Researchers Trace U.S.-Developed Exploit Kit to iOS Attack

4 Mar 2026

CybercrimeResearchAppleChinaCorunacybercrimeEternalBlueGoogleGoogle Threat Intelligence GroupiOSiVerifyKasperskyL3HarrisNotPetyaOperation TriangulationransomwareRussiaspywareWannaCryzero days

Researchers identified a connection between a U.S.-developed exploit framework and the first known large-scale iOS attack, tracing its movement from a spyware vendor’s customer to Russian hackers and later to Chinese cybercriminals. The exploit kit, referred to as "Coruna," was linked to previous cyber operations, including those resembling high-profile attacks like EternalBlue and WannaCry. The investigation involved tracking the tool’s proliferation across different threat actors, though no specific dates, technical indicators, or CVE IDs were disclosed. The attack represents a rare instance of mass exploitation targeting iOS devices, previously considered less vulnerable to such campaigns. The findings were reported by Google’s Threat Intelligence Group and other security firms, including Kaspersky and iVerify.