Bitter Middle East spear-phishing campaign targeting civil society figures
Campaign
Summary
Hide ▲
Show ▼
A spear-phishing campaign targeted civil society figures in Middle Eastern countries, including three journalists in Egypt and Lebanon, creating account-compromise risk for a politically sensitive cohort. The operation ran from October 2023 to January 2024 and was later linked to Bitter (T-APT-17 / APT-C-08), a suspected South Asian cyber espionage group. Attackers used fake accounts, impersonation pages, and messages on Apple Messages, WhatsApp, and Signal to steer victims toward credential theft and Android malware delivery. The targeting matters because successful compromise could expose Apple and Google account data, family contacts, journalistic sources, and other sensitive personal information.
Related Happenings
Russian intelligence services fake support SMS messaging-account phishing campaign
Campaign
H score29
First: 27.06.2026 20:27
Last: 27.06.2026 20:27
Sources 1
About this happening:
A **long-running phishing campaign** by **Russian intelligence services** is stealing **messaging-account credentials** from officials, military personnel, politicians, and activi...
Russian intelligence services fake support SMS messaging-account phishing campaign
CampaignAbout this happening: A **long-running phishing campaign** by **Russian intelligence services** is stealing **messaging-account credentials** from officials, military personnel, politicians, and activi...
Google civil lawsuit against Outsider Enterprise
Regulatory/Legal Action
H score55
First: 14.06.2026 17:36
Last: 14.06.2026 17:36
Sources 1
About this happening:
**Google** filed a **civil lawsuit** against **Outsider Enterprise**, adding legal pressure to a major **phishing infrastructure** operation that sent fraudulent texts at scale. T...
Google civil lawsuit against Outsider Enterprise
Regulatory/Legal ActionAbout this happening: **Google** filed a **civil lawsuit** against **Outsider Enterprise**, adding legal pressure to a major **phishing infrastructure** operation that sent fraudulent texts at scale. T...
Outsider Telegram-run smishing campaign targeting Americans
Campaign
H score53
First: 12.06.2026 21:59
Last: 12.06.2026 21:59
Sources 1
About this happening:
The **Outsider Enterprise** happening is a **phishing-as-a-service** campaign tied to a **Chinese cybercrime network** that used **AI** and distributed phishing kits to impersonat...
Outsider Telegram-run smishing campaign targeting Americans
CampaignAbout this happening: The **Outsider Enterprise** happening is a **phishing-as-a-service** campaign tied to a **Chinese cybercrime network** that used **AI** and distributed phishing kits to impersonat...
Latest development: 14.06.2026 17:36
The FBI, working with Google and Black Lotus Labs, dismantled Outsider Enterprise, a Chinese phishing-as-a-service operation that used AI and distributed phishing kits to impersonate trusted brands in texts sent through AT&T, T-Mobile and Verizon. The takedown included seizures of administration servers, a Shopify e-commerce storefront, a testing account, around $100,000 USDT and a Telegram bot linked to the service, while Google pursued civil action and coordinated with carriers to block fraudulent messages.
CallPhantom Google Play fraud campaign targeting Android users in India and Asia-Pacific
Campaign
H score34
First: 08.05.2026 18:08
Last: 08.05.2026 18:08
Sources 1
About this happening:
The **CallPhantom** fraud campaign pushed **28 fake call-history Android apps** through the **Google Play Store**, causing **financial loss** for users who paid for fabricated dat...
CallPhantom Google Play fraud campaign targeting Android users in India and Asia-Pacific
CampaignAbout this happening: The **CallPhantom** fraud campaign pushed **28 fake call-history Android apps** through the **Google Play Store**, causing **financial loss** for users who paid for fabricated dat...
Google sponsored search ManageWP phishing campaign
Campaign
H score13
First: 07.05.2026 00:36
Last: 07.05.2026 00:36
Sources 1
About this happening:
A **phishing campaign** is abusing **Google sponsored search results** to impersonate **ManageWP** and steal login credentials, **2FA codes**, and account access. The operation ma...
Google sponsored search ManageWP phishing campaign
CampaignAbout this happening: A **phishing campaign** is abusing **Google sponsored search results** to impersonate **ManageWP** and steal login credentials, **2FA codes**, and account access. The operation ma...
Timeline
-
09.04.2026 13:45 1 articles · 3mo ago
Lebanese journalist contacts SMEX after phishing attacks
Initial DisclosureA high-profile Lebanese journalist contacted SMEX’s Digital Forensics Lab on May 25 after detecting spear-phishing activity that began in May 2025 with an Apple Messages lure and a WhatsApp follow-up two days later, triggering an immediate investigation into a campaign that aimed to compromise the victim’s Apple Account.
Show sources
- Middle East Hack-for-Hire Operation Traced to South Asian Cyber Espionage Group — www.infosecurity-magazine.com — 09.04.2026 13:45
-
08.04.2026 03:00 2 articles · 3mo ago
Access Now reports spear-phishing against Egyptian journalists
Campaign Scope UpdateAccess Now reported on April 8 that spear-phishing campaigns targeted prominent Egyptian journalists Mostafa Al‑A’sar and Ahmed Eltantawy, sought access to their Apple and Google accounts, and uncovered Android malware tied to the phishing infrastructure, including ProSpy/ToSpy used against civil society figures in the Middle East.
Show sources
- Middle East Hack-for-Hire Operation Traced to South Asian Cyber Espionage Group — www.infosecurity-magazine.com — 09.04.2026 13:45
- Middle East Hack-for-Hire Operation Traced to South Asian Cyber Espionage Group — www.infosecurity-magazine.com — 09.04.2026 13:45