Two prominent Egyptian journalists targeted with elaborate spearphishing campaign

Steven

Two prominent Egyptian journalists targeted with elaborate spearphishing campaign

Summary

New research from Access Now and mobile security company Lookout reveals a sophisticated hack-for-hire spearphishing campaign that targeted two well-known Egyptian journalists between October 2023 and January 2024. The attackers used elaborate fake personas, phoney service accounts and multi-channel messaging to try to compromise Apple and Google accounts and to deliver Android spyware. Investigators found persistent overlapping infrastructure and code similarities suggesting an organised operation with ties to Asia, though the operator’s base was not definitively identified. Neither victim’s accounts were ultimately breached.

Key Points

  • Access Now and Lookout analysed attacks carried out from Oct 2023 to Jan 2024 against two Egyptian journalists.
  • Attackers created convincing fake profiles and messages, impersonating services (including Signal) to trick targets.
  • Forensic links show overlapping domains, hosting and code, indicating a persistent hack-for-hire infrastructure, possibly tied to Asia.
  • There is evidence the infrastructure can deliver Android spyware capable of extracting files, contacts, SMS, geolocation and enabling microphones/cameras.
  • One target entered credentials after a fake Apple message but stopped when a suspicious two-factor alert from Egypt appeared; neither account was fully compromised.
  • Victims include Mostafa Al-A’sar and Ahmed Eltantawy, both previously persecuted by Egyptian authorities; Eltantawy’s phone was earlier targeted with Predator spyware per Citizen Lab.
  • Access Now warns spear-phishing is a cheaper or complementary tool to spyware and urges journalists in MENA to strengthen digital hygiene.

Context and Relevance

This report matters because it shows how commercial hack-for-hire operations are being used against journalists and civil society in the Middle East and North Africa. The combination of social-engineering spearphishing and the capability to deliver advanced Android spyware fits a wider pattern of digital repression: inexpensive, scalable attacks that sidestep legal and diplomatic barriers. For anyone following press freedom, digital security or regional human-rights trends, the findings underline the urgent need for better protection, threat awareness and operational security.

Why should I read this

Look — if you care about press freedom or you work with sources in the MENA region, this is a wake-up call. The piece lays out how slick social-engineering plus off-the-shelf spyware can be used to target critics. We read the full report so you don’t have to: it’s a quick primer on what to watch out for and why journalists should lock down accounts and double-check every unexpected message.

Source

Source: https://therecord.media/two-egyptian-journalists-targeted-spearphishing-campaign