U.S. Government's iPhone Hacking Toolkit Leaked to Foreign Criminals

Mar 4, 2026, 2:18 AM

Hover over text to view sources

A powerful iPhone hacking toolkit, identified as Coruna, has been found in the hands of foreign espionage actors and criminal organizations. Researchers from Google and mobile security firm iVerify suggest that this toolkit may have initially been developed for US government use, raising serious concerns about the implications of such technology falling into unauthorized hands.

Coruna is a sophisticated collection of exploits capable of compromising Apple devices running older versions of iOS. The toolkit includes five exploit chains that leverage more than 20 vulnerabilities across iOS versions from 13 to 17.2.1, which were released between September 2019 and December 2023 . Its design indicates it was likely developed by a well-resourced entity, possibly a nation-state, and it contains extensive inline documentation written in native-level English, suggesting a professional background in its creation.

The origins of Coruna trace back to its early use by Russian intelligence to target Ukrainian individuals. It was later adopted by cybercriminal groups aiming to steal cryptocurrency from Chinese-speaking victims. The toolkit's capabilities allow attackers to silently compromise iPhones via malicious web content, which can fingerprint devices and deploy tailored code to achieve remote code execution, bypassing key iOS security measures.

Security researchers first observed fragments of Coruna in February 2022, tied to an unnamed "customer of a surveillance company." Several months later, a more complete version was detected in a Russian espionage campaign, embedded within common web analytics tools on Ukrainian websites. This evolution indicates that what was once a covert government tool has transitioned into a broadly deployed criminal asset, exemplifying a dangerous proliferation of advanced hacking techniques.

The implications of Coruna's leak echo past incidents, notably the 2017 theft of the NSA's EternalBlue exploit, which subsequently enabled numerous destructive cyberattacks, including North Korea's WannaCry worm and Russia's NotPetya attack. iVerify's cofounder, Rocky Cole, emphasizes the unsettling reality that tools designed for government use can end up being exploited by adversaries and criminal organizations, indicating a significant lapse in control over sensitive cyber capabilities.

The toolkit's sophistication and the sheer number of vulnerabilities it exploits highlight a concerning trend in cybersecurity, where powerful hacking tools developed for national security purposes can ultimately be misappropriated. Google researchers warn that Coruna's proliferation suggests a growing market for "second-hand" zero-day exploits, which are secret hacking techniques that target unpatched vulnerabilities.

As the cybersecurity landscape continues to evolve, the existence of Coruna raises urgent questions about the security of mobile devices and the potential risks associated with high-end offensive cyber tools that have leaked from government control. The widespread use of such a toolkit could result in severe consequences for individuals and organizations alike, especially if similar exploits are adapted by malicious actors in the future.

In summary, the emergence of Coruna as a tool in the hands of foreign actors represents a pivotal moment in the ongoing battle for cybersecurity. The US government and its agencies must reassess their strategies for managing and safeguarding sensitive cyber capabilities to prevent further leaks and protect citizens from the repercussions of advanced hacking tools falling into the wrong hands. As the situation unfolds, the implications of Coruna will likely resonate throughout the cybersecurity community and beyond, underscoring the need for vigilance and proactive measures in the digital age.

OpenAI Revises Military Deal Amid User Backlash

OpenAI's CEO Sam Altman has announced revisions to the company's controversial deal with the US Department of Defense, acknowledging the initial agreement was rushed and poorly communicated. The updates aim to address concerns over potential domestic surveillance and the use of AI in autonomous weapons, but skepticism remains among users and experts.

AI Standoff: A Battle for Control of Military Technology

The recent conflict between the Pentagon and AI firm Anthropic raises questions about the control of military technology in the US Following Anthropic's blacklisting and OpenAI's contract win, the outcome may redefine the balance of power between the government and AI developers, significantly impacting future military operations.

Colorado Lawmakers Clash Over Surveillance Technology Regulations

In Colorado, bipartisan efforts are underway to regulate surveillance technology amidst growing concerns over privacy and data security. Lawmakers are debating bills that would limit law enforcement's access to personal data and restrict technologies like facial recognition and license plate readers. These discussions reflect broader tensions between public safety and individual rights.

Trump Orders Halt on Anthropic AI Use After Pentagon Tensions

In a significant escalation of tensions, President Trump has ordered all US federal agencies to cease the use of Anthropic's AI products following the company's refusal to allow unrestricted military applications. The Pentagon has labeled Anthropic a national security risk, complicating its future dealings with government contractors.

OpenAI Secures Pentagon Deal Amid Controversy Over AI Use

OpenAI has reached a deal with the Pentagon to utilize its AI models within classified military networks. This agreement comes in the wake of President Trump's order for federal agencies to cease using rival Anthropic's technology due to concerns over its ethical use in military operations.