Fast Facts
- High-grade iOS exploit kits Coruna and DarkSword, linked to government espionage and Operation Triangulation, have been leaked to criminals and the public, increasing widespread threat.
- Coruna is believed to be developed by US military contractors, while DarkSword likely originated in the Gulf region; both have been repurposed for financial theft alongside espionage.
- These tools are now used by diverse actors, from nation-states to criminal groups, to target global organizations and even low-level cybercriminals, blurring lines between espionage and crime.
- Organizations must urgently upgrade iOS security, as these exploits remain effective on outdated systems, risking credential theft, lateral movement, and severe data breaches.
Coruna and DarkSword: Spy Tools with Deep Roots in Government Operations
Coruna is a sophisticated mobile exploit kit designed for high-level espionage, leveraging zero-day vulnerabilities to target specific individuals. Originally linked to a 2023 spying campaign called Operation Triangulation, it appeared to be created by a US military contractor. Researchers indicate that Coruna contains multiple exploit chains, allowing it to penetrate iOS devices effectively. Meanwhile, DarkSword is a similar tool that has now been leaked onto GitHub, making it accessible to common cybercriminals. This leak broadens the potential for misuse, as even low-resource groups can now access powerful espionage tools.
Officials suggest that these kits started as government projects but have since been sold and spread on the secondary market. Coruna, for example, was likely sold by a US contractor to brokers, while DarkSword was developed in the Gulf region, possibly by a now-defunct firm that modified it for different purposes. These modifications include adding financial theft features. The tools are being used in regional conflicts, such as Ukraine, and have been adopted by various surveillance companies and even criminal groups involved in cryptocurrency theft. This development raises concerns about how military-grade spyware is falling into less controlled hands.
Leaked Spyware Spurs Wider Risks for Organizations and Individuals
The leak of these high-end exploit kits marks a worrying trend. Previously, such government-developed tools stayed within the realm of national security. However, with DarkSword now available on GitHub, anyone can attempt to compromise Apple devices. This accessibility raises the risk for organizations worldwide, especially since many users still operate outdated iOS systems unaffected by recent security patches. Notably, the spyware can extract passwords and keychain data, giving attackers access to corporate networks and sensitive information.
Experts warn that the lines between nation-state cyber operations and criminal groups are blurring. Russia’s suspected use of criminal proxy groups to carry out espionage and theft demonstrates how these powerful tools reach beyond official military or intelligence contexts. Even low-level cybercriminals, motivated by profit, now have access to weaponized malware once reserved for advanced governments. As these tools continue to spread and evolve, organizations must invest in better mobile security. Without it, they risk exposing their most sensitive data to a new, more dangerous era of cyber threats.
Stay Ahead with the Latest Tech Trends
Learn how the Internet of Things (IoT) is transforming everyday life.
Access comprehensive resources on technology by visiting Wikipedia.
CyberRisk-V1
