GOOGLE'S Threat Intelligence Group has reported on the 'Coruna' exploit kit, a sophisticated kit targeting iPhones running iOS versions 13.0 to 17.2.1. This exploit kit includes 23 exploits, with advanced techniques for bypassing mitigations. It has been observed in targeted operations by surveillance vendors and in attacks by groups like UNC6353, suspected of Russian espionage. Notably, the Coruna kit was recently employed by UNC6691, a financially motivated Chinese threat actor.
Google has taken measures to mitigate the threat, including adding affected domains to its Safe Browsing service. Users are advised to update their iOS devices and enable Lockdown Mode for additional security. The report also details the exploit kit's technical capabilities, its discovery through surveillance vendor activity, and the development of additional payloads for financial theft.