Hack-for-Hire Group Targets Journalists in MENA with Spyware

Severity: High (Score: 77.0)

Sources: Techcrunch, Therecord.Media, Cyberscoop, Cpj

Summary

A hack-for-hire group, suspected to have ties to the Indian government, has targeted journalists and activists across the Middle East and North Africa using sophisticated phishing attacks. The campaign, identified by cybersecurity firms Access Now, Lookout, and SMEX, has affected prominent Egyptian and Lebanese journalists, including Mostafa Al-A’sar and Ahmed Tantawy. Attackers employed spear-phishing tactics to compromise Apple, Microsoft, and Google accounts, potentially leading to the deployment of Android spyware. The operations have been ongoing since at least 2022 and indicate a broader trend of governments outsourcing cyber operations to private entities. The use of similar technical fingerprints and attack infrastructure suggests a coordinated effort by the same group. Authorities are urged to halt the weaponization of technology against journalists, as these attacks threaten personal safety and press freedom. The hack-for-hire model allows governments plausible deniability while circumventing accountability frameworks for commercial spyware. Key Points: • Hack-for-hire group BITTER targets journalists in MENA using phishing and spyware. • Attacks have affected prominent Egyptian and Lebanese journalists since at least 2022. • Governments may be outsourcing cyber operations to evade accountability.

Key Entities

• Bitter (apt_group)
• Malware (attack_type)
• Phishing (attack_type)
• Egypt (country)
• Lebanon (country)
• Saudi Arabia (country)
• United Arab Emirates (country)
• United Kingdom (country)
• Government (industry)
• ProSpy (campaign)
• T1566.002 - Spearphishing Link (mitre_attack)
• T1566 - Phishing (mitre_attack)
• Android (platform)
• Botim (platform)
• ICloud (platform)
• IPhone (platform)
• ToTok (platform)
• Signal (company)