“Kaspersky Analysis: Coruna Malware Evolves from Triangulation Campaign, Threatens Latest iOS Devices”

KHADAMATY-NEW

Kaspersky’s Global Research and Analysis Team (GReAT) has revealed that the Coruna malware is a direct, updated evolution of the framework partially used in the Operation Triangulation cyber-espionage campaign, confirming that the kernel exploits in both attacks were likely created by the same developer

🔍 Code Analysis Links Coruna to Triangulation

Kaspersky identified that one of Coruna’s five kernel exploits is an updated version of the exploit used in Triangulation in 2023. The remaining four exploits, including two developed after Triangulation was publicly disclosed, are built on the same exploitation framework. Beyond kernel exploits, similarities extend across other Coruna components, indicating that the malware is not assembled from disparate parts but represents a continuously maintained evolution of the original framework.

💻 Targets Modern iOS Devices

The malware includes support for Apple A17, M3, M3 Pro, and M3 Max processors, as well as references to iOS versions up to 17.2. It also contains a specific check for iOS 16.5 beta 4, the version Apple released to patch the previously reported vulnerabilities

Boris Larin, Principal Security Researcher at Kaspersky GReAT, noted:

“Coruna is no longer a precision espionage tool; it is now deployed indiscriminately. The inclusion of support for M3 processors and newer iOS versions shows that the original developers have actively expanded this codebase

⚠️ Kaspersky Advises iPhone Users to Update Immediately

Apple has patched the vulnerabilities exploited by Coruna. However, devices that remain unpatched continue to be at risk

🛡️ Corporate Security Recommendations

Kaspersky also recommends organizations adopt the following measures to prevent targeted attacks:

Regularly update operating systems, applications, and security software to patch known vulnerabilities

Centralize event monitoring using solutions like Kaspersky SIEM for comprehensive visibility into security events

Provide your security teams with actionable intelligence via Kaspersky Threat Intelligence to detect and respond to threats faster

Upskill cybersecurity personnel with practical training through Kaspersky Cybersecurity Training

Deploy endpoint protection and incident response solutions from Kaspersky Next, offering EDR functionality, patch management, cloud security, and guided investigation to quickly deflect evasive attacks