CATEGORIES
home News

Secret US iPhone Hacking Toolkit Falls Into Hands Of Foreign Hackers

by Aaron LeongWednesday, March 04, 2026, 10:56 AM EDT
hero ios update close
A sophisticated iPhone hacking toolkit, suspected to have originated within U.S. government-linked development circles, has surfaced in the wild as a weapon used by both foreign intelligence services and opportunistic cybercriminals. It's uncertain how the toolkit, dubbed "Coruna" by researchers, landed outside of the government, although the general consensus is that the leak was by accident.

coruna fig1
Coruna iOS exploit kit timeline (Credit: Google)

Security analysts at Google’s Threat Intelligence Group and the mobile security firm iVerify recently identified and deconstructed the toolkit, revealing a massive library of 23 exploits organized into five distinct chains, the latter created to bypass Apple’s stringent security mitigations, allowing attackers to seize full control of iPhones running iOS versions ranging from 13.0 (released in 2019) to 17.2.1 (released in 2023). While the underlying vulnerabilities have since been patched by Apple, the toolkit's existence in the wild poses a severe threat to the millions of users who remain on older versions of the OS.

In a way, the journey of Coruna reads like a digital thriller. Fragments of the code first appeared in early 2025, linked to a customer of a commercial surveillance vendor, the type of entity that typically sells high-priced spyware to governments for targeted law enforcement. By mid-2025, the kit had moved into the hands of a Russian-linked espionage group, which deployed it via "watering hole" attacks on compromised Ukrainian websites to possibly monitor high-value political and military targets.

coruna fig6
Coruna exploit chain delivered on iOS 15.8.5 (Credit: Google)

Moreover, in late 2025, the toolkit was identified again, this time on a network of fake Chinese gambling and cryptocurrency websites. Unlike the surgical, quiet operations of state spies, these cybercriminals used Coruna to launch mass-scale attacks. Any user who visited the malicious pages was automatically screened; if their iPhone was vulnerable, the site silently deployed a payload designed to exfiltrate sensitive data, drain digital wallets, and intercept bank account details.

Technical evidence suggests a Western origin for the codebase. The internal documentation, including detailed comments and docstrings found in a leaked debug version of the kit, is written in fluent, native-level English. Furthermore, several exploits within Coruna bear a striking resemblance to those used in Operation Triangulation, a 2023 campaign that Russian officials previously attributed to the U.S. National Security Agency.

For the average iPhone user, the discovery should serve as a reminder of the importance of software updates.
Tags:  iPhone, security, Privacy, Hacking
AL

Aaron Leong

Tech enthusiast, YouTuber, engineer, rock climber, family guy. 'Nuff said.
TOP STORIES
Which New GPU Is For You?
More Results
KEEP INFORMED

Stay updated with the latest news and updates. Subscribe to our newsletter!

Subscribe Now
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy Policy

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2026 Hot Hardware Inc, Inc.
All rights reserved. Privacy Policy - Copyright Notice - Terms Of Use