Cyber Security News

Nation-State iOS Exploit Kit ‘Coruna’ Found Powering Global Attacks

CybersecurityNews
Nation-State iOS Exploit Kit ‘Coruna’ Found Powering Global Attacks

Researchers from Google Threat Intelligence Group and iVerify independently identified a nation-state–grade iOS exploit kit, internally named Coruna, containing 23 exploits across five full exploit chains targeting iOS 13 through 17.2.1. The kit was used by UNC6353 in watering‑hole attacks against Ukrainians and later repurposed by UNC6691 for mass crypto‑wallet theft; updating to iOS 17.3+ or enabling Lockdown Mode are the primary defenses. #Coruna #UNC6353

Keypoints

  • Coruna is an iOS exploit kit with 23 exploits organized into five full exploit chains targeting iOS 13–17.2.1.
  • GTIG and iVerify independently discovered and analyzed the kit, with GTIG first observing it in February 2025.
  • The kit was used by UNC6353 in watering‑hole attacks on Ukrainians and later by UNC6691 for financially motivated crypto wallet theft.
  • Attackers deliver Coruna via fake sites (for example a WEEX-themed page) that load the exploit kit through hidden iFrames on iOS devices.
  • Recommended defenses are updating to iOS 17.3 or newer and enabling Lockdown Mode or using private browsing, which the kit detects and avoids.

Read More: https://www.securityweek.com/nation-state-ios-exploit-kit-coruna-found-powering-global-attacks/