Bitter-Linked Hack-for-Hire Campaign Targets Journalists Across MENA Region
Bitter-Linked Hack-for-Hire Campaign Targets Journalists Across MENA Region
https://thehackernews.com/2026/04/bitter-linked-hack-for-hire-campaign.html
Publish Date: 2026-04-09 06:40:00
Source Domain: thehackernews.com
An apparent hack-for-hire campaign likely orchestrated by a threat actor with suspected ties to the Indian government targeted journalists, activists, and government officials across the Middle East and North Africa (MENA), according to findings from Access Now, Lookout, and SMEX.
Two of the targets included prominent Egyptian journalists and government critics, Mostafa Al-A’sar and Ahmed Eltantawy, who were at the receiving end of a series of spear-phishing attacks that sought to compromise their Apple and Google accounts in October 2023 and January 2024 by directing them to fake pages that tricked them into entering their credentials and two-factor authentication (2FA) codes.
“The attacks were carried out from 2023 to 2024, and both targets are prominent critics of the Egyptian government who have previously faced political imprisonment; one of them was previously targeted with spyware,” Access Now’s Digital Security Helpline said.
Also singled out as part of these efforts was an anonymous Lebanese journalist, who received phishing messages in May 2025 through the Apple Messages app and WhatsApp containing malicious links that, when clicked, tricked users into entering their account credentials as part of a supposed verification step from Apple.
“The phishing campaign included persistent attacks via iMessage/Apple Messenger and WhatsApp app, […] impersonating Apple Support,” SMEX, a digital rights non-profit in the West Asia and North Africa (WANA) region, said. “While the main focus of this campaign appears to be Apple services, evidence suggests that other messaging platforms, namely Telegram and Signal, were also targeted.”
In the case of Al-A’sar, the spear-phishing attack aimed at compromising his Google account began with a LinkedIn message from a sock puppet persona named “Haifa Kareem,” who approached him with a job opportunity. After the journalist shared their mobile number and email address with the LinkedIn user, he received an email…
