Cybercriminals Exploit Advanced Government Hacking Tools to Target iPhones

Recent investigations have uncovered a sophisticated collection of hacking tools initially developed for governmental use, which are now at the disposal of cybercriminals targeting iPhones.

A toolkit called Coruna was first noted in February 2025 during an attempted infiltration of a phone, orchestrated by a vendor working with a government agency. Later, the toolkit was found integrated into broad cyber-attacks aimed at Ukrainian citizens and subsequently exploited by monetary-driven hackers.

The transition of these hacking tools from government hands to cybercriminals remains murky. Experts caution against the rising phenomenon of “secondhand” exploits available to hackers seeking financial gains.

Mobile security firms have reverse-engineered these tools, linking the Coruna exploit kit to governmental practices and highlighting concerns about how state-sanctioned tools can be misused. This serves as a reminder that such tools can escape controlled settings and be weaponized by unethical players.

As these tools become more widespread, the risk of them leaking increases significantly. Evidence suggests these tools may originate from government sources and could easily fall into the wrong hands.

The Coruna toolkit is capable of compromising iPhones simply by visiting a malicious website. It exploits multiple vulnerabilities across devices from iOS 13 to 17.2.1, which was released in December 2023.

Insights indicate that elements of the Coruna toolkit mirror tactics utilized in previous hacking initiatives. Unauthorized leaks of hacking tools are rare but have occurred, leading to significant cybersecurity threats, as seen in past events.

Legal actions are being taken against individuals selling sensitive exploits, underscoring ongoing vulnerabilities in the tech landscape.