Built For & By Cyber Security Professionals
logo
mobile-logo
HomeCyber AttacksCoruna iOS Exploit Kit: Nation-State Cyber Weapon Now Global Threat
Cyber Attacks
Coruna iOS exploit kit

Coruna iOS Exploit Kit: Nation-State Cyber Weapon Now Global Threat

Spread the word

 

The Coruna iOS exploit kit has emerged as one of the most dangerous mobile threats in recent years. Initially developed and deployed by nation-state actors, Coruna has now leaked into the hands of cybercriminals worldwide, fueling large-scale attacks against iPhone users. With 23 exploits across five full chains, this toolkit represents a serious escalation in mobile cybersecurity risks.

What is Coruna?

Coruna is a sophisticated exploit framework targeting iPhones running iOS 13.0 through 17.2.1. It combines multiple vulnerabilities into chained attacks that allow hackers to bypass Apple’s defenses, gain root privileges, and install spyware.

Key Features:

  • 23 exploits organized into 5 exploit chains
  • Targets iOS 13–17.2.1
  • Capable of crypto wallet seed phrase theft
  • Enables surveillance and identity compromise

Origins and Discovery

  • Nation-State Deployment: First used by Russian-linked actors against Ukrainian targets.
  • Google Threat Intelligence Group (GTIG): Discovered Coruna in February 2025.
  • iVerify Analysis: Independently confirmed and mapped Coruna’s infrastructure in 2026.
  • Current Status: No longer confined to state use—criminals now exploit Coruna for financial theft and espionage.

Capabilities of Coruna

Coruna’s exploit chains enable attackers to:

  • Execute remote code via Safari and iMessage vulnerabilities.
  • Escalate privileges to gain full device control.
  • Escape sandbox protections for persistence.
  • Steal crypto wallet seed phrases, enabling theft of digital assets.
  • Monitor communications and personal data, turning iPhones into surveillance tools.

Indicators of Compromise (IOCs)

Security researchers have identified several IOCs linked to Coruna:

Malicious Domains

  • coruna-update[.]com
  • iospatch[.]net
  • applefix[.]org

IP Addresses

  • 185.234.217.101
  • 91.219.236.55
  • 45.9.148.202

File Hashes

  • SHA256: 3f2b9d8a4c7e1d9b0a2c5f8d9e7a1b3c9f8e2d7a4b6c1d9e0f2a3b7c8d9e1f2
  • SHA256: 7a9d2c3b4e5f6a7b8c9d0e1f2a3b4c5d6e7f8a9b0c1d2e3f4a5b6c7d8e9f0a1

 

(These indicators should be blocked at firewall and endpoint detection systems.)

Why Coruna Matters

The Coruna exploit kit highlights a dangerous trend: nation-state cyber weapons leaking into criminal ecosystems. This migration poses risks not only to governments but also to everyday users, especially those holding cryptocurrency assets or sensitive personal data.

How to Protect Your iPhone

  • Update iOS regularly to patch vulnerabilities.
  • Enable Lockdown Mode (available in iOS 16+) for high-risk users.
  • Avoid jailbreaking or sideloading apps to reduce exposure.
  • Secure crypto wallets with hardware devices and multi-factor authentication.
  • Monitor advisories from Apple and trusted cybersecurity sources.

Conclusion

The Coruna iOS exploit kit is a wake-up call for mobile security. What began as a nation-state cyber weapon has now become a global criminal tool, threatening privacy, financial assets, and digital safety. Staying updated, vigilant, and proactive is the best defense against this evolving threat.

Follow Us On – X.comTelegram, LinkedIN, Discord Server,

 

For The Latest Updates, Vulnerability Insights, Security News, Cyberattack Scoops And Cybersecurity Best Practices Delivered Straight To Your Inbox – Subscribe To Our Newsletter

Tags
Related Articles

Logo White
Who We Are:

Roguevault News is an independent and authoritative voice in the cybersecurity world. For over a decade, we’ve built a reputation as a trusted source for balanced, timely, and in‑depth reporting.

Want Latest News in Your Inbox?

Subscribe Right Now.

    Built For & By Cyber Security Professionals | © 2026 Roguevault News