"How this proliferation occurred is unclear, but suggests an active market for 'second hand' zero-day exploits. Beyond these identified exploits, multiple threat actors have now acquired advanced exploitation techniques that can be re-used and modified with newly identified vulnerabilities."
"We retrieved all the obfuscated exploits, including ending payloads. Upon further analysis, we noticed an instance where the actor deployed the debug version of the exploit kit, leaving in the clear all of the exploits, including their internal code names. That's when we learned that the exploit kit was likely named Coruna internally."
"The exploit kit is able to target various iPhone models running iOS version 13.0 (released in September 2019) up to version 17.2.1 (released in December 2023)."
Coruna is an iOS exploit kit detected by Google being used by three distinct hacking groups: a surveillance vendor customer, a suspected Russian espionage group targeting Ukrainians, and a financially motivated Chinese threat actor. The kit contains 23 exploits targeting various iPhone models running iOS versions 13.0 through 17.2.1. Google researchers recovered the complete exploit kit in December, including obfuscated code and a debug version that revealed internal code names and exploit details. The proliferation of Coruna suggests an active secondary market for zero-day exploits, with threat actors acquiring and reusing advanced exploitation techniques. CISA has added three related CVEs to its catalog and directed agencies to apply vendor mitigations.
Read at Ars Technica
Unable to calculate read time
Collection
[
|
...
]