BTC $71,807
2026 Bull Run Is Building Start trading with 5% OFF all fees
Sign Up Now
BTC $71,807
Bull Run 2026 | 5% Off Fees Open your Binance account today
Sign Up

Coruna iOS Exploit Kit Evolved From Triangulation

Coruna exploit kit evolves from exclusive Triangulation tool to mass iOS attacks

  • The recently uncovered iOS exploit kit Coruna uses an updated version of the kernel exploit framework from the 2023 Operation Triangulation espionage campaign.
  • The framework now includes checks for newer Apple M3 processors and iOS versions, showing it is actively maintained and expanded.
  • The same authors’ elite espionage tool is now being used indiscriminately in mass exploitation campaigns by suspected Russia-aligned actors.
  • Separately, a new version of the iPhone exploit kit DarkSword has been publicly leaked, potentially enabling more threat actors.

In March 2026, security researchers revealed that the advanced Apple iOS exploit framework Coruna, now used in mass attacks, is a direct evolution of the previously exclusive espionage tool used in Operation Triangulation. Kaspersky found its kernel exploit is an updated version of the same code used in the 2023 campaign, according to new findings. Consequently, this demonstrates how sophisticated state-level hacking tools can trickle down to broader criminal use. Boris Larin, principal security researcher at Kaspersky GReAT, stated “What began as a precision espionage tool is now deployed indiscriminately.”

- Advertisement -

The framework contains five full iOS exploit chains and twenty-three exploits, including vulnerabilities CVE-2023-32434 and CVE-2023-38606. However, Kaspersky confirmed the shared authorship because the code includes support for Apple’s A17, M3, M3 Pro, and M3 Max processors. It also contains checks for iOS 17.2 and version 16.5 beta 4, which patched the original Triangulation vulnerabilities.

Coruna was first documented targeting iPhone models running iOS 13.0 to 17.2.1. Meanwhile, it has been leveraged in watering hole attacks in Ukraine and via fake Chinese gambling and cryptocurrency websites. These sites deliver a data-stealing malware known as PlasmaLoader (aka PLASMAGRID).

The attack starts when a user visits a compromised website on Safari. A stager then fingerprints the browser and serves the appropriate exploit based on the system version. This paves the way for a payload that triggers the kernel exploit and executes post-exploitation activities.

Separately, a leaked new version of the iPhone exploit kit DarkSword on GitHub, first reported by TechCrunch, raises concerns. This leak could equip more threat actors with advanced capabilities, as noted by reports. Ultimately, these developments show elite hacking frameworks are becoming accessible for mass exploitation.

- Advertisement -

✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.

Previous Articles:

- Advertisement -
Ad
Altseason Is Loading. Don't watch from the sidelines.
SOL $90.51
DOGE $0.0963
LINK $9.02
SUI $1.00
5% off fees when you sign up
Start Trading
Ad
Pay Less on Every Trade. For Life.
$10K/mo volume Save $60/yr
$50K/mo volume Save $300/yr
$100K/mo volume Save $600/yr
5% off all trading fees when you sign up
Claim Your Discount

Latest News

Critical BeyondTrust bugs allow unauthenticated device takeover

BeyondTrust disclosed four pre-authentication vulnerabilities in its Remote Support (RS) and Privileged Remote Access...

AMD’s growth driver shifts from gaming to enterprise AI

AMD's primary growth driver is shifting from gaming to enterprise AI, with integrated...

Iranian Cavern Manticore Hacks Israeli Firms

An Iranian state-backed hacking group is using a new modular C2 framework, Cavern, targeting...

Microsoft Cuts 4,800 Jobs; Dow Hits Record High

Major U.S. stock indices rose on Monday, led by a rebound in technology and...

Saylor’s Strategy Sells $216M in Bitcoin At a Loss

Michael Saylor’s Strategy sold 3,588 BTC for $216 million, marking its first major sale...

Must Read

Best Metaverse Tokens to Buy on Binance for 10X Gains

Ever since Facebook renamed their company to Meta, as well as their plans to build a metaverse where we can travel into using Virtual...
Ad
Altseason Is Loading. These 4 coins are trending right now.
SOL $92.12
DOGE $0.0950
LINK $9.02
SUI $1.02
5% off spot fees when you sign up
Start Trading