Cybersecurity

Cyber: Spyware-grade Coruna Ios Exploit Kit Now Used In Crypto Theft Attacks

2026-03-04 0 views admin
Cyber: Spyware-grade Coruna Ios Exploit Kit Now Used In Crypto Theft Attacks

A previously undocumented set of 23 iOS exploits named “Coruna” has been deployed by multiple threat actors in targeted espionage campaigns and financially motivated attacks.

The Coruna kit contains five full iOS exploit chains, the most sophisticated leveraging non-public techniques and mitigation bypasses, for iOS versions 13.0 through 17.2.1 (released in December 2023).

Google Threat Intelligence Group (GTIG) researchers first observed activity related to the Coruna exploit kit in February 2025, in activity attributed to a surveillance vendor customer.

At the time, researchers obtained the JavaScript delivery framework along with the exploit for CVE-2024-23222, a WebKit vulnerability that enables remote code execution on iOS 17.2.1. Apple had addressed the flaw in iOS 17.3 on January 22, 2024, after it was exploited in zero-day attacks.

The same obfuscated framework was observed again in summer, when suspected Russian cyberspies tracked as UNC6353 deployed it in watering hole attacks targeting iPhone users visiting compromised Ukrainian websites for ecommerce, industrial equipment and retail tools, and local services.

In late 2025, the exploit kit appeared on various fake Chinese gambling and crypto websites. Google attributes the activity to the financially motivated Chinese threat actor UNC6691.

After obtaining the complete exploit kit in late 2025, GTIG analysts found that it included five full exploit chains using a set of 23 exploits, including:

"The exploits feature extensive documentation, including docstrings and comments authored in native English. The most advanced ones are using non-public exploitation techniques and mitigation bypasses," GTIG researchers say.

Some of the exploits reuse vulnerabilities first identified during Operation Triangulation, which was uncovered in June 2023 by Kaspersky after the cybersecurity firm discovered that several iPhones on its network had been compromised.

The company later discovered that the exploits abused undocumented hardware features in Apple's devices.

Source: BleepingComputer

🏷️ Tags

cybersecuritysecurityvulnerabilitycveattack

More from Cybersecurity

Cyber: Hacker Mass-mails Hungerrush Extortion Emails To Restaurant Patrons

Cyber: Hacker Mass-mails Hungerrush Extortion Emails To Restaurant Patrons

2026-03-04 0
Cyber: Fbi Seizes Leakbase Cybercrime Forum, Data Of 142,000 Members

Cyber: Fbi Seizes Leakbase Cybercrime Forum, Data Of 142,000 Members

2026-03-04 0
Cyber: 149 Hacktivist Ddos Attacks Hit 110 Organizations In 16 Countries...

Cyber: 149 Hacktivist Ddos Attacks Hit 110 Organizations In 16 Countries...

2026-03-04 0
Cyber: Stranger Things Meets Cybersecurity: Lessons From The Hive Mind

Cyber: Stranger Things Meets Cybersecurity: Lessons From The Hive Mind

2026-03-04 0

Trending

1

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

2025-10-27 • 189 views
2

CVE-2025-43939: Dell Unity OS Command Injection (High)

2025-10-30 • 148 views
3

Google disputes false claims of massive Gmail data breach

2025-10-30 • 130 views
4

Microsoft: DNS outage impacts Azure and Microsoft 365 services

2025-10-30 • 88 views
5

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting

2025-11-25 • 81 views