Coruna developed by US government? - Historico da BBS TELESC.NET.BR

BBS:      TELESC.NET.BR
Assunto:  Coruna developed by US government?
De:       Mike Powell
Data:     Wed, 4 Mar 2026 09:23:55 -0500
-----------------------------------------------------------
iPhones targeted by 'new and powerful' malware - and "Coruna" may have been
developed by the US government

By Benedict Collins published 3 hours ago

Coruna may have been developed by the US government

    Google researchers discover highly complex exploit kit, dubbed 'Coruna'
    The kit was deployed by a surveillance software customer, before being used
by Russian and Chinese threat actors
    Documentation from the kit shows evidence of being developed by the US
government

A highly complex exploit kit targeting iPhones has been discovered by Google
Threat Intelligence Group (GTIG) researchers, which contains non-public
exploitations and bypasses.

The kit, tracked as "Coruna", was initially used in targeted attacks by a
customer of an unnamed surveillance company, before also popping up in use by
Russian and Chinese threat actors before the full kit could be retrieved by
GTIG.

Further research by the iVerify team into the sources of the exploits contained
within the kit has indicated that the kit may have been developed as a US
government framework.

iPhone exploit kit developed by US government

The Coruna exploit kit is not like any regular malware developed by a common or
garden hacker.

The complexity of the kit, which contains 23 exploits that work in various
configurations to form five full exploit chains, signifies that the kit was
assembled by a nation-state. The exploit kit is also unique in that it works to
compromise devices en masse, rather than the surgical target-specific nature of
spyware developed by surveillance companies, with iVerify dubbing Coruna as the
"first known mass iOS attack."

The full exploit kit was retrieved by Google after a Chinese threat actor
deployed the kit for use on several gambling and cryptocurrency sites. However,
when analyzed by iVerify, the exploit kit contained extensive documentation
written in native English. The highly organized nature of the kit's framework
also shared similarities to frameworks developed by the US government.

The final payload of the exploit kit retrieved from the Chinese threat actors
was designed to access and retrieve financial information such as crypto
wallets, as well as media files and sensitive personal information.

iVerify further notes that Coruna has followed a similar trajectory to spyware
and exploits developed by surveillance vendors that are then sold to
governments. The exploits are are deployed in the wild by the end user, such as
a government agency, where they can be picked up and stolen by other threat
actors and deployed.

The most notable example of this being the EternalBlue exploit software, which
utilized a zero-day exploit to compromise Microsoft devices. EternalBlue was
actively used by the US National Security Agency (NSA) for several years, with
Microsoft only being notified of the zero-day after EternalBlue was stolen.

The iVerify team added that, "Brokers can't be trusted with these
capabilities and business to business transactions over the spyware market are
highly unregulated." The Pall Mall Process - an international framework
developed to address the irresponsible development and sale of spyware and
surveillance software - was specifically designed to prevent the exact
situation that occurred with EternalBlue, and may have occurred with the Coruna
kit.

How to stay protected

The Coruna kit uses exploits deployed against iPhones running iOS version 13.0
(released in September 2019) up to version 17.2.1 (released in December 2023).
By upgrading to the latest iOS version, your device will be protected against
all the exploits used in the Coruna kit.

Users who are unable to upgrade their device to the latest iOS version should
place their iPhone in Lockdown Mode. To do this, take the following steps:

    1) Go to Settings, then Privacy and Security
    2) Scroll down and tap Lockdown Mode
    3) Tap Turn On Lockdown Mode

Users who believe their device may have been infected should consult the GTIG
indicators of compromise, and iVerify's `How to get rid of it' section.

GTIG indicators:  https://tinyurl.com/47v8crj5

iVerify page:  https://tinyurl.com/4mhnwnsp


https://www.techradar.com/pro/security/iphones-targeted-by-new-and-powerful-mal
ware-and-coruna-may-have-been-developed-by-the-us-government

$$
--- SBBSecho 3.28-Linux
 * Origin: Capitol City Online (1:2320/105)

-----------------------------------------------------------
[Voltar]