Hack-for-Hire Spyware Campaign Targets Journalists in Middle East, North Africa

The revelation of a hack‑for‑hire operation targeting Middle Eastern and North African journalists underscores a growing trend of state‑adjacent actors leveraging commercial spyware for political ends. While the Bitter group has traditionally focused on South Asian government and military targets, its pivot to civil‑society figures in the MENA region suggests a strategic expansion aimed at influencing public discourse. The alleged connection to Indian government interests adds a geopolitical layer, highlighting how regional powers may outsource cyber‑espionage to obscure direct attribution and evade diplomatic fallout.

Technical analysis shows the attackers relied on Android ProSpy, a sophisticated surveillance tool that masquerades as legitimate messaging apps. By distributing malicious links through spear‑phishing campaigns on platforms like WhatsApp and Telegram, the group achieved persistent access to victims' devices, enabling real‑time audio, video, and location tracking. The operation’s longevity—spanning from 2022 to the present—indicates a well‑funded infrastructure capable of adapting to evolving security measures. Collaboration among Access Now, Lookout, and SMEX was pivotal in mapping the shared command‑and‑control servers, revealing a coordinated effort rather than isolated incidents.

The broader implications are stark for press freedom and digital security policy. As the Committee to Protect Journalists warned, surveillance of journalists is often a precursor to intimidation, legal harassment, or physical threats, undermining the free flow of information. Organizations now face the imperative to treat robust cybersecurity as a core operational need, not an optional expense. Policymakers in the region must consider regulatory frameworks that curb the sale and export of surveillance tools while fostering international cooperation to hold state‑sponsored actors accountable. The episode serves as a cautionary tale that cyber‑espionage is no longer confined to traditional intelligence targets but is increasingly weaponized against the very voices that hold power to account.