Hack-for-Hire Group BITTER Targets MENA Journalists with Phishing and Spyware

Severity: High (Score: 71.5)

Sources: Newsbytesapp, Techbuzz.Ai

Summary

A hack-for-hire group known as BITTER has been exposed for conducting coordinated attacks against journalists and activists in the Middle East and North Africa (MENA). The group utilized phishing techniques to compromise iCloud and Signal accounts, while also deploying Android spyware disguised as legitimate applications to gain control over victims' devices. This operation is suspected to be linked to the Indian government and may be run by RebSec Solutions. The targeted individuals include those in Egypt, Lebanon, Bahrain, the UAE, Saudi Arabia, the UK, and possibly the US. The spyware employed was noted to be less expensive than traditional tools but still effective in providing cover for the attackers. The campaign highlights the increasing trend of governments outsourcing cyberattacks to private firms. The exact number of victims remains unclear, but the implications for privacy and security are significant. Key Points: • BITTER hack-for-hire group targeted journalists and activists across MENA. • Phishing and Android spyware were used to compromise accounts and devices. • The operation is suspected to be linked to the Indian government.

Key Entities

• Bitter (apt_group)
• Malware (attack_type)
• Phishing (attack_type)
• Bahrain (country)
• Egypt (country)
• Lebanon (country)
• Saudi Arabia (country)
• United Arab Emirates (country)
• Government (industry)
• T1566 - Phishing (mitre_attack)
• Android (platform)
• ICloud (platform)
• Signal (company)