Google 与 iVerify 将 Coruna 描述为一套罕见、工业级的 iPhone 利用工具包，可仅透过造访网站就入侵装置。该工具包整合了 5 条完整利用链与 23 个 iOS 漏洞，显示其背后可能有国家级资金与工程能力。Google 观察到三阶段时间线：首先是 2025 年 2 月由某个「监控公司客户」的初始部署；约 5 个月后，被更广泛地重用于针对乌克兰网站访客的间谍行动；其后又被犯罪方重用于中文加密货币与博彩网站。

技术影响面很大但仍有边界。Apple 已在 iOS 26 修补已知 Coruna 漏洞，而已确认可成功利用的范围为 iOS 13 至 17.2.1，主要经由影响 Safari 的 WebKit 路径。Google 表示目前没有已确认可在 iOS Chrome 上运作的 Coruna 利用链，且该工具包会避开启用 Lockdown Mode 的装置。即使有这些限制，iVerify 仍估计仅在获利导向行动中就约有 42,000 台装置遭入侵，意味总受害规模可能高于此数。

归因目前仍属机率判断而非定论。与 Operation Triangulation 的程式码重叠，以及英语开发痕迹，使 iVerify 的 Rocky Cole 评估其可能具有美国政府来源；但在事件曝光后被他方重用程式码，仍是替代假说。整体框架的一致性高，显示可能出自单一专业作者；而后续犯罪载荷的品质较低，显示有下游改装。此案也呈现市场趋势：价值可达数百万到数千万美元（USD）的高阶零时差资产，会在间谍与犯罪生态间外流；Peter Williams 因 2022–2025 年向俄罗斯掮客出售而被判 7 年刑期，即是此类转移风险的案例。

Google and iVerify describe Coruna as a rare industrial-grade iPhone exploit toolkit that can compromise a device through website visits alone. The kit packages five full exploit chains and 23 iOS vulnerabilities, suggesting state-level funding and engineering. Google observed a timeline in three phases: an initial February 2025 deployment by a “customer of a surveillance company,” a broader espionage reuse about five months later against Ukrainian web visitors, and later criminal reuse on Chinese-language crypto and gambling sites.

Technical scope and exposure are significant but bounded. Apple has patched the known Coruna vulnerabilities in iOS 26, while confirmed successful exploitation covers iOS 13 through 17.2.1, primarily via WebKit paths affecting Safari. Google reports no confirmed Coruna chain for Chrome on iOS, and the toolkit avoids devices with Lockdown Mode enabled. Even with these constraints, iVerify estimates roughly 42,000 compromised devices in the profit-driven campaign alone, implying total victim counts likely exceed that figure.

Attribution remains probabilistic, not proven. Code overlap with Operation Triangulation and English-language development artifacts led iVerify’s Rocky Cole to assess possible US-government lineage, though post-discovery code reuse is an alternative hypothesis. The toolkit appears coherent enough to suggest a single professional author, while later criminal payload additions looked lower quality, indicating downstream modification. The report frames a market trend: high-end zero-day assets, valued at millions to tens of millions of USD, can leak across espionage and criminal ecosystems; Peter Williams’ 7-year sentence for 2022–2025 sales to a Russian broker illustrates this transfer risk.