According to a report, a highly sophisticated suite of mobile hacking tools, called Darksword, which was originally forged by an American defense contractor, was stolen, replicated, and actively deployed by the Russian state-sponsored actors to harvest personal data from Ukrainian targets.
It all began when Trenchant, a specialised hacking and technical intelligence division operating under the umbrella of US arms and defense giant L3Harris, developed "Coruna," a powerful surveillance software suite. The software was originally intended to be sold exclusively to the U.S. government and its "Five Eyes" intelligence partners, which include Australia, Canada, New Zealand, and the United Kingdom.
However, the software"s secrecy was compromised internally when Peter Williams, the former managing director of Trenchant, was able to steal the highly confidential tool. Williams sold the foundational code of these critical security flaws to Operation Zero, a prominent Russian competitor.
The immediate victims of this massive leak are Ukrainian citizens and government personnel. Russian intelligence services successfully repurposed the Coruna toolset to covertly infect iPhones within Ukraine, specifically. Since Coruna exploits fundamental flaws deep within the iOS architecture, targets likely had little to no indication that their devices had been compromised.
While Williams was sentenced to seven years in federal prison for his crimes, the repercussions are now being felt across Eastern Europe and beyond.
Google"s security researchers discovered that the spyware architecture relies on five complete iOS exploits with internal codenames like Cassowary, Terrorbird, Bluebird, Jacurutu, and Sparrow. Developing even a single zero-day exploit for Apple"s modern devices is a very resource-intensive task, often valued in millions of dollars, and coupling 23 of them into a single platform is an unprecedented investment in cyber weaponry.
The everyday iPhone user is still unlikely to be targeted by such multi-million-dollar state-sponsored spyware. However, much like the notorious Pegasus software developed by Israel"s NSO Group, the Coruna leak proves that no organization can guarantee the absolute security of its digital assets.
via TechCrunch