Bitter Middle East spear-phishing campaign targeting civil society figures
Campaign
Summary
Hide ▲
Show ▼
A spear-phishing campaign targeted civil society figures in Middle Eastern countries, including three journalists in Egypt and Lebanon, creating account-compromise risk for a politically sensitive cohort. The operation ran from October 2023 to January 2024 and was later linked to Bitter (T-APT-17 / APT-C-08), a suspected South Asian cyber espionage group. Attackers used fake accounts, impersonation pages, and messages on Apple Messages, WhatsApp, and Signal to steer victims toward credential theft and Android malware delivery. The targeting matters because successful compromise could expose Apple and Google account data, family contacts, journalistic sources, and other sensitive personal information.
Related Happenings
CallPhantom Google Play fraud campaign targeting Android users in India and Asia-Pacific
Campaign
First: 08.05.2026 18:08
Last: 08.05.2026 18:08
Sources 1
About this happening:
The **CallPhantom** fraud campaign pushed **28 fake call-history Android apps** through the **Google Play Store**, causing **financial loss** for users who paid for fabricated dat...
CallPhantom Google Play fraud campaign targeting Android users in India and Asia-Pacific
CampaignAbout this happening: The **CallPhantom** fraud campaign pushed **28 fake call-history Android apps** through the **Google Play Store**, causing **financial loss** for users who paid for fabricated dat...
Google sponsored search ManageWP phishing campaign
Campaign
First: 07.05.2026 00:36
Last: 07.05.2026 00:36
Sources 1
About this happening:
A **phishing campaign** is abusing **Google sponsored search results** to impersonate **ManageWP** and steal login credentials, **2FA codes**, and account access. The operation ma...
Google sponsored search ManageWP phishing campaign
CampaignAbout this happening: A **phishing campaign** is abusing **Google sponsored search results** to impersonate **ManageWP** and steal login credentials, **2FA codes**, and account access. The operation ma...
UAE and Gulf cyberattack surge after Iran conflict escalation
Target Trend
First: 06.05.2026 08:30
Last: 06.05.2026 08:30
Sources 1
About this happening:
Cyberattack volume surged across the **UAE** and wider **Gulf** after military operations against **Iran** began, pushing daily breach attempts to **600,000 to 800,000** and raisi...
UAE and Gulf cyberattack surge after Iran conflict escalation
Target TrendAbout this happening: Cyberattack volume surged across the **UAE** and wider **Gulf** after military operations against **Iran** began, pushing daily breach attempts to **600,000 to 800,000** and raisi...
AccountDumpling Google AppSheet Facebook phishing campaign
Campaign
First: 01.05.2026 21:09
Last: 01.05.2026 21:09
Sources 1
About this happening:
A **Vietnamese-linked** operation dubbed **AccountDumpling** is using **Google AppSheet** as a phishing relay to steal **Facebook** credentials, enabling account takeover at scale...
AccountDumpling Google AppSheet Facebook phishing campaign
CampaignAbout this happening: A **Vietnamese-linked** operation dubbed **AccountDumpling** is using **Google AppSheet** as a phishing relay to steal **Facebook** credentials, enabling account takeover at scale...
Suspected Russia-linked Signal phishing campaign targeting political accounts
Campaign
First: 28.04.2026 13:54
Last: 28.04.2026 13:54
Sources 1
About this happening:
A **suspected Russia-linked** phishing campaign on **Signal** compromised about **300 political-sphere accounts**, exposing chats, ongoing conversations, and address books. Victim...
Suspected Russia-linked Signal phishing campaign targeting political accounts
CampaignAbout this happening: A **suspected Russia-linked** phishing campaign on **Signal** compromised about **300 political-sphere accounts**, exposing chats, ongoing conversations, and address books. Victim...
Latest development: 12.05.2026 22:40
Signal introduced new in-app confirmations, warning messages, and educational prompts to help users resist phishing and social engineering attempts, including bogus Signal Support lures and requests to scan QR codes or share registration codes, PINs, or recovery keys.
Timeline
-
09.04.2026 13:45 1 articles · 1mo ago
Lebanese journalist contacts SMEX after phishing attacks
Initial DisclosureA high-profile Lebanese journalist contacted SMEX’s Digital Forensics Lab on May 25 after detecting spear-phishing activity that began in May 2025 with an Apple Messages lure and a WhatsApp follow-up two days later, triggering an immediate investigation into a campaign that aimed to compromise the victim’s Apple Account.
Show sources
- Middle East Hack-for-Hire Operation Traced to South Asian Cyber Espionage Group — www.infosecurity-magazine.com — 09.04.2026 13:45
-
08.04.2026 03:00 2 articles · 1mo ago
Access Now reports spear-phishing against Egyptian journalists
Campaign Scope UpdateAccess Now reported on April 8 that spear-phishing campaigns targeted prominent Egyptian journalists Mostafa Al‑A’sar and Ahmed Eltantawy, sought access to their Apple and Google accounts, and uncovered Android malware tied to the phishing infrastructure, including ProSpy/ToSpy used against civil society figures in the Middle East.
Show sources
- Middle East Hack-for-Hire Operation Traced to South Asian Cyber Espionage Group — www.infosecurity-magazine.com — 09.04.2026 13:45
- Middle East Hack-for-Hire Operation Traced to South Asian Cyber Espionage Group — www.infosecurity-magazine.com — 09.04.2026 13:45