones belonging to its employees.
Leaks and Proliferation of Exploits
The discovery highlights the risk of leaks and the potential misuse of tools intended for government use. Leaks of hacking tools, while rare, are not unprecedented. In 2017, the U.S. National Security Agency discovered that tools it had developed to hack into Windows computers worldwide had been stolen. The Windows back door, known as EternalBlue, was later published and used in the 2017 WannaCry ransomware attack by North Korea. Additionally, in a recent case, Peter Williams, the former head of the U.S. defense contractor L3Harris Trenchant, was sentenced to over seven years in prison for stealing and selling eight exploits to a Russian government-affiliated broker. At least one exploit was sold to a South Korean broker.
Widespread Use and Market for Secondhand Exploits
Google security researchers warn of an emerging market for "secondhand" exploits, sold to hackers motivated by financial gain. The more widespread the use of such tools, the greater the likelihood of a leak. Mobile security company iVerify obtained and reverse-engineered the Coruna hacking tools, linking it to the U.S. government based on similarities to previously attributed hacking tools. However, iVerify emphasizes that while there is evidence linking the tools to the U.S. government, this should not overshadow the fact that these tools will inevitably be misused by bad actors.
Conclusion
The identification of Coruna underscores the potential for state-sponsored hacking tools to fall into the wrong hands and be exploited by cybercriminals. The tools' ability to bypass iPhone defenses through a "watering hole" attack and their broad compatibility with various iPhone models pose significant security risks. As the tech ecosystem continues to evolve, the threat of leaks and misuse of such powerful hacking tools remains a critical concern for cybersecurity professionals and policymakers alike.
Source: Read Original Article
Post a Comment