Spyware Campaign Targets Journalists in Middle East and North Africa

Severity: High (Score: 72.2)

Sources: Therecord.Media, Cyberscoop, Cpj

Summary

A hack-for-hire spyware campaign linked to a group with suspected Indian government ties has targeted journalists and activists in the Middle East and North Africa. The operation, identified by Access Now, Lookout, and SMEX, has been ongoing since at least 2022 and employs spearphishing tactics through fake social media accounts and messaging applications. Victims include Egyptian journalist Mostafa Al-A’sar, who reported receiving a suspicious link related to job opportunities. The campaign's infrastructure is associated with the advanced persistent threat group known as Bitter, which typically focuses on government and critical infrastructure in South Asia. The Committee to Protect Journalists condemned the campaign, highlighting the dangers it poses to journalists and their sources. Current research indicates that the spyware may be delivered via Android devices depending on the target. The situation remains critical as the attacks continue to evolve. Key Points: • A hack-for-hire campaign targets journalists in the Middle East and North Africa. • The operation has been linked to the Indian government and the APT group Bitter. • Spearphishing tactics are used to deliver spyware, affecting civil society members.

Key Entities

• Bitter (apt_group)
• Malware (attack_type)
• Phishing (attack_type)
• Egypt (country)
• United Arab Emirates (country)
• Government (industry)
• ProSpy (campaign)
• T1566.002 - Spearphishing Link (mitre_attack)
• T1566 - Phishing (mitre_attack)
• Android (platform)