Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
Hack-for-Hire Campaign Targets MENA Journalists

Hack-for-Hire Campaign Targets MENA Journalists

Posted on April 9, 2026 By CWS

A recent hack-for-hire campaign suspected to have links to the Indian government has targeted journalists, activists, and officials across the Middle East and North Africa (MENA). The findings were reported by cybersecurity organizations Access Now, Lookout, and SMEX, highlighting the complex nature of these cyber threats.

Targeted Journalists and Phishing Tactics

Among the targets were Egyptian journalists Mostafa Al-A’sar and Ahmed Eltantawy, both known for their critical stance against the Egyptian government. They faced a series of spear-phishing attacks from late 2023 to early 2024 aimed at compromising their Apple and Google accounts by luring them into entering credentials on fake login pages.

Another case involved an anonymous Lebanese journalist, who in May 2025, received phishing messages through Apple Messages and WhatsApp. These messages impersonated Apple Support, tricking users into sharing account credentials. The campaign primarily focused on Apple services but also extended to other platforms like Telegram and Signal.

Sophisticated Attack Methods

In Al-A’sar’s case, the attack began with a LinkedIn message from a fake persona offering a job opportunity. This led to an email instructing him to join a Zoom call via a malicious link. The attackers used Google’s OAuth 2.0 to gain unauthorized access, demonstrating a sophisticated phishing technique that exploited legitimate services.

The attackers utilized several deceptive domains, such as ‘signin-apple.com-en-uk[.]co’ and ‘secure-signal.com-en[.]io’. Interestingly, the domain ‘com-ae[.]net’ was previously associated with an Android spyware campaign documented by ESET, indicating a broader regional espionage effort.

Impact and Broader Implications

While the attacks on the Egyptian journalists were thwarted, the Lebanese journalist’s Apple account was compromised, allowing attackers persistent access to the victim’s data. This highlights the potential for these methods to be used in broader surveillance efforts across the region.

Lookout’s analysis attributes these efforts to a threat cluster named Bitter, believed to be involved in intelligence gathering for the Indian government since 2022. The campaign’s reach potentially extends beyond the MENA region to include targets in countries like Bahrain, the U.K., and possibly the U.S.

Conclusion and Future Outlook

The campaign’s ties to the Bitter group, confirmed through shared infrastructure with domains like ‘youtubepremiumapp[.]com’, suggest a well-coordinated espionage operation. While Bitter is not traditionally linked to targeting civil society, this development raises concerns about its evolving scope.

The continuous use of mobile malware in espionage underscores the need for enhanced cybersecurity measures to protect vulnerable groups. Whether this campaign signifies an expansion of Bitter’s activities or involvement of a new hack-for-hire entity remains uncertain. However, the persistent threat of cyber espionage in the MENA region is undeniable.

The Hacker News Tags:Access Now, Bitter group, Cybersecurity, Dracarys, hack-for-hire, Indian government, Journalists, Lookout, MENA, Middle East, North Africa, Phishing, ProSpy, SMEX, Spyware

Post navigation

Previous Post: CISA Alerts on Critical Ivanti EPMM Vulnerability
Next Post: Understanding AI: Challenges, Risks, and Future Solutions

Related Posts

Critical Docker Vulnerability Allows Host Access Critical Docker Vulnerability Allows Host Access The Hacker News
GootLoader Malware Uses 500–1,000 Concatenated ZIP Archives to Evade Detection GootLoader Malware Uses 500–1,000 Concatenated ZIP Archives to Evade Detection The Hacker News
Hackers Deploy Stealth Backdoor in WordPress Mu-Plugins to Maintain Admin Access Hackers Deploy Stealth Backdoor in WordPress Mu-Plugins to Maintain Admin Access The Hacker News
RondoDox Botnet Exploits Critical React2Shell Flaw to Hijack IoT Devices and Web Servers RondoDox Botnet Exploits Critical React2Shell Flaw to Hijack IoT Devices and Web Servers The Hacker News
Cybercrime Groups ShinyHunters, Scattered Spider Join Forces in Extortion Attacks on Businesses Cybercrime Groups ShinyHunters, Scattered Spider Join Forces in Extortion Attacks on Businesses The Hacker News
Key Findings from the Blue Report 2025 Key Findings from the Blue Report 2025 The Hacker News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • Everest Ransomware’s Dubious Data Theft Claim Examined
  • GhostLock Bug in Linux Kernel Earns $92k Bounty
  • Join Webinar to Combat Rapid AI Cyber Threats
  • HalluSquatting Threatens AI Coding Assistants with Malware
  • Japanese Telco KDDI Confirms Data Breach Impacting Millions

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • Everest Ransomware’s Dubious Data Theft Claim Examined
  • GhostLock Bug in Linux Kernel Earns $92k Bounty
  • Join Webinar to Combat Rapid AI Cyber Threats
  • HalluSquatting Threatens AI Coding Assistants with Malware
  • Japanese Telco KDDI Confirms Data Breach Impacting Millions

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark