Security researchers have uncovered a hack-for-hire operation targeting journalists, activists, and officials across the Middle East and North Africa, according to a report by TechCrunch.
The investigation, conducted by digital rights group Access Now, mobile cybersecurity firm Lookout, and SMEX, documented multiple cyberattacks between 2023 and 2025. The cases involved two Egyptian journalists and one Lebanese journalist, with findings published separately by the organisations.
Lookout said the scope of the campaign extended beyond civil society. Targets also included individuals linked to governments in Bahrain and Egypt, as well as people in the United Arab Emirates, Saudi Arabia, the United Kingdom, and potentially the United States or alumni of American universities.
Phishing and spyware tactics
Researchers said the attackers relied on phishing techniques to obtain Apple ID credentials, enabling access to victims’ iCloud backups. This would allow them to retrieve extensive personal data from compromised iPhones.
For Android users, the group deployed spyware known as ProSpy. The malware was disguised as widely used apps such as Signal, WhatsApp, Zoom, ToTok, and Botim. Once installed, it could take control of a device.
In some cases, attackers also attempted to link a new device under their control to victims’ Signal accounts, a method previously used by other hacking groups.
Access Now said this approach could serve as a lower-cost alternative to more advanced iOS spyware tools.
The campaign points to a broader shift where government agencies outsource cyber operations to private contractors. These firms provide hacking services or develop surveillance tools used by law enforcement and intelligence agencies.
Justin Albrecht, principal researcher at Lookout, told TechCrunch that the group behind the campaign appears to be a hack-for-hire vendor with links to BITTER APT, which cybersecurity firms suspect has ties to the Indian government.
Researchers said hack-for-hire firms offer clients plausible deniability by handling infrastructure and execution. They are also considered more affordable than commercial spyware vendors.
Click Here For The Original Source.
