• Home
  • News
    • Global Operations
      • Asia
      • Africa
      • Europe
      • Latin America
      • Middle East
      • North America
    • Industry
      • Asia
      • Africa
      • Europe
      • Latin America
      • Middle East
      • North America
      • Oceana
    • Special Interest
      • Asia
      • Africa
      • Europe
      • Latin America
      • Middle East
      • North America
      • Oceana
  • Market
    • Wired to Win
    • SOFX.NET
  • Intelligence
    • USMC Deception Manual
  • Resources
    • Contact Us
    • About Us
    • Editorial Policy
    • Privacy Policy
  • Home
  • News
    • Global Operations
      • Asia
      • Africa
      • Europe
      • Latin America
      • Middle East
      • North America
    • Industry
      • Asia
      • Africa
      • Europe
      • Latin America
      • Middle East
      • North America
      • Oceana
    • Special Interest
      • Asia
      • Africa
      • Europe
      • Latin America
      • Middle East
      • North America
      • Oceana
  • Market
    • Wired to Win
    • SOFX.NET
  • Intelligence
    • USMC Deception Manual
  • Resources
    • Contact Us
    • About Us
    • Editorial Policy
    • Privacy Policy
Login
Join Free
Home
Asia
Africa
Europe
Latin America
Middle East
North America
Asia
Africa
Europe
Latin America
Middle East
North America
Asia
Africa
Europe
Latin America
Middle East
North America
Coming Soon
Job Board
Events
Contact Awards
USMC Deception Manual
Login
Join Free
Home Global Operations

Suspected U.S. Government iOS Exploit Kit Now in Hands of Cybercriminals Worldwide

  • SOFX Staff Writer
  • March 6, 2026
(Cesare Andrea Ferrari / Shutterstock.com)
Share on FacebookShare on TwitterLinkedIn

A powerful iPhone hacking toolkit containing 23 exploits across five full attack chains has spread from a suspected U.S. government origin to Russian state hackers and Chinese cybercriminals over the past year, according to research published by Google Threat Intelligence Group.

The toolkit, internally named Coruna, represents the first documented mass-scale exploitation campaign against iOS devices. iVerify chief product officer Spencer Parker said the attacks have compromised at least 42,000 iPhones. Co-founder Rocky Cole compared the proliferation to “an EternalBlue moment,” referencing the National Security Agency (NSA) exploit that escaped U.S. control and powered the global WannaCry ransomware attacks in 2017.

Google first captured parts of the exploit kit in February 2025 during an attack by a customer of a commercial surveillance vendor. By summer 2025, the same framework appeared in watering hole attacks, a technique where hackers compromise legitimate websites to infect visitors, targeting Ukrainian sites. Google attributed that campaign to suspected Russian espionage group UNC6353.

By December, a financially motivated Chinese threat actor tracked as UNC6691 deployed the kit across fake cryptocurrency exchange websites with no geographic targeting restrictions.

The kit targets iPhones running iOS versions 13 through 17.2.1. Any user visiting a compromised website on a vulnerable device could be infected.

According to CyberScoop, iVerify assessed that the exploit kit bears hallmarks of U.S. government development. Cole said the code was “elegantly written” with comments from native English speakers that reflected U.S. defense industry culture.

Several Coruna vulnerabilities overlap with those used in Operation Triangulation, a 2023 campaign that Russian cybersecurity firm Kaspersky discovered targeting its own employees. Russia’s Federal Security Service attributed that operation to the NSA at the time.

Google stated the proliferation “suggests an active market for ‘second hand’ zero-day exploits.”

Apple collaborated with Google on the research. Users running current iOS versions are protected. Google recommends enabling Lockdown Mode, an Apple security feature that restricts device functionality to block sophisticated attacks, on devices that cannot be updated.

SOFX Staff Writer

SOFX Staff Writer

The Editor Staff at SOFX comprises a diverse, global team of dedicated staff writers and skilled freelancers. Together, they form the backbone of our reporting and content creation.

Subscribe
Login
Notify of
guest
guest
0 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
ADVERTISEMENT

Trending News

Air Force Releases Unprecedented B-21 Raider Photos Mid-Refueling

Air Force Releases Unprecedented B-21 Raider Photos Mid-Refueling

by SOFX Staff Writer
April 16, 2026
0

The U.S. Air Force has released the first overhead images of the B-21 Raider, offering a rare top-down view of...

Fairfield Neighbor Who Stormed Home as Fictional Wizard Faces Felony Charges in Court Today

Fairfield Neighbor Who Stormed Home as Fictional Wizard Faces Felony Charges in Court Today

by SOFX Staff Writer
April 13, 2026
4

Jason Thomas Nichols, 30, of Fairfield, California, was arrested April 7, 2026, after forcing his way into a neighbor's home...

Nuclear Contractor Vanishes in Albuquerque, Becoming 10th Defense Expert to Die or Disappear as White House Vows Review

Nuclear Contractor Vanishes in Albuquerque, Becoming 10th Defense Expert to Die or Disappear as White House Vows Review

by SOFX Staff Writer
April 16, 2026
0

A government contractor with top security clearance at one of the nation's primary nuclear weapons production facilities disappeared from Albuquerque,...

Ukraine Claims First-Ever Capture of Russian Position Using Drones and Ground Robots

Ukraine Claims First-Ever Capture of Russian Position Using Drones and Ground Robots

by SOFX Staff Writer
April 14, 2026
1

For the first time, Ukrainian forces have captured a Russian position using only drones and unmanned ground vehicles (UGVs), President...

ADVERTISEMENT
ADVERTISEMENT
Next Post

U.S. Court Sentences Yakuza Boss to 20 Years for Plotting to Sell Weapons-Grade Plutonium to Iran

U.S. Court Sentences Yakuza Boss to 20 Years for Plotting to Sell Weapons-Grade Plutonium to Iran

Gulf Air Defense Stockpiles Strained as Washington Deflects Resupply Requests

997 Morrison Dr. Suite 200, Charleston, SC 29403

News

  • Global Operations
  • Special Interest
  • Industry
  • Global Operations
  • Special Interest
  • Industry

Resources

  • About Us
  • Contact Us
  • Advertise with Us
  • Editorial Policy
  • Privacy Policy
  • About Us
  • Contact Us
  • Advertise with Us
  • Editorial Policy
  • Privacy Policy
No Result
View All Result
  • Home
  • News
    • Global Operations
      • Asia
      • Africa
      • Europe
      • Latin America
      • Middle East
      • North America
    • Industry
      • Asia
      • Africa
      • Europe
      • Latin America
      • Middle East
      • North America
      • Oceana
    • Special Interest
      • Asia
      • Africa
      • Europe
      • Latin America
      • Middle East
      • North America
      • Oceana
  • Market
    • Wired to Win
    • SOFX.NET
  • Intelligence
    • USMC Deception Manual
  • Resources
    • Contact Us
    • About Us
    • Editorial Policy
    • Privacy Policy
Subscribe
This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.

Log in to your account

Lost your password?
wpDiscuz