Find notable cyber news and cases, enriched with sources, timelines, and signals.

Bitter Middle East spear-phishing campaign targeting civil society figures

Campaign
First reported
Last updated
Happening score
H score 28
1 unique sources, 1 articles

Summary

Hide ▲

A spear-phishing campaign targeted civil society figures in Middle Eastern countries, including three journalists in Egypt and Lebanon, creating account-compromise risk for a politically sensitive cohort. The operation ran from October 2023 to January 2024 and was later linked to Bitter (T-APT-17 / APT-C-08), a suspected South Asian cyber espionage group. Attackers used fake accounts, impersonation pages, and messages on Apple Messages, WhatsApp, and Signal to steer victims toward credential theft and Android malware delivery. The targeting matters because successful compromise could expose Apple and Google account data, family contacts, journalistic sources, and other sensitive personal information.

Related Happenings

Russian intelligence services fake support SMS messaging-account phishing campaign

Campaign
H score29 First: 27.06.2026 20:27 Last: 27.06.2026 20:27 Sources 1

About this happening: A **long-running phishing campaign** by **Russian intelligence services** is stealing **messaging-account credentials** from officials, military personnel, politicians, and activi...

Google civil lawsuit against Outsider Enterprise

Regulatory/Legal Action
H score55 First: 14.06.2026 17:36 Last: 14.06.2026 17:36 Sources 1

About this happening: **Google** filed a **civil lawsuit** against **Outsider Enterprise**, adding legal pressure to a major **phishing infrastructure** operation that sent fraudulent texts at scale. T...

Outsider Telegram-run smishing campaign targeting Americans

Campaign
H score53 First: 12.06.2026 21:59 Last: 12.06.2026 21:59 Sources 1

About this happening: The **Outsider Enterprise** happening is a **phishing-as-a-service** campaign tied to a **Chinese cybercrime network** that used **AI** and distributed phishing kits to impersonat...

Latest development: 14.06.2026 17:36

The FBI, working with Google and Black Lotus Labs, dismantled Outsider Enterprise, a Chinese phishing-as-a-service operation that used AI and distributed phishing kits to impersonate trusted brands in texts sent through AT&T, T-Mobile and Verizon. The takedown included seizures of administration servers, a Shopify e-commerce storefront, a testing account, around $100,000 USDT and a Telegram bot linked to the service, while Google pursued civil action and coordinated with carriers to block fraudulent messages.

CallPhantom Google Play fraud campaign targeting Android users in India and Asia-Pacific

Campaign
H score34 First: 08.05.2026 18:08 Last: 08.05.2026 18:08 Sources 1

About this happening: The **CallPhantom** fraud campaign pushed **28 fake call-history Android apps** through the **Google Play Store**, causing **financial loss** for users who paid for fabricated dat...

Google sponsored search ManageWP phishing campaign

Campaign
H score13 First: 07.05.2026 00:36 Last: 07.05.2026 00:36 Sources 1

About this happening: A **phishing campaign** is abusing **Google sponsored search results** to impersonate **ManageWP** and steal login credentials, **2FA codes**, and account access. The operation ma...

Timeline

  1. 09.04.2026 13:45 1 articles · 3mo ago

    Lebanese journalist contacts SMEX after phishing attacks

    Initial Disclosure

    A high-profile Lebanese journalist contacted SMEX’s Digital Forensics Lab on May 25 after detecting spear-phishing activity that began in May 2025 with an Apple Messages lure and a WhatsApp follow-up two days later, triggering an immediate investigation into a campaign that aimed to compromise the victim’s Apple Account.

    Show sources
  2. 08.04.2026 03:00 2 articles · 3mo ago

    Access Now reports spear-phishing against Egyptian journalists

    Campaign Scope Update

    Access Now reported on April 8 that spear-phishing campaigns targeted prominent Egyptian journalists Mostafa Al‑A’sar and Ahmed Eltantawy, sought access to their Apple and Google accounts, and uncovered Android malware tied to the phishing infrastructure, including ProSpy/ToSpy used against civil society figures in the Middle East.

    Show sources