Phishing attacks target Arab journalists' accounts

 JournalismPakistan.com |  Published: 9 April 2026 |  JP Middle East Desk

New spear-phishing attacks targeted Egyptian and Lebanese journalists, using impersonation tactics and shared infrastructure to breach accounts on Apple, Microsoft and Google. Rights groups say the campaign threatens journalists' sources and reporting.

Summary

WASHINGTON, D.C.—New spear-phishing attacks targeting Egyptian and Lebanese journalists have raised alarm among press freedom advocates, with researchers pointing to a coordinated effort using sophisticated cyber-espionage tactics to compromise personal and professional accounts.

The Committee to Protect Journalists (CPJ) said the attacks were aimed at breaching accounts linked to major tech platforms, including Apple, Microsoft, and Google, potentially exposing sensitive communications and sources.

Coordinated campaign raises concerns

Digital rights groups Access Now and SMEX reported that unidentified actors likely hired a South Asia-focused cyber espionage group to carry out the attacks. Targets included Egyptian journalist Mostafa Al-A’sar, Egyptian journalist and politician Ahmed Tantawy, and an unnamed Lebanese journalist.

Researchers said the incidents shared a common technical fingerprint, including similar impersonation tactics and repeated use of the same attack infrastructure, suggesting a single actor behind the campaign.

CPJ’s regional director Sara Qudah warned that such digital surveillance often signals a broader pattern of intimidation. She said the attacks not only threaten journalists’ safety but also jeopardize their sources and reporting capabilities, urging authorities in the region to refrain from exploiting technology to monitor media workers.

Journalists describe pressure and surveillance

Al-A’sar, who was previously detained in Egypt between 2018 and 2021 and now lives in exile, described the phishing attempts as part of ongoing transnational repression. He said the attacks created a constant sense of being watched, affecting both his reporting work and personal life.

Cybersecurity experts involved in the investigation noted that while direct government involvement could not be conclusively proven, several indicators point in that direction. These include the profile of the targets, the sophistication of the tools used, and the financial cost associated with such operations.

Mohammed Al-Maskati, director of the Digital Security Helpline at Access Now, said the targeting of high-profile journalists with a history of harassment strengthens suspicions of state-linked activity. Meanwhile, SMEX technologist Ragheb Ghandour highlighted the growing use of “hack-for-hire” services, which allow clients to outsource cyberattacks while maintaining plausible deniability.

He noted that such services are increasingly attractive as tighter regulations on commercial spyware push actors toward less traceable alternatives, exploiting gaps in global accountability frameworks.

Evolving threats to press freedom

The findings underscore a broader shift in how journalists are targeted, with digital surveillance becoming a central tool of repression, particularly against those operating in exile. Rights groups warn that such tactics can have chilling effects on investigative reporting and cross-border journalism.

CPJ has called for stronger protections and accountability mechanisms to address the misuse of cyber capabilities against journalists, emphasizing the need for coordinated international responses to safeguard press freedom in the digital age.

WHY THIS MATTERS: The rise of hack-for-hire surveillance highlights growing digital risks for journalists, including in Pakistan, where reporters increasingly rely on online communication tools. Newsrooms may need to invest more in cybersecurity training and adopt stricter digital hygiene practices. The trend also underscores the importance of legal and policy frameworks to protect journalists from cross-border digital threats.

ATTRIBUTION: Reporting by JournalismPakistan, based on publicly available statements from the Committee to Protect Journalists (April 8, 2026), Access Now (April 8, 2026), and SMEX (April 8, 2026).

PHOTO: By StartupStockPhotos from Pixabay