Feed: Slashdot
Feed Link: https://slashdot.org/
---

Title: A Possible US Government iPhone-Hacking Toolkit Is Now In the Hands of
Foreign Spies, Criminals

Link: https://apple.slashdot.org/story/26/03/03/204...

Security researchers say a highly sophisticated iPhone exploitation toolkit
dubbed "Coruna," which possibly originated from a U.S. government contractor,
has spread from suspected Russian espionage operations to crypto-stealing
criminal campaigns. Apple has patched the exploited vulnerabilities in newer
iOS versions, but tens of thousands of devices may have already been
compromised. An anonymous reader quotes an excerpt from Wired's report:
Security researchers at Google on Tuesday released a report describing what
they're calling "Coruna," a highly sophisticated iPhone hacking toolkit that
includes five complete hacking techniques capable of bypassing all the
defenses of an iPhone to silently install malware on a device when it visits
a website containing the exploitation code. In total, Coruna takes advantage
of 23 distinct vulnerabilities in iOS, a rare collection of hacking
components that suggests it was created by a well-resourced, likely state-
sponsored group of hackers. In fact, Google traces components of Coruna to
hacking techniques it spotted in use in February of last year and attributed
to what it describes only as a "customer of a surveillance company." Then,
five months later, Google says a more complete version of Coruna reappeared
in what appears to have been an espionage campaign carried out by a suspected
Russian spy group, which hid the hacking code in a common visitor-counting
component of Ukrainian websites. Finally, Google spotted Coruna in use yet
again in what seems to have been a purely profit-focused hacking campaign,
infecting Chinese-language crypto and gambling sites to deliver malware that
steals victims cryptocurrency. Conspicuously absent from Google's report is
any mention of who the original surveillance company "customer" that deployed
Coruna may have been. But the mobile security company iVerify, which also
analyzed a version of Coruna it obtained from one of the infected Chinese
sites, suggests the code may well have started life as a hacking kit built
for or purchased by the US government. Google and iVerify both note that
Coruna contains multiple components previously used in a hacking operation
known as "Triangulation" that was discovered targeting Russian cybersecurity
firm Kaspersky in 2023, which the Russian government claimed was the work of
the NSA. (The US government didn't respond to Russia's claim.) Coruna's code
also appears to have been originally written by English-speaking coders,
notes iVerify's cofounder Rocky Cole. "It's highly sophisticated, took
millions of dollars to develop, and it bears the hallmarks of other modules
that have been publicly attributed to the US government," Cole tells WIRED.
"This is the first example we've seen of very likely US government tools --
based on what the code is telling us -- spinning out of control and being
used by both our adversaries and cybercriminal groups." Regardless of
Coruna's origin, Google warns that a highly valuable and rare hacking toolkit
appears to have traveled through a series of unlikely hands, and now exists
in the wild where it could still be adopted -- or adapted -- by any hacker
group seeking to target iPhone users. "How this proliferation occurred is
unclear, but suggests an active market for 'second hand' zero-day exploits,"
Google's report reads. "Beyond these identified exploits, multiple threat
actors have now acquired advanced exploitation techniques that can be re-used
and modified with newly identified vulnerabilities."

Read more of this story at Slashdot.

---
VRSS v2.1.180528