What is the Bitter hack-for-hire group?

Bitter's a threat cluster linked to Indian government interests, running phishing and espionage ops since 2022. They target high-value folks like journalists for intel grabs.

How to protect against Bitter phishing attacks?

Ditch SMS 2FA for app authenticators or hardware keys. Scrutinize links—hover first. Use password managers to flag fakes.

Are MENA journalists safe from these hacks?

No. Attacks hit Egypt and Lebanon hard; overlaps with UAE spyware suggest a growing regional threat.

🌐 Nation-State Threats

Indian-Linked Hackers' Phishing Onslaught Hits MENA Journalists Hard

Three journalists in MENA just dodged—or didn't—a barrage of phishing from an Indian-tied hack-for-hire op. Apple fakes. Google OAuth scams. And domains screaming 'too good to be true.'

theAIcatchup Apr 09, 2026 4 min read

Malicious phishing domains mimicking Apple and Google used in Bitter hack-for-hire campaign against MENA journalists

⚡ Key Takeaways

Bitter-linked hackers used advanced OAuth phishing and Apple impersonations to target MENA journalists. 𝕏
One Lebanese reporter's Apple account was fully compromised, enabling persistent data access. 𝕏
Ties to Indian interests and overlaps with UAE spyware point to a broader surveillance network. 𝕏

Published by

theAIcatchup

Threat intelligence. Zero noise.

#Bitter APT #MENA phishing #hack-for-hire #journalist targeting

Worth sharing?

Get the best Cybersecurity stories of the week in your inbox — no noise, no spam.

Originally reported by The Hacker News

⚡ Key Takeaways

The 60-Second TL;DR

theAIcatchup

Share this article

Worth sharing?

Related Stories

Journalists in Egypt and Lebanon Dodging South Asian Spyware Bullets

Exiled Journalists Can't Escape This Indian-Linked Spyware Dragnet

Iran's Hidden Assault: 3,900 US PLCs Exposed in the Wild

North Korean Hackers Compromise Axios NPM Package, Deploying RAT Across Platforms

Stay in the loop