




























iPhone users should update their device to the latest iOS version to protect against such exploits.
Outdated iPhones are being targeted by a new and powerful exploit kit called ‘Coruna’, with potential nation-state origins.
According to Google Threat Intelligence Group (GTIG), Coruna targets iPhone models running iOS versions from 13.0 up to 17.2.1.
iVerify said Coruna is a significant example of spyware tech going from commercial surveillance vendors to nation-state actors, and then to mass-scale criminal operations, while also linking the exploit toolkit’s origins to the US government.
The exploit kit infects outdated iPhones visiting certain websites. It does not contain any specific targeting or one-time links, according to iVerify, meaning anyone who visited such a website while running a vulnerable iOS version could get infected, and also get re-infected multiple times.
“This is not typical for targeted attacks used by nation-states, but rather e-criminal groups,” noted iVerify.
The toolkit is “highly sophisticated, took millions of dollars to develop, and it bears the hallmarks of other modules that have been publicly attributed to the US government”, iVerify co-founder Rocky Cole said in a statement.
“This is the first example we’ve seen of very likely US government tools – based on what the code is telling us – spinning out of control and being used by both our adversaries and cybercriminal groups,” he added. iVerify also said that this is the first time mass exploitation against iOS devices has been observed amongst the public.
According to GTIG, Coruna’s threat lies in its comprehensive collection of iOS exploits, with the most advanced tools using non-public exploitation techniques and mitigation bypasses.
In one instance, GTIG observed that the toolkit was used by a suspected Russian espionage group to target Ukrainian users, while later, it was being used by a financially motivated threat actor operating from China.
How the toolkits are shared is unclear, GTIG said, while noting the possible existence of an “active market for ‘second-hand’ zero-day exploits”.
The Coruna exploit kit is only effective against older iOS versions, and iPhone users should update their device to the latest iOS version to protect against such exploits.
GTIG suggests using ‘Lockdown Mode’ in cases where the iPhone model is old and cannot update to the latest version. However, for most regular consumers, the highly restrictive Lockdown Mode is unnecessary.
Last month, Amazon Web Services highlighted how commercial AI is being used by “unsophisticated” criminals to scale cyberattacks on enterprises.
Don’t miss out on the knowledge you need to succeed. Sign up for the Daily Brief, Silicon Republic’s digest of need-to-know sci-tech news.
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。