Coruna iOS exploit kit moved from spy tool to mass criminal campaign in under a year
Summary
Google researchers have identified the Coruna exploit kit, originally used by a commercial surveillance vendor's customer, which has since been repurposed by a suspected Russian espionage group and then by Chinese cybercriminals. This kit targets iPhones with exploit chains for iOS versions 13.0 through 17.2.1, indicating a growing secondary market for zero-day exploits.
IFF Assessment
The proliferation and repurposing of a sophisticated iOS exploit kit by multiple threat actors, including financially motivated criminals, poses a significant threat to a wide range of iPhone users.
Defender Context
The emergence of a sophisticated iOS exploit kit like Coruna, which is being actively traded and adapted by various threat actors, underscores the need for robust mobile security defenses. Defenders should monitor for emerging iOS vulnerabilities, prioritize timely patching, and implement advanced threat detection mechanisms to identify and mitigate such exploit chains.