Google Uncovers Covert Hacking Campaign: “Coruna”
In a recent revelation, Google exposed a sophisticated hacking initiative known as “Coruna,” which primarily targets unprotected iPhone devices running on iOS versions from 13.0 to 17.2.1.
This nefarious operation utilizes ingenious techniques to circumvent built-in security measures, surreptitiously accessing devices to deploy harmful payloads without user awareness.
A recent article from TechCrunch indicates that elements of Coruna may have been partially developed by Trenchant, the hacking and surveillance technology sector of L3Harris, a prominent American defense contractor.
According to confidential sources within the company, the term “Coruna” indeed referred to an internal component at L3Harris, corroborating suspicions of its origins.
Insights shared by one individual highlighted striking similarities between the technical attributes of the component and research findings from Google.
Furthermore, TechCrunch disclosed that the toolkit embodied in Coruna had wider applications; it was utilized by L3Harris in various operations.
Notably, one such endeavor involved Russian state-sponsored hackers who directed their efforts toward a limited demographic of Ukrainian targets using compromised digital platforms.
Subsequently, elements of the same toolkit were appropriated by Chinese cybercriminals, who employed them in extensive assaults aimed at pilfering funds and cryptocurrency.
These attacks encompassed phishing tactics and malware proliferation designed to exploit vulnerabilities in financial infrastructure.
Coruna’s functionality included sophisticated scanning of images for QR codes, meticulously combing through text for cryptocurrency seed phrases and keywords such as “backup phrase,” and transmitting this sensitive information to remote command-and-control servers. The operation also extended to accessing emails and other confidential data repositories.
The mobile security firm iVerify estimates that this exploitative venture may have compromised approximately 42,000 devices, as inferred from the traffic directed towards the attackers’ servers.
A former executive with Trenchant provided potential insight into Coruna’s genesis. In a scandal that surfaced in 2025, Peter Williams, an Australian executive overseeing segments of the hacking division, admitted guilt concerning the embezzlement of various cyber-exploitation tools, which he subsequently sold to Operation Zero, a Russian intermediary dealing in zero-day exploits.
U.S. prosecutors alleged that Williams had “full access” to internal networks and managed to sell eight hacking tools for a sum nearing $1.3 million, earning him a seven-year prison sentence.
Authorities cautioned that the software could potentially empower adversaries to breach “millions of computers and devices globally.”
Security experts now express concern that this leak may have significantly exacerbated the proliferation of Coruna within a vast ecosystem comprising brokers, governments, and cybercriminal collectives, potentially inciting further cyber assaults and exploitation of susceptible systems on a global scale.
This iPhone Hack Has Been Stealing Crypto From Users — Here’s How to Stay Safe
Referred to as “Coruna,” this exploit toolkit seemingly originated from a government-linked surveillance operation focused on Russian espionage.
Source link: Techloy.com.
