⚠️ Region Alert: UAE/Middle East
A sophisticated hack-for-hire campaign, likely linked to the Indian-government-affiliated threat actor known as Bitter, has been identified targeting journalists, activists, and government officials across the Middle East and North Africa (MENA). The operation employs advanced spear-phishing tactics, including the use of fake LinkedIn personas and impersonation of Apple Support via WhatsApp and iMessage. Notably, attackers utilized OAuth 2.0 consent phishing to bypass traditional authentication, tricking targets into granting unauthorized access to their Google accounts through malicious web applications.
The campaign is also associated with the distribution of Android spyware, specifically the ProSpy and ToSpy families, which exfiltrate sensitive data such as SMS messages, contacts, and local files. Technical analysis shows significant infrastructure and code overlaps with the Dracarys malware previously attributed to Bitter. These findings suggest a broadening of the threat actor's scope or the involvement of a specialized hack-for-hire group operating on behalf of state interests, focusing on persistent surveillance within the U.A.E., Egypt, and Lebanon.
Top comments (0)