A shocking revelation has emerged, highlighting the potential risks of highly advanced hacking tools. The powerful iPhone-hacking toolkit, Coruna, has taken a disturbing path, raising concerns about its origins and its potential impact on global cybersecurity.
Coruna, a sophisticated hacking toolkit, has been linked to multiple mass exploitation campaigns, targeting iOS users indiscriminately. Initially, it was believed to be in the hands of Russian spies, but its journey has taken an unexpected turn. Security researchers at Google have traced its path from Russian espionage to a cybercriminal operation targeting Chinese-speaking victims.
But here's where it gets controversial: there are indications that Coruna may have been originally created by a US contractor and sold to the American government. This revelation has sparked a debate about the security of mobile devices and the potential consequences of such advanced hacking tools falling into the wrong hands.
Google's report describes Coruna as a highly sophisticated toolkit, capable of bypassing all iPhone defenses and silently installing malware. It exploits a rare collection of 23 vulnerabilities in iOS, suggesting a well-resourced and state-sponsored hacking group. The toolkit's components have been linked to a previous hacking operation, 'Triangulation', which the Russian government attributed to the NSA.
iVerify, a mobile security company, analyzed a version of Coruna and suggested it was likely a US government tool. Its cofounder, Rocky Cole, stated, "This is the first example we’ve seen of US government tools spinning out of control." Cole further likened this situation to the EternalBlue moment, referring to the NSA tool that was leaked and led to devastating cyberattacks.
Google warns that Coruna's proliferation is unclear, suggesting an active market for 'second-hand' zero-day exploits. This raises concerns about the potential for any hacker group to adopt or adapt this toolkit.
Despite some limitations, iVerify estimates that Coruna has infected tens of thousands of phones, with roughly 42,000 devices hacked in the for-profit campaign alone. The true extent of its impact, especially on Ukrainian targets, remains unknown.
iVerify's analysis of the cybercriminal version of Coruna revealed that the code had been altered to steal cryptocurrency and personal data. However, the underlying toolkit was impressively polished and modular, suggesting a single, highly professional author.
Cole offers an alternative explanation for the code overlaps with Operation Triangulation, suggesting that its components may have been repurposed. But he argues that the toolkit's unique components and cohesive framework indicate a single author.
The question remains: how did a potential US government toolkit end up in foreign and criminal hands? Cole points to the industry of zero-day brokers, who sell hacking techniques to the highest bidder. This case highlights the potential risks and challenges of such a market.
As Cole concludes, "The genie is out of the bottle." This story serves as a reminder of the complex and ever-evolving nature of cybersecurity and the potential consequences of advanced hacking tools.
