iPhone Hacking Toolkit ‘Coruna’ Leaked: US Military Contractor Secrets Exposed to Russian and Chinese Hackers
A Sophisticated iPhone Hacking Toolkit Has Fallen into the Wrong Hands
A highly advanced iPhone hacking toolkit, known as Coruna, has been leaked to Russian government hackers and Chinese cybercriminals.
Origins of the Toolkit
The toolkit was originally developed by L3Harris, a US military contractor, for use in targeted surveillance operations by Western intelligence agencies.
Coruna consists of 23 components, which were initially deployed in highly targeted operations for an unnamed government customer.
According to researchers at cybersecurity firm iVerify, the toolkit was created by L3Harris’ hacking and surveillance division, Trenchant, and was sold exclusively to the US government and its Five Eyes allies.
Leak and Misuse of the Toolkit
However, the toolkit has since been used in widespread campaigns aimed at stealing money, cryptocurrency, and sensitive information from users in multiple countries.
The exact circumstances of how Coruna migrated from the Five Eyes ecosystem to Russian and later Chinese hackers remain unclear.
A former general manager at Trenchant, Peter Williams, was sentenced to seven years in prison for selling eight company hacking tools, including components of Coruna, to a Russian company known as Operation Zero between 2022 and 2025.
The tools were sold for $1.3 million, and US authorities warned that they could have granted access to millions of computers and iPhone devices worldwide.
Impact of the Leak
Google researchers have linked two Coruna exploits, named Photon and Gallium, to Operation Triangulation, a hacking campaign targeting Russian iPhone users.
These exploits were reportedly used as zero-day vulnerabilities in the campaign, indicating a direct connection between the original toolkit and subsequent cyberattacks.
The toolkit affected iPhones running iOS 13 through 17.2.1, covering models released between September 2019 and December 2023.
Russian spies deployed Coruna to hack specific Ukrainian users via compromised websites, while Chinese hackers later used it in broader financial cybercrime campaigns.
“Coruna illustrates how sensitive state-developed cyber tools can rapidly proliferate into the hands of unauthorized actors. Such leaks can transform intelligence-grade exploits into mass surveillance and financial crime instruments. Governments and corporations must urgently strengthen digital infrastructure and monitoring to prevent such incidents.”
Conclusion
Experts warn that the leak of Coruna highlights a worrying trend: tools developed for national security, if leaked, can quickly become instruments of global cybercrime, threatening individuals, companies, and critical infrastructure alike.
The development of Coruna bears resemblance to earlier incidents, including the FBI iPhone cracking case involving Azimuth Security, later merged into L3Harris.
Cybersecurity experts note that the journey of Coruna underscores the challenges of controlling cyber weapons once developed.
Without strict oversight, intelligence-grade hacking tools may continue to fuel large-scale cybercrime, espionage, and digital disruption globally.
About Author
English