iPhone Hacking Toolkit ‘Coruna’ Linked to U.S. Contractor L3Harris

A highly advanced iPhone hacking toolkit, which is believed to be developed by L3Harris, a military contractor for the U.S. has been making headlines after it ended up in the possession of Russian and Chinese hackers. The highly advanced iPhone hacking toolkit, which is referred to as “Coruna,” was initially developed for use in government intelligence operations but ended up in wide-scale cyber attacks on iPhone users in Ukraine, China, and other countries.

What is the Coruna Toolkit?

The Coruna iPhone hacking toolkit comprises 23 different components of highly advanced iPhone hacking tools that were initially developed for highly targeted iPhone surveillance operations. The iPhone hacking toolkit was initially developed for U.S. and allied intelligence agencies in the so-called Five Eyes alliance, which comprises Australia, Canada, New Zealand and the United Kingdom.

Independent researchers at iVerify analyzed the iPhone hacking toolkit and suggested that it appears to have been developed in a similar style to previous U.S. government iPhone hacking tools. Some of the components of the iPhone hacking toolkit, referred to as Photon and Gallium, were also used in another iPhone hacking operation referred to as Operation Triangulation, which targeted iPhone users in Russia.

How the Toolkit Ended Up in the Wrong Hands

The path from government contractor to criminal hackers is marked by various leaks and unauthorized sales. The former general manager of Trenchant, Peter Williams, sold eight hacking tools, including Coruna, to Operation Zero, which is a Russian broker that specializes in buying zero-day exploits. Williams received a seven-year sentence for leaking the $1.3 million worth of tools.

The Coruna toolkit, after being sold to Operation Zero, eventually found its way into the hands of various Russian espionage groups and Chinese cybercriminals. The tools were actively being used to steal money, cryptocurrency and sensitive information, as revealed by Google’s investigation.

Operation Triangulation: A Globetrotting Hack

The two Coruna exploits, Photon and Gallium, were part of the Operation Triangulation campaign, which was first identified by Kaspersky in 2023. The campaign targeted iPhone users in Russia with complex zero-day exploits. Researchers have noted that the Coruna toolkit’s individual parts show similarities with the Operation Triangulation exploits, indicating that the leak has contributed significantly to the campaign’s success.

It is interesting to note that the Kaspersky logo used to represent the Operation Triangulation campaign is an apple icon made up of triangles, which somewhat resembles the L3Harris logo and could be hinting at the toolkit’s source without directly mentioning government involvement.

Which iPhone's Were Vulnerable?

Coruna was developed to hack iPhone versions running iOS 13 to 17.2.1. This covers versions from September 2019 to December 2023. This toolkit enabled hackers to utilize zero day exploits on these versions of the iPhone. This goes to show the significance of updating one’s iOS.

Russian Hackers Target Messaging Apps Too

Another cyber threat involving the hacking of popular messaging apps has been identified. Dutch intelligence agencies, including the MIVD & AIVD, have identified that Russian state actors have been actively targeting users of the Signal and WhatsApp messaging apps. This has been targeted at government officials, the military and journalists.

Hackers have been utilizing phishing attacks, social engineering attacks and malicious QR codes to trick users into divulging verification codes and PINs. This has enabled hackers to pose as the victim user and access their personal communications and even monitor the connected devices of the victim through the WhatsApp messaging app.

Key Takeaways for Users

1. Update Your Devices: Ensure your iPhone is running the latest iOS version to patch known vulnerabilities.

2. Be Wary of Phishing: Avoid sharing verification codes or PINs, especially via messaging apps.

3. Monitor Linked Devices: Check WhatsApp’s “Linked Devices” feature to detect unauthorized access.

4. Understand Cyber Risks: Even government-grade tools can be leaked and exploited by cybercriminals.

Conclusion

The Coruna toolkit tale is a good example of the increasingly complex nature of global cyber threats. It illustrates the ways in which tools designed for intelligence operations can end up in the wrong hands. From Russian espionage to Chinese cyber criminals, the effects of leaked hacking tools are being felt all over the world. Users need to be aware and take precautions such as securing devices and staying informed.