"We found a tool that was very likely developed by a nation state ... very likely developed by or for the U.S. government, that has been on a strange journey through zero day brokers around the world. The hacking tools can be delivered through malicious web content that could fingerprint a target device and deploy tailored code to achieve remote code execution, bypassing key iOS security mitigations."
"The toolkit, dubbed Coruna, contains multiple exploits capable of surreptitiously compromising Apple devices running older versions of iOS. Researchers say the codebase appears as a professionally developed platform, raising concerns that a tool originally built for covert government use may have escaped controlled channels. Both iVerify and Google's Threat Intelligence Group identified five exploit chains leveraging more than 20 vulnerabilities across iOS 13 through 17.2.1."
"The codebase contains extensive inline documentation and explanatory notes written in native-level English. The hacking tools' trail suggests it was first used by Russian intelligence against Ukrainian targets before being adopted by a cybercrime organization to steal cryptocurrency from Chinese-speaking victims."
Coruna is a professional-grade iPhone hacking toolkit containing multiple exploit chains targeting iOS 13 through 17.2.1. Researchers from Google and iVerify identified over 20 vulnerabilities exploited through five distinct chains. The codebase exhibits characteristics suggesting U.S. government origin, including extensive English-language documentation and professional development standards. The toolkit enables remote code execution through malicious web content while bypassing iOS security protections. Evidence indicates the tool first appeared in Russian intelligence operations against Ukrainian targets before being adopted by cybercriminal organizations targeting cryptocurrency theft from Chinese-speaking victims, suggesting the capability escaped controlled government channels.
#iphone-security-vulnerabilities #government-cyber-tools-proliferation #ios-exploitation #espionage-and-cybercrime #zero-day-exploits
Read at Nextgov.com
Unable to calculate read time
Collection
[
|
...
]