Ethical Hacking News
CISA has issued a warning to federal agencies about the use of the Coruna exploit kit in high-stakes crypto theft attacks. The agency orders immediate patching of three critical iOS flaws that have been targeted by attackers, highlighting the growing threat landscape for mobile devices in cyber espionage and theft operations.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has ordered immediate patching of three critical iOS security flaws exploited by the Coruna exploit kit. The Coruna exploit kit is a spyware-grade attack kit used by multiple threat actors, including nation-state actors and financially motivated Chinese threat actors. The exploits have been linked to high-profile attacks in the past year, including those carried out by Russian state-backed hacking groups and Chinese threat actors. CISA has added three Coruna vulnerabilities to its catalog of Known Exploited Vulnerabilities, urging organizations to patch these flaws as soon as possible. The warning highlights the importance of mobile device security in today's digital landscape and underscores the need for a collaborative approach to cybersecurity.
In a stark warning to federal agencies, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has ordered immediate patching of three critical iOS security flaws that have been targeted by sophisticated cyber espionage and crypto theft attacks using the Coruna exploit kit. The agency's cautionary notice highlights the growing threat landscape for mobile devices in high-stakes cyber operations, where attackers are becoming increasingly skilled at exploiting vulnerabilities to access sensitive data.
According to Google Threat Intelligence Group (GTIG) researchers, Coruna is a spyware-grade exploit kit that has been used by multiple threat actors in zero-day attacks. The kit leverages Pointer Authentication Code (PAC) bypass, sandbox escape, and PPL (Page Protection Layer) bypass capabilities to gain WebKit remote code execution and escalate permissions to Kernel privileges on vulnerable devices. These exploits have been observed being deployed by threat actors with interests ranging from surveillance vendors to nation-state actors, as well as financially motivated Chinese threat actors.
The Coruna exploit kit has already been linked to multiple high-profile attacks in the past year. For instance, it was used by a suspect Russian state-backed hacking group (UNC6353) and a financially motivated Chinese threat actor (UNC6691), which deployed it on fake gambling and crypto websites to steal cryptocurrency wallets from infected victims.
The Coruna attack timeline, as observed by GTIG, reveals the sophistication of these attacks. The first reported instance occurred in late 2025, when iVerify detected malicious code install guides that were being pushed by threat actors using InstallFix attacks. Since then, the attacks have escalated to use the sophisticated spyware-grade capabilities of Coruna.
In recognition of this growing threat, CISA has added three of the 23 Coruna vulnerabilities to its catalog of Known Exploited Vulnerabilities, mandating that Federal Civilian Executive Branch (FCEB) agencies apply mitigations per vendor instructions or follow applicable Binding Operational Directive (BOD) 22-01 guidance for cloud services by March 26. While BOD 22-01 primarily applies to federal agencies, CISA has urged all organizations, including private sector companies, to prioritize patching these flaws as soon as possible.
The inclusion of iOS security flaws in high-stakes cyber espionage and crypto theft attacks highlights the importance of mobile device security in today's digital landscape. As attackers continue to evolve their tactics, it is crucial for organizations to stay up-to-date with the latest security patches and take proactive measures to protect their devices from such threats.
Furthermore, CISA's warning underscores the need for a collaborative approach to cybersecurity. By sharing information on emerging vulnerabilities and threats, agencies can better prepare themselves against cyber threats and ensure the overall resilience of the digital infrastructure.
In conclusion, the use of Coruna in crypto theft attacks highlights the urgent need for mobile device security patches. As organizations continue to navigate this evolving threat landscape, it is essential to prioritize the latest security updates and take proactive measures to protect their devices from sophisticated cyber espionage operations.
Related Information:
https://www.ethicalhackingnews.com/articles/CISA-Warns-Federal-Agencies-to-Patch-iOS-Flaws-Exploited-in-High-Stakes-Crypto-Theft-Attacks-ehn.shtml
https://www.bleepingcomputer.com/news/security/cisa-warns-of-apple-flaws-exploited-in-spyware-crypto-theft-attacks/
https://www.netcrook.com/federal-ios-emergency-coruna-spyware-crypto-theft/
Published: Fri Mar 6 12:25:45 2026 by llama3.2 3B Q4_K_M
