A suite of government hacking tools targeting iPhones is now being used bycybercriminals

Security researchers report that a hacking toolkit named Coruna, initially devised for government use, has been leaked and is now utilized by cybercriminals to exploit iPhones running older software. The toolkit can compromise devices via multiple vulnerabilities, raising concerns about the transfer of government hacking tools into malicious hands.

Key Points

• The Coruna exploit kit, discovered by Google in February 2025, was initially aimed at government surveillance.
• It has since been used in large-scale attacks against Ukrainian users and by cybercriminals in China.
• Google researchers warn of a growing market for secondhand exploits, which can end up with financially motivated hackers.
• iVerify linked the toolkit to the U.S. government, suggesting a leak of sophisticated governmental hacks.
• The Coruna kit can compromise devices through malicious websites, affecting iPhones running iOS 13 to 17.2.1.
• Past incidents show that leaked government tools can lead to widespread abuse by malicious actors, as seen with the 2017 EternalBlue exploit.

Relevance

• The leak of hacking tools echoes past events, such as the 2017 NSA leak of EternalBlue, which was later used in widespread attacks.
• The increasing sophistication and availability of hacking tools for cybercriminals reflect growing concerns in cybersecurity industries.
• The evolving landscape of cybersecurity emphasizes the risks related to government hacking frameworks and their potential misuse.

The emergence of the Coruna toolkit highlights the critical dangers posed by leaked government-hacking tools, revealing vulnerabilities within the mobile security landscape and underscoring the necessity for tighter controls over exploit dissemination.