A sophisticated iPhone-hacking toolkit, known as Coruna, was likely designed by U.S. military contractor L3Harris, according to a report by TechCrunch. The toolkit, which was intended for Western spies, has been used in a series of global attacks by Russian government spies and Chinese cybercriminals.
Coruna was first revealed by Google last week, which discovered that the toolkit had been used in a series of attacks targeting iPhone users in Ukraine and China. The toolkit is made up of 23 different components and was originally used in highly targeted operations by an unnamed government customer of a surveillance vendor.
Researchers at mobile cybersecurity company iVerify believe that Coruna may have been originally built by a company that sold it to the U.S. government. Two former employees of L3Harris' hacking and surveillance tech division, Trenchant, told TechCrunch that Coruna was at least in part developed by the company.
The Funding and Development
L3Harris sells Trenchant's hacking and surveillance tools exclusively to the U.S. government and its allies in the Five Eyes intelligence alliance. The company's toolkit, which includes Coruna, was likely acquired and used by one of these governments' intelligence agencies before falling into unintended hands.
A former L3Harris employee, who spoke on condition of anonymity, said that Coruna was definitely an internal name of a component and that many of the technical details published by Google were familiar.
How Coruna Fell into the Wrong Hands
It is unclear how Coruna went from the hands of a Five Eyes government contractor to a Russian government hacking group, and then to a Chinese cybercrime gang. However, some of the circumstances appear similar to the case of Peter Williams, a former general manager at Trenchant, who sold eight company hacking tools to Operation Zero, a Russian company that offers millions of dollars in exchange for zero-day exploits.
Williams was sentenced to seven years in prison last month after he admitted to stealing and selling the hacking tools to Operation Zero for $1.3 million.
Market Context and Implications
The discovery of Coruna highlights the risks of surveillance vendors and government contractors developing and selling hacking tools. The toolkit's use by Russian government spies and Chinese cybercriminals also raises concerns about the potential for these tools to be used in future attacks.
Rocky Cole, the co-founder of iVerify, told TechCrunch that the best explanation for Coruna's origins points to Trenchant and the U.S. government being the original developers and customers of the toolkit.
