No transcript available for this episode.
Ep. 09
This report from Access Now details a sophisticated hack-for-hire campaign that targeted journalists and political figures in the Middle East and North Africa between 2023 and 2025. Investigators uncovered a series of spear-phishing attacks aimed at stealing credentials for Apple, Google, and Microsoft accounts by impersonating legitimate technical support services. The digital forensic analysis suggests these operations were likely executed by a well-resourced Advanced Persistent Threat group with ties to Asia. Beyond simple deceptive links, the threat actors utilized complex OAuth consent phishing and malicious Android applications to exfiltrate sensitive personal data. By mapping overlapping infrastructure and shared code, the researchers illustrate a persistent effort to suppress civil society through digital espionage. The findings serve as a critical warning and provide actionable intelligence to help at-risk individuals reinforce their cybersecurity defenses.