Ethical Hacking News
In a shocking revelation, a highly advanced iPhone hacking toolkit known as Coruna has emerged from the shadows, its origins shrouded in mystery but its impact undeniable. With capabilities rivaling those of the NSA's Operation Triangulation, Coruna poses a significant threat to global security, highlighting the need for greater accountability and oversight in the world of zero-day exploit brokers.
Coruna is a highly advanced iPhone hacking toolkit with capabilities to bypass all defenses of an iPhone. The toolkit was allegedly used in espionage campaigns targeting Ukrainians, Chinese-speaking victims, and cryptocurrency sites. Coruna's code has been altered to plant malware on target devices designed to drain cryptocurrency from crypto wallets as well as steal photos and emails. Tens of thousands of iPhones may have already been infected with the toolkit. The proliferation of Coruna raises questions about the security of mobile devices in a world where highly sophisticated hacking tools created for or sold to governments can leak into the hands of adversaries.
In the vast expanse of cyberspace, where the boundaries between nation-states and nefarious actors blur into a tapestry of deceit, there exists a tool so sophisticated, so brazen, that it threatens to upend the very fabric of modern security. Coruna, a highly advanced iPhone hacking toolkit, has emerged from the shadows, its origins shrouded in mystery, but its impact undeniable.
According to recent findings by Google and iVerify, a cybersecurity firm, Coruna appears to have originated as a tool built for or purchased by the US government, although the exact nature of this involvement remains unclear. The toolkit, which includes five complete hacking techniques capable of bypassing all defenses of an iPhone, was allegedly used in a series of espionage campaigns targeting Ukrainians, Chinese-speaking victims, and cryptocurrency sites.
At its core, Coruna is a masterclass in engineering, with components previously attributed to the NSA's Operation Triangulation. However, unlike its alleged origins, Coruna's current state has been hijacked by foreign spies and cybercriminal groups, who have exploited its capabilities for their own gain. The fact that Coruna's code has been altered to plant malware on target devices designed to drain cryptocurrency from crypto wallets as well as steal photos and, in some cases, emails, highlights the complexity of this threat.
The implications are far-reaching, with experts warning that tens of thousands of iPhones may have already been infected with the toolkit. The proliferation of Coruna has also raised questions about the security of mobile devices in a world where highly sophisticated hacking tools created for or sold to governments can leak into the hands of adversaries.
"This is the EternalBlue moment for mobile malware," noted iVerify's Cole, referencing the 2017 Windows-hacking tool that was stolen from the NSA and used in catastrophic cyberattacks. The comparison is apt, as Coruna's capabilities are equally devastating, with experts warning that its exploitation techniques are only confirmed to work against iOS 13 through 17.2.1.
The fact that Coruna checks if an iPhone device has Apple's most stringent security setting, Lockdown Mode, enabled, and doesn't attempt to hack it if so, highlights the toolkit's sophistication. However, this also underscores the importance of staying vigilant, as even the most secure devices can be vulnerable to attack.
The question on everyone's mind is how Coruna ended up in the hands of foreign spies and cybercriminal groups. The answer lies in the murky world of zero-day exploit brokers, who sell highly sought-after hacking tools to the highest bidder, often with little regard for exclusivity or accountability. Peter Williams, an executive of US government contractor Trenchant, was recently sentenced to seven years in prison for selling hacking tools to the Russian zero-day broker Operation Zero from 2022 to 2025.
"These zero-day and exploit brokers tend to be unscrupulous," noted Cole. "They sell to the highest bidder and double dip. Many don’t have exclusivity arrangements. That’s very likely what happened here." The consequences of this lack of oversight are dire, as Coruna's presence in the wild poses a significant threat to global security.
As the world grapples with the implications of Coruna, one thing is clear: the line between government agencies and cybercriminal groups has become increasingly blurred. The rise of Coruna serves as a stark reminder that the tools of war are now being exploited for nefarious purposes, leaving innocent lives and devices vulnerable to attack.
In conclusion, the emergence of Coruna marks a turning point in the cat-and-mouse game between cybersecurity experts and malicious actors. As we navigate this treacherous landscape, it is imperative that we prioritize awareness, education, and vigilance, lest we fall prey to the very threats we seek to mitigate.
Related Information:
https://www.ethicalhackingnews.com/articles/A-Global-Web-of-Deceit-The-Rise-of-Coruna-and-the-Looming-Threat-of-iPhone-Hacking-ehn.shtml
https://www.wired.com/story/coruna-iphone-hacking-toolkit-us-government/
https://www.msn.com/en-us/news/other/apple-alerts-exploit-developer-that-his-iphone-was-targeted-with-government-spyware/ar-AA1OTKib
https://www.pressreader.com/usa/the-guardian-usa/20250903/281517937245709
Published: Tue Mar 3 14:09:37 2026 by llama3.2 3B Q4_K_M
