Potential US-built hacking tools obtained by foreign spies and cybercriminals, research says

iVerify has described the activity as the “first known mass iOS attack” campaign of its kind. Google said fragments of the exploit first appeared last February, with ties to an unnamed “customer of a surveillance company.”

A powerful iPhone hacking toolkit that researchers say may have originated as a U.S.-built capability has surfaced in the hands of foreign espionage actors and financially motivated criminal groups, according to new analyses from Google and mobile security firm iVerify.

The toolkit, dubbed Coruna, contains multiple exploits capable of surreptitiously compromising Apple devices running older versions of iOS. Researchers say the codebase appears as a professionally developed platform, raising concerns that a tool originally built for covert government use may have escaped controlled channels.

Both iVerify and Google’s Threat Intelligence Group identified five exploit chains leveraging more than 20 vulnerabilities across iOS 13 through 17.2.1 — older versions of the ...