Home / Technology / Hack-for-Hire Group Targets MENA Journalists
Hack-for-Hire Group Targets MENA Journalists
9 Apr
Summary
- Hackers used phishing to steal iCloud backups and Signal messages.
- Android spyware disguised as messaging apps deployed.
- Hack-for-hire group BITTER suspected of Indian government ties.
Security researchers have uncovered a hack-for-hire operation, codenamed BITTER, specifically targeting individuals in the Middle East and North Africa. The campaign has focused on journalists, activists, and government officials, employing sophisticated phishing techniques to compromise iCloud backups and Signal messaging accounts.
This operation underscores a disturbing trend where government agencies increasingly outsource their cyber warfare capabilities to private companies. BITTER's tactics include deploying Android spyware, often disguised as legitimate messaging applications like Signal or WhatsApp, to gain full control over a target's device. These methods are noted as a potentially cheaper alternative to more advanced commercial spyware.
Investigations by Access Now and Lookout revealed attacks spanning from 2023 to 2025. Targets included individuals in Egypt and Lebanon, as well as government officials in Bahrain and the UAE. Cybersecurity firms suspect BITTER is linked to the Indian government, potentially operating through vendors like RebSec Solutions, which may be an offshoot of the now-defunct Appin.
This shift to hack-for-hire groups provides customers with plausible deniability while enabling more affordable access to hacking capabilities. The groups themselves, though perhaps not possessing the most advanced tools, effectively leverage social engineering and spyware to achieve their objectives.
