Made in the USA?
The code is polished, the tools comprehensive, and it uses exploitation methods and security avoidance tricks the team hadn’t come across before. That’s why it looks like a well-financed exploit, one that first appeared in use by surveillance-as-a-service mercenary firms, later by a Russian espionage group, then by a Chinese group. Wired warns that it “may have been originally created by a US contractor and sold to the American government.”
In other words, it’s a perfect illustration of how highly sophisticated attacks developed for nation-state use can, do, and indeed already are falling into the hands of criminals.
The experts at iVerify who also studied the exploit warn: “Coruna is one of the most significant examples we’ve observed of sophisticated spyware-grade capabilities proliferating from commercial surveillance vendors into the hands of nation-state actors and ultimately mass-scale criminal operations.
