INFOSECURITY Magazine reports that a hack-for-hire operation in the Middle East targeting civil society figures was traced to the Bitter advanced persistent threat (APT) group, a South Asian cyber espionage entity also known as T-APT-17 and APT-C-08. The spear-phishing campaigns, detected by Access Now via its Digital Security Helpline, targeted journalists in Egypt, Lebanon and elsewhere, with activity running from 2023 to 2024 and again surfacing in 2025.
Lookout linked the ProSpy Android spyware used in the campaigns to Bitter through shared infrastructure and code similarities, while MITRE ATT&CK notes Bitter’s purported targets include government and energy sectors in multiple countries. The campaigns involved Android and iOS/Apple-targeted lures, including attempts to access Apple and Google accounts, and included impersonation of services through fake profiles and messages, with Signal mentioned among the targeted platforms.
According to Lookout, the same operations likely affected victims in Bahrain, the UAE, Saudi Arabia, the UK, and Egyptian government entities, with researchers highlighting a hack-for-hire dynamic and a shift in Bitter’s usual targeting.