Phishing attacks target Arab journalists' accounts
JournalismPakistan.com | Published: 9 April 2026 | JP Middle East Desk
Join our WhatsApp channel
New spear-phishing attacks targeted Egyptian and Lebanese journalists, using impersonation tactics and shared infrastructure to breach accounts on Apple, Microsoft and Google. Rights groups say the campaign threatens journalists' sources and reporting.Summary
WASHINGTON, D.C.—New spear-phishing attacks targeting Egyptian and Lebanese journalists have raised alarm among press freedom advocates, with researchers pointing to a coordinated effort using sophisticated cyber-espionage tactics to compromise personal and professional accounts.
The Committee to Protect Journalists (CPJ) said the attacks were aimed at breaching accounts linked to major tech platforms, including Apple, Microsoft, and Google, potentially exposing sensitive communications and sources.
Coordinated campaign raises concerns
Digital rights groups Access Now and SMEX reported that unidentified actors likely hired a South Asia-focused cyber espionage group to carry out the attacks. Targets included Egyptian journalist Mostafa Al-A’sar, Egyptian journalist and politician Ahmed Tantawy, and an unnamed Lebanese journalist.
Researchers said the incidents shared a common technical fingerprint, including similar impersonation tactics and repeated use of the same attack infrastructure, suggesting a single actor behind the campaign.
CPJ’s regional director Sara Qudah warned that such digital surveillance often signals a broader pattern of intimidation. She said the attacks not only threaten journalists’ safety but also jeopardize their sources and reporting capabilities, urging authorities in the region to refrain from exploiting technology to monitor media workers.
Journalists describe pressure and surveillance
Al-A’sar, who was previously detained in Egypt between 2018 and 2021 and now lives in exile, described the phishing attempts as part of ongoing transnational repression. He said the attacks created a constant sense of being watched, affecting both his reporting work and personal life.
Cybersecurity experts involved in the investigation noted that while direct government involvement could not be conclusively proven, several indicators point in that direction. These include the profile of the targets, the sophistication of the tools used, and the financial cost associated with such operations.
Mohammed Al-Maskati, director of the Digital Security Helpline at Access Now, said the targeting of high-profile journalists with a history of harassment strengthens suspicions of state-linked activity. Meanwhile, SMEX technologist Ragheb Ghandour highlighted the growing use of “hack-for-hire” services, which allow clients to outsource cyberattacks while maintaining plausible deniability.
He noted that such services are increasingly attractive as tighter regulations on commercial spyware push actors toward less traceable alternatives, exploiting gaps in global accountability frameworks.
Evolving threats to press freedom
The findings underscore a broader shift in how journalists are targeted, with digital surveillance becoming a central tool of repression, particularly against those operating in exile. Rights groups warn that such tactics can have chilling effects on investigative reporting and cross-border journalism.
CPJ has called for stronger protections and accountability mechanisms to address the misuse of cyber capabilities against journalists, emphasizing the need for coordinated international responses to safeguard press freedom in the digital age.
WHY THIS MATTERS: The rise of hack-for-hire surveillance highlights growing digital risks for journalists, including in Pakistan, where reporters increasingly rely on online communication tools. Newsrooms may need to invest more in cybersecurity training and adopt stricter digital hygiene practices. The trend also underscores the importance of legal and policy frameworks to protect journalists from cross-border digital threats.
ATTRIBUTION: Reporting by JournalismPakistan, based on publicly available statements from the Committee to Protect Journalists (April 8, 2026), Access Now (April 8, 2026), and SMEX (April 8, 2026).
PHOTO: By StartupStockPhotos from Pixabay
Key Points
- Spear-phishing attempts targeted Egyptian and Lebanese journalists, including named and unnamed individuals.
- Attackers sought access to accounts on major platforms such as Apple, Microsoft and Google.
- Researchers found a common technical fingerprint and repeated use of the same attack infrastructure.
- Digital rights groups allege a likely link to a South Asia-focused cyber-espionage group hired to carry out the campaign.
- CPJ warned the operations endanger journalists' safety, sources and reporting, and reflect broader intimidation risks.
Key Questions & Answers
Who were the targets of the attacks?
Egyptian and Lebanese journalists were targeted; named targets include Mostafa Al-A'sar and Ahmed Tantawy, and at least one unnamed Lebanese journalist.
Which platforms were affected?
Researchers said the campaign aimed at accounts linked to Apple, Microsoft and Google.
Who reported and investigated the campaign?
The Committee to Protect Journalists, Access Now and SMEX reported the incidents; researchers identified shared tactics and infrastructure indicating a coordinated operation.
What are the main risks from these attacks?
The attacks risk exposing sensitive communications and sources, threaten journalists' safety and may indicate a pattern of digital surveillance and intimidation.
Relevant Topics
Ask AI: Understand this story your way
AI EnabledDig deeper, ask anything — get instant context, background, and clarity.
Disclaimer: This feature is powered by AI and is intended to help readers explore and understand news stories more easily. While we strive for accuracy, AI-generated responses may occasionally be incomplete or reflect limitations in the underlying model. This feature does not represent the editorial views of JournalismPakistan. For our full, verified reporting, please refer to the original article.

.png)












