{"id":232580,"date":"2026-04-08T12:39:00","date_gmt":"2026-04-08T16:39:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/04\/08\/hack-for-hire-spyware-campaign-targets-journalists-in-middle-east-north-africa\/"},"modified":"2026-04-08T14:20:14","modified_gmt":"2026-04-08T18:20:14","slug":"hack-for-hire-spyware-campaign-targets-journalists-in-middle-east-north-africa","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/04\/08\/hack-for-hire-spyware-campaign-targets-journalists-in-middle-east-north-africa\/","title":{"rendered":"Hack-for-hire spyware campaign targets journalists in Middle East, North Africa"},"content":{"rendered":"<p><a href=\"https:\/\/cyberscoop.com\/hack-for-hire-spyware-campaign-targets-journalists-in-middle-east-north-africa\/\">Hack-for-hire spyware campaign targets journalists in Middle East, North Africa<\/a><\/p>\n<p><a href=\"https:\/\/cyberscoop.com\/hack-for-hire-spyware-campaign-targets-journalists-in-middle-east-north-africa\/\">https:\/\/cyberscoop.com\/hack-for-hire-spyware-campaign-targets-journalists-in-middle-east-north-africa\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-04-08 12:39:00<\/a><\/p>\n<p>Source Domain: <a href=\"cyberscoop.com\">cyberscoop.com<\/a><\/p>\n<p>An apparent hack-for-hire campaign from a group with suspected Indian government connections targeted Middle Eastern and North African journalists and activists using spyware, three collaborating organizations said in reports published Wednesday.<\/p>\n<p>The attacks shared infrastructure that pointed to the advanced persistent threat group known as Bitter, which most frequently targets government, military, diplomatic and critical infrastructure sectors across South Asia, according to conclusions from researchers at Access Now, Lookout and SMEX.<\/p>\n<p>Each group took on a different piece of the puzzle:<\/p>\n<ul class=\"wp-block-list\">\n<li>Access Now got calls on its helpline that led it to examine a spearphishing campaign in 2023 and 2024. It contacted Lookout for technical support about the malware it encountered.<\/li>\n<li>Lookout attributed the malware to Bitter, concluding it was a likely hack-for-hire campaign, using the Android ProSpy spyware.<\/li>\n<li>SMEX dived into a spearphishing campaign targeting a prominent Lebanese journalist last year, collaborating with Access Now to discover shared infrastructure between the campaigns.<\/li>\n<\/ul>\n<p>One of the victims, independent Egyptian journalist Mostafa Al-A\u2019sar, said he contacted Access Now after receiving a suspicious link from someone he\u2019d been talking to about a job position. He was skeptical because his phone had been targeted before, when he was arrested in Egypt in 2018.<\/p>\n<p>The lesson for journalists and civil society groups is that cybersecurity \u201cis not a luxury,\u201d he said.<\/p>\n<p>\u201cI feel like I\u2019m threatened,\u201d Al-A\u2019sar said, and even though he was living in exile, he feels like \u201cthey are still following me. I also felt worried about my family, about my friends, about my sources.\u201d<\/p>\n<p>The combined research found a wider campaign than just the original victims.<\/p>\n<p>\u201cOur joint findings expose an espionage campaign that has been operational since at least 2022 until present day primarily targeting civil society members and potentially&#8230;<\/p>\n<p><a href=\"https:\/\/cyberscoop.com\/hack-for-hire-spyware-campaign-targets-journalists-in-middle-east-north-africa\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Hack-for-hire spyware campaign targets journalists in Middle East, North Africa https:\/\/cyberscoop.com\/hack-for-hire-spyware-campaign-targets-journalists-in-middle-east-north-africa\/ Publish Date: 2026-04-08 12:39:00&#8230;<\/p>\n","protected":false},"author":1,"featured_media":232581,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2026\/04\/GettyImages-2223346509.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[24,32],"class_list":["post-232580","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cybersecurity","tag-malware"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/232580"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=232580"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/232580\/revisions"}],"predecessor-version":[{"id":232582,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/232580\/revisions\/232582"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/232581"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=232580"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=232580"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=232580"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}