U.S. Military Contractor’s iPhone Hacking Tools Misused by Russian Spies
In a startling revelation, sophisticated iPhone hacking tools originally developed by U.S. military contractor L3Harris have been co-opted by Russian intelligence operatives and Chinese cybercriminals. These tools, designed for use by Western intelligence agencies, have been implicated in a series of global cyberattacks targeting iPhone users in Ukraine and China.
The toolkit, known as Coruna, comprises 23 distinct components and was initially employed in highly targeted operations by an undisclosed government client of a surveillance vendor. Subsequently, Russian government spies utilized Coruna against a select group of Ukrainians, and later, Chinese cybercriminals deployed it in widespread campaigns aimed at financial theft and cryptocurrency heists.
Researchers at mobile cybersecurity firm iVerify, who conducted an independent analysis of Coruna, suggest that the toolkit may have been originally developed by a company supplying the U.S. government. Two former employees of L3Harris’s hacking and surveillance division, Trenchant, have confirmed that Coruna was at least partially developed by their team. One former employee, familiar with iPhone hacking tools at Trenchant, stated, Coruna was definitely an internal name of a component, and noted that many technical details of the toolkit were familiar.
L3Harris’s Trenchant division specializes in creating hacking and surveillance tools exclusively for the U.S. government and its allies within the Five Eyes intelligence alliance, which includes Australia, Canada, New Zealand, and the United Kingdom. Given this limited clientele, it’s plausible that Coruna was initially acquired and utilized by one of these allied intelligence agencies before falling into unintended hands.
The proliferation of Coruna underscores the risks associated with the development and distribution of cyber weapons. Once such tools are created, controlling their dissemination becomes challenging, raising concerns about their potential misuse by adversaries and non-state actors.
This incident highlights the critical need for stringent oversight and security measures in the development and deployment of cyber tools to prevent them from being exploited beyond their intended purposes.
