🚨 Government Hacking Tools Now in the Hands of Cybercriminals

Security researchers have discovered that a set of hacking tools, originally designed for governments, is now being used by cybercriminals to compromise iPhones running older software versions. This finding suggests the existence of an emerging market for "second-hand exploits," which are sold to profit-driven hackers.

Google first identified the exploit kit, dubbed Coruna, in February 2025, during an attempt by a surveillance provider to hack a phone at the request of a government client. Subsequently, it was found that the same kit was being used in a massive campaign targeting users in Ukraine by a Russian espionage group, and later by a financially motivated hacker in China.

While it is unclear how these tools were leaked, Google researchers warn about the growing market for exploits that, when reused, can be irresponsibly utilized by malicious actors. The mobile security company iVerify has obtained and deconstructed these tools, linking the Coruna kit to the U.S. government based on similarities to hacking tools previously attributed to it.

The Coruna kit is particularly powerful, as it can bypass an iPhone's defenses simply by visiting a malicious website containing the exploit code. According to Google, the kit can compromise an iPhone in five different ways, leveraging and chaining 23 vulnerabilities in its digital arsenal.

This discovery highlights how tools designed for government use can leak and be abused by cybercriminals. The history also recalls past incidents, such as the theft of hacking tools from the NSA in 2017, which were used in subsequent cyber attacks.

Source: TechCrunch