A suite of government hacking tools targeting iPhones is now being used by cybercriminals

Security researchers have identified a suite of powerful hacking tools capable of compromising Apple iPhones running older software that they say has passed from a government customer into the hands of cybercriminals. Google said Tuesday that it first identified the exploit kit, dubbed Coruna, in February 2025 during a surveillance vendor’s attempt to hack into someone’s phone with spyware on behalf of a government customer. It found the same exploit kit months later targeting Ukrainian users in a broad-scale campaign by a Russian espionage group, and then later found it used by a financially motivated hacker in China. It’s unclear how the tools leaked or proliferated, but Google security researchers warned of an emerging market for “second hand” exploits, which are sold to hackers motivated by money to extract more value out of the exploit. The discovery also shows how exploits and back doors designed to be used by governments can leak and ultimately be abused by cybercriminals or other non-state actors. iVerify, a mobile security company that obtained and reverse-engineered the hacking tools, said in a blog post that it linked the Coruna exploit kit to the U.S. government, based on similarities to hacking tools previously attributed to the United States. “The more widespread the use, the more certain a leak will occur,” said iVerify. “While iVerify has some evidence that this tool is a leaked US government framework, that shouldn’t overshadow the knowledge that these tools will find their way into the wild and will be used unscrupulously by bad actors.” Google said the hacking tools are powerful as they can bypass an iPhone’s defenses simply through visiting a malicious website containing the exploit code — such as being sent a malicious link — in what is known as a “watering hole” attack. According to Google, the Coruna kit can hack into an iPhone five separate ways by relying on and chaining together 23 separate vulnerabilities in its digital arsenal. Affected d...