iPhone Hacking Toolkit Leaked to Russian and Chinese Hackers! - ShiftDelete.Net Global

ShiftDelete.net
FOLLOW US

iPhone Hacking Toolkit Leaked to Russian and Chinese Hackers!

The U.S.-made "Coruna" iPhone exploit kit has fallen into the hands of Russian and Chinese hackers. Here are the details of the L3Harris and Operation Zero espionage scandal.

iPhone Hacking Toolkit Leaked to Russian and Chinese Hackers!

A large-scale cyberattack campaign targeting iPhone users in Ukraine and China has revealed the use of sophisticated espionage tools believed to be developed by the U.S. defense contractor L3Harris. Initially designed for Western intelligence services, these tools eventually fell into the hands of Russian government agents and Chinese cybercriminals.

How U.S. Espionage Tools Were Leaked

Throughout 2025, investigations by Google identified a 23-component iPhone hacking toolkit dubbed “Coruna” being utilized in global attacks. First used by an undisclosed government client, the kit was later employed by Russian agents against Ukrainians and most recently by Chinese hackers to steal funds and cryptocurrency.

Experts from the cybersecurity firm iVerify and former employees of Trenchant (L3Harris’s hacking unit) confirmed that Coruna was part of a system built for the U.S. government. L3Harris typically sells such high-end vulnerabilities exclusively to the U.S. and the Five Eyes intelligence alliance. The leak of this advanced kit is linked to a theft scandal involving former executive Peter Williams.

The Operation Zero and Peter Williams Connection

Williams, who resigned in 2025, confessed to stealing eight different hacking tools from his company and selling them to the Russia-based firm Operation Zero for $1.3 million. He was sentenced to over seven years in prison last month. These leaked tools were then marketed by Operation Zero to Russian state-sponsored hackers. Evidence of these codes being used by South Korean brokers, ransomware groups, and Chinese hackers suggests that the tools have changed hands multiple times.

Google experts noted that vulnerabilities within Coruna, named Photon and Gallium, were also utilized in the famous Operation Triangulation attacks reported by Kaspersky in 2023. The modular structure of Coruna, its targeting of iOS versions 13 through 17.2.1 (released between 2019 and 2023), and the use of bird names in the code confirm the U.S. origin of the source.

The Aftermath of the Scandal

The Russian Federal Security Service (FSB) had previously blamed the U.S. National Security Agency (NSA) for Operation Triangulation. While Kaspersky did not point fingers directly, the resemblance between the campaign’s logo and the L3Harris company logo has drawn significant attention. To date, none of the companies mentioned have provided an official response regarding the matter.

What are your thoughts on these security vulnerabilities and tracking tools? Do you worry about your personal data in your daily life, and which smartphone do you prefer to use?

hack
iPhone

SDN Comments 0 Comments

Comment

HOW TOAll

Related News

Huawei Mate X8
Huawei Mate X8 to Arrive with 20 GB of RAM!
Epic Games
Epic Games Free Games Announced for April 2026!
Raspberry Pi 4
Raspberry Pi 4 with 3 GB RAM Announced! Prices Have Increased!
Gemma 4
Google’s AI Move: Gemma 4 Announced

SDN Network

Sihirli Elma Yeşil Robot Tech Inside Pembe Teknoloji Future Flow Life

SDN.net

1250 BORREGAS AVENUE, #40, SUNNYVALE, CA
94089 ShiftDelete.Net LLC

info@shiftdelete.net

Shiftdelete.Net is a member of the Association of Internet Media and IT Reporters.

Netse