No signs Coruna iPhone exploit kit made by US • The Register
No signs Coruna iPhone exploit kit made by US • The Register
https://www.theregister.com/2026/03/04/kaspersky_dismisses_claims_that_coruna/
Publish Date: 2026-03-04 09:18:00
Source Domain: www.theregister.com
Russian cybersecurity outfit Kaspersky is waving away claims that an iPhone exploit kit recently uncovered by Google was developed by the same people who were behind a group of zero-days that allegedly compromised thousands of Russian diplomats in a 2023 campaign.
After Google’s Threat Intelligence Group (GTIG) published its findings on the Coruna exploit kit this week, some experts were quick to point fingers at the National Security Agency, suggesting it was behind the attacks seen in Ukraine and China over the past 12 months.
While GTIG made no such suggestions itself, the crossover between some of the same vulnerabilities used in 2023’s Operation Triangulation, which Moscow alleged was a National Security Agency job, and those that comprise Coruna, raised questions about how involved the US was in the development and/or use of the exploit kit.
Rocky Cole, cofounder of iVerify, told Wired after reviewing Coruna’s code that he believed the US may have been behind Coruna’s development.
“It’s highly sophisticated, took millions of dollars to develop, and it bears the hallmarks of other modules that have been publicly attributed to the US government,” he said.
“This is the first example we’ve seen of very likely US government tools – based on what the code is telling us – spinning out of control and being used by both our adversaries and cybercriminal groups.”
However, Boris Larin, principal security researcher at Kaspersky GReAT, told The Register on Wednesday: “We see no evidence of actual code reuse in the published reports to support attributing Coruna to the same authors.”
What is Coruna?
In a report published on Tuesday, Google said that around a year ago it identified a highly sophisticated and previously unknown iPhone exploit kit, perhaps used by commercial spyware vendors and/or state-sponsored…
