CP
cyberpings
Malware & RansomwareHIGH

Coruna Exploit - Evolution of Triangulation iOS Framework

SASecurity Affairs
CorunaiOSOperation TriangulationCVE-2023-32434CVE-2023-38606
🎯

Basically, a new iOS exploit uses old tricks to attack iPhones.

Quick Summary

Kaspersky has discovered the Coruna exploit kit, which reuses code from the Operation Triangulation attacks. This poses a significant risk to iOS users. With millions of devices vulnerable, timely updates are crucial to protect sensitive data.

What Happened

Kaspersky's recent findings unveil the Coruna iOS exploit kit, which has evolved from the previously identified Operation Triangulation attacks. This exploit kit targets iPhones running iOS versions 13.0 to 17.2.1, utilizing an updated kernel exploit similar to those seen in earlier campaigns. The connection between Coruna and Triangulation was not immediately clear, but researchers have now identified strong code similarities that suggest a direct link.

The Coruna exploit kit is particularly dangerous as it includes five full exploit chains and a total of 23 exploits. While it is effective against older iOS versions, it does not affect the latest releases. This adaptability highlights a troubling trend: cybercriminals are increasingly reusing and modifying existing exploits for new vulnerabilities, creating a marketplace for second-hand zero-day exploits.

Who's Being Targeted

The Coruna exploit has been deployed in highly targeted attacks, particularly by surveillance vendors and threat actors like UNC6353 and UNC6691. These groups have utilized the exploit in campaigns against specific regions, including Ukraine. The exploit's modular design allows it to adapt to various architectures and firmware versions, making it a versatile tool for cybercriminals.

The implications are significant, as millions of users with unpatched devices are at risk. The exploit's ability to execute kernel-level attacks means that it can gain deep access to devices, posing severe threats to sensitive data such as credentials and financial information.

Tactics & Techniques

The Coruna exploit chain begins with a Safari-based stager that identifies the target device and selects the appropriate exploits based on its browser version. It then downloads encrypted components, which are decrypted and processed to reveal structured containers that dictate which exploits and malware components to fetch.

Interestingly, researchers found that one of the kernel exploits in Coruna is an updated version of the one used in Operation Triangulation. This newer code enhances compatibility with recent iOS versions and Apple chips, indicating that the threat actors are continuously evolving their techniques to bypass security measures.

Defensive Measures

To mitigate the risks posed by the Coruna exploit, users are strongly advised to install the latest security updates on their devices. Kaspersky's report emphasizes that the exploit kit is not a mere patchwork of reused components; rather, it represents a unified approach to exploitation, making it more challenging to defend against.

As cybercriminals increasingly adopt sophisticated techniques, it is crucial for users to remain vigilant. Regularly updating devices and being aware of the latest threats can significantly reduce the risk of falling victim to such advanced malware. The evolution of the Coruna exploit underscores the need for continuous improvement in cybersecurity practices and awareness.

🔒 Pro insight: The Coruna exploit's evolution signals a dangerous trend in malware reuse, emphasizing the need for robust patch management and user awareness.

Original article from

Security Affairs · Pierluigi Paganini

Read Full Article

Share

Related Pings

HIGHMalware & Ransomware

ClickFix Attack - New Malware Technique Uncovered

The ClickFix attack technique is tricking users into running harmful commands on their devices. This method affects Windows and macOS users, posing a significant risk to various industries. Awareness and proactive measures are crucial to prevent these types of malware infections.

Cyber Security News·
HIGHMalware & Ransomware

BPFdoor - Stealth Malware Targets Telecom Networks Worldwide

BPFdoor, a stealthy backdoor, targets telecom networks globally. This malware operates deep within the OS kernel, complicating detection efforts. Security teams must enhance their visibility to combat this threat effectively.

SC Media·
HIGHMalware & Ransomware

VoidLink Rootkit - Advanced Threat to Linux Systems Emerges

The VoidLink rootkit has emerged as a serious threat to Linux systems. This advanced malware uses innovative techniques to hide itself, making detection difficult. Organizations must take action to safeguard their systems against this sophisticated threat.

Cyber Security News·
HIGHMalware & Ransomware

RedLine Malware - Developer Extradited, Faces 30 Years in Prison

Hambardzum Minasyan, a key figure behind RedLine malware, has been extradited to the U.S. He faces serious charges that could lead to a lengthy prison sentence. This case highlights the ongoing battle against cybercrime and the impact of malware on global security.

The Record·
HIGHMalware & Ransomware

Infiniti Stealer - New macOS Infostealer Emerges

A new macOS malware called Infiniti Stealer tricks users into executing malicious commands. This poses serious risks to sensitive data on Macs. Stay safe by avoiding suspicious commands.

Malwarebytes Labs·
HIGHMalware & Ransomware

Malware Alert - Elastic Security Labs Uncovers BRUSHWORM

Elastic Security Labs has discovered two new malware types, BRUSHWORM and BRUSHLOGGER, targeting a South Asian financial institution. These threats use USB drives to spread and steal sensitive data. Organizations must act swiftly to mitigate risks and protect their data.

Elastic Security Labs·