TheRetroArcade
Veteran
Posts: 1,980
Joined: Feb 2026
Joined: Feb 2026
Nothing to hide, but plenty to fear.
When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.
Keep up to date with the most important stories and the best deals, as picked by the PC Gamer team.
You are now subscribed
Your newsletter sign-up was successful
Want to add more newsletters?
Every Friday
GamesRadar+
Your weekly update on everything you could ever want to know about the games you already love, games we know you're going to love in the near future, and tales from the communities that surround them.
Every Thursday
GTA 6 O'clock
Our special GTA 6 newsletter, with breaking news, insider info, and rumor analysis from the award-winning GTA 6 O'clock experts.
Every Friday
Knowledge
From the creators of Edge: A weekly videogame industry newsletter with analysis from expert writers, guidance from professionals, and insight into what's on the horizon.
Every Thursday
The Setup
Hardware nerds unite, sign up to our free tech newsletter for a weekly digest of the hottest new tech, the latest gadgets on the test bench, and much more.
Every Wednesday
Switch 2 Spotlight
Sign up to our new Switch 2 newsletter, where we bring you the latest talking points on Nintendo's new console each week, bring you up to date on the news, and recommend what games to play.
Every Saturday
The Watchlist
Subscribe for a weekly digest of the movie and TV news that matters, direct to your inbox. From first-look trailers, interviews, reviews and explainers, we've got you covered.
Once a month
SFX
Get sneak previews, exclusive competitions and details of special events each month!
Earlier this week, the Google Threat Intelligence Group (GTIG) published a report on an exploit kit specifically targeting older Apple iPhones. Those with an up-to-date iOS may only feel momentarily smug as it turns out the kit, called Coruna, can sink its hooks into a wide range of phones—though the malicious range of this exploit kit is far from the worst wrinkle in this story.
GTIG says it tracked Coruna's use throughout 2025, beginning with "highly targeted operations initially conducted by a customer of a surveillance vendor." However, the exploit framework is unlikely to have been built by cybercriminals alone, and may originate from hacking tools used by the US government.
Device security company iVerify has recently issued its own report on what it's calling the 'First Known Mass iOS Attack,' claiming that the exploit chain at the centre of Coruna "has similarities to previous frameworks developed by threat actors affiliated with the US government."
"While iVerify has some evidence that this tool is a leaked US government framework, that shouldn’t overshadow the knowledge that these tools will find their way into the wild and will be used unscrupulously by bad actors", says the researchers.
GTIG says Coruna consists of "five full iOS exploit chains and a total of 23 exploits," two of which bear a striking resemblance to iOS exploits "that were also used as zero-days as part of Operation Triangulation." Triangulation was a 2023 hacking operation targeting Russian cybersecurity firm Kaspersky. The Russian government alleged the NSA was behind it, though the US government has neither confirmed nor denied this.
The full Coruna framework can be levelled at iPhone models running iOS version 13.0 (released in September 2019), all the way up to version 17.2.1 (released in December 2023). Coruna can quietly infect what is potentially a lot of phones, and then be used to harvest swathes of sensitive data (including photos and emails), as well as steal cryptocurrency.
GTIG was able to extract the full exploit kit from an attack by "UNC6691, a financially motivated threat actor operating from China." But the team additionally reported it also saw the exploit framework deployed in earlier attacks against Ukrainian users by suspected Russian threat actor UNC6353.
Keep up to date with the most important storie...Read more: Full article on www.pcgamer.com
What do you think about this?
When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.
Keep up to date with the most important stories and the best deals, as picked by the PC Gamer team.
You are now subscribed
Your newsletter sign-up was successful
Want to add more newsletters?
Every Friday
GamesRadar+
Your weekly update on everything you could ever want to know about the games you already love, games we know you're going to love in the near future, and tales from the communities that surround them.
Every Thursday
GTA 6 O'clock
Our special GTA 6 newsletter, with breaking news, insider info, and rumor analysis from the award-winning GTA 6 O'clock experts.
Every Friday
Knowledge
From the creators of Edge: A weekly videogame industry newsletter with analysis from expert writers, guidance from professionals, and insight into what's on the horizon.
Every Thursday
The Setup
Hardware nerds unite, sign up to our free tech newsletter for a weekly digest of the hottest new tech, the latest gadgets on the test bench, and much more.
Every Wednesday
Switch 2 Spotlight
Sign up to our new Switch 2 newsletter, where we bring you the latest talking points on Nintendo's new console each week, bring you up to date on the news, and recommend what games to play.
Every Saturday
The Watchlist
Subscribe for a weekly digest of the movie and TV news that matters, direct to your inbox. From first-look trailers, interviews, reviews and explainers, we've got you covered.
Once a month
SFX
Get sneak previews, exclusive competitions and details of special events each month!
Earlier this week, the Google Threat Intelligence Group (GTIG) published a report on an exploit kit specifically targeting older Apple iPhones. Those with an up-to-date iOS may only feel momentarily smug as it turns out the kit, called Coruna, can sink its hooks into a wide range of phones—though the malicious range of this exploit kit is far from the worst wrinkle in this story.
GTIG says it tracked Coruna's use throughout 2025, beginning with "highly targeted operations initially conducted by a customer of a surveillance vendor." However, the exploit framework is unlikely to have been built by cybercriminals alone, and may originate from hacking tools used by the US government.
Device security company iVerify has recently issued its own report on what it's calling the 'First Known Mass iOS Attack,' claiming that the exploit chain at the centre of Coruna "has similarities to previous frameworks developed by threat actors affiliated with the US government."
"While iVerify has some evidence that this tool is a leaked US government framework, that shouldn’t overshadow the knowledge that these tools will find their way into the wild and will be used unscrupulously by bad actors", says the researchers.
GTIG says Coruna consists of "five full iOS exploit chains and a total of 23 exploits," two of which bear a striking resemblance to iOS exploits "that were also used as zero-days as part of Operation Triangulation." Triangulation was a 2023 hacking operation targeting Russian cybersecurity firm Kaspersky. The Russian government alleged the NSA was behind it, though the US government has neither confirmed nor denied this.
The full Coruna framework can be levelled at iPhone models running iOS version 13.0 (released in September 2019), all the way up to version 17.2.1 (released in December 2023). Coruna can quietly infect what is potentially a lot of phones, and then be used to harvest swathes of sensitive data (including photos and emails), as well as steal cryptocurrency.
GTIG was able to extract the full exploit kit from an attack by "UNC6691, a financially motivated threat actor operating from China." But the team additionally reported it also saw the exploit framework deployed in earlier attacks against Ukrainian users by suspected Russian threat actor UNC6353.
Keep up to date with the most important storie...Read more: Full article on www.pcgamer.com
What do you think about this?