← Back to 2026-03-04 Briefing

A suite of government hacking tools targeting iPhones is now being used by cybercriminals

Security researchers say exploits used by governments to hack into iPhones have been found to be used by cybercriminals. They warned of an emerging market for "secondhand" exploits.

AGZUL Logo

Government Hacking Tools Used by Cybercriminals

Generated by AGZUL

Executive Briefing

A sophisticated suite of government-developed hacking tools, dubbed 'Coruna' and capable of compromising iPhones running iOS 13 to 17.2.1, has reportedly leaked and is now being utilized by cybercriminals. Google initially identified the exploit kit in February 2025, noting its use by a surveillance vendor for a government customer, then by a Russian espionage group targeting Ukrainian users, and later by a financially motivated hacker in China. Security researchers warn of an emerging 'secondhand' market for such exploits, highlighting the critical risk when state-developed tools fall into the wrong hands. The mobile security company iVerify linked Coruna to the U.S. government, emphasizing the inevitability of leaks with widespread tool use. This incident mirrors past leaks, such as the NSA's EternalBlue, which was later used in the WannaCry ransomware attack.

Vulnerabilities Chained
23

Coruna kit's digital arsenal

Affected iOS Range
13 to 17.2.1

iPhone software versions impacted

Prison Sentence
7+ years

For stealing and selling exploits

Government Hacking Tools Used by Cybercriminals

Executive Briefing

⚡ AI Synthesis

A sophisticated suite of government-developed hacking tools, dubbed 'Coruna' and capable of compromising iPhones running iOS 13 to 17.2.1, has reportedly leaked and is now being utilized by cybercriminals. Google initially identified the exploit kit in February 2025, noting its use by a surveillance vendor for a government customer, then by a Russian espionage group targeting Ukrainian users, and later by a financially motivated hacker in China. Security researchers warn of an emerging 'secondhand' market for such exploits, highlighting the critical risk when state-developed tools fall into the wrong hands. The mobile security company iVerify linked Coruna to the U.S. government, emphasizing the inevitability of leaks with widespread tool use. This incident mirrors past leaks, such as the NSA's EternalBlue, which was later used in the WannaCry ransomware attack.

Vulnerabilities Chained
23

Coruna kit's digital arsenal

Affected iOS Range
13 to 17.2.1

iPhone software versions impacted

Prison Sentence
7+ years

For stealing and selling exploits

Key Takeaways

Government hacking tools are now in cybercriminal hands.

Coruna exploit kit targets iPhones (iOS 13-17.2.1).

Emerging market for 'secondhand' government exploits.

Leaked tools pose significant global security risks.

Past leaks like EternalBlue show similar patterns.

Top Entities & Concepts

iPhones6
exploits6
cybercriminals5
Coruna5
TechCrunch5
Google4
hacking tools4
U.S. government3
iVerify3
Zack Whittaker3
Russia2
EternalBlue2
Peter Williams2
China
WannaCry
NSA
L3Harris Trenchant
iOS
Kaspersky
Wired

Comparative Analysis

Government-Developed Tools
/
Cybercriminal Use
Purpose
Surveillance, intelligence
Financial gain, espionage
Control
State-controlled
Unregulated, widespread
Target Scope
Specific targets
Broad, indiscriminate
Disclosure
Often secret
Publicly exposed

Assessment Radar

Timeline & Key Events

March 3, 2026Article publishedPublication
February 2025Google identified Coruna exploit kitDiscovery
December 2023iOS 17.2.1 releasedSoftware Update

Tone Analysis

10%

Negative

The article details how powerful government hacking tools have leaked and are now being used by cybercriminals, leading to widespread security risks for iPhone users and highlighting a significant failure in tool control.

Neural Map v1.0

Center Graph
Loading Neural Core...