"Coruna is powerful and sophisticated in both purpose and design. But it is not effective against the latest versions of iOS. The easiest defense is to ensure your iPhone is running iOS 17.3 or newer. In instances where an update is not possible, it is recommended that Lockdown Mode be enabled for enhanced security."
"GTIG says its technical value lies in the more advanced exploits using non-public exploitation techniques and mitigation bypasses. iVerify adds that this is the first time mass exploitation against iOS devices has been observed in the public. It describes Coruna as a nation-state grade iOS exploit kit now also in the hands of mass-scale criminal operations."
"GTIG's longer period of tracking confirms sightings initially from a customer of a commercial surveillance vendor, subsequent use of the same kit in watering hole attacks by UNC6353 (a suspected Russian state-sponsored espionage group) against Ukrainian users; and later in a wider campaign by UNC6691 (a financially motivated criminal group operating out of China)."
Coruna is a nation-state grade iOS exploit kit containing 23 exploits organized into five full exploit chains targeting iOS versions 13 through 17.2.1. Discovered independently by Google Threat Intelligence Group and iVerify in February 2025, the kit employs advanced, non-public exploitation techniques and mitigation bypasses. Originally used by Russian state-sponsored group UNC6353 against Ukrainian users, Coruna subsequently spread to financially motivated Chinese criminal group UNC6691 for mass-scale operations. This marks the first observed instance of mass exploitation against iOS devices. The kit is ineffective against iOS 17.3 and newer versions, and Lockdown Mode provides additional protection by causing the exploit to abort execution.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]