New research shows that hackers still rely on old tricks to access iPhones and Android devices. Here are the details.
‘A growing trend of government agencies outsourcing their hacking operations’
How he saw it TechCrunchThree cybersecurity research firms collaborated to produce complementary reports detailing a years-long hacking campaign that targeted journalists, activists and officials across the Middle East and North Africa.
According to findings shared by Access now, Be attentiveand SMEThe attacks targeted civilians and government officials in several countries, most of them in the region, as well as “the United Kingdom and potentially the United States or alumni of American universities,” according to TechCrunch.
Access Now investigated three attack events that took place between 2023 and 2025, while Lookout linked them to hacking group BITTER APT, “an offshoot of Indian hacking startup Appin.”
Contrary to what crown explode and dark sword Exploit attacks, which recently gained attention for their intricate chaining of known vulnerabilities to compromise outdated iPhones and iPads, this campaign relied on much less sophisticated tactics, including phishing:
“In the attack portion of this campaign, the hackers used several different techniques. When attacking iPhone users, the hackers attempted to trick the targets into handing over their Apple ID credentials to then hack into their iCloud backups, which would have effectively given them access to the entire contents of the targets’ iPhones.”
Lookout’s report includes nearly 1,500 different web addresses designed to pose as legitimate services, but used to host phishing pages and other malicious infrastructure.
Apple-specific ones include:
- facetime-web(.)me-en(.)io
- apple(.)id-us(.)cc
- iCloud(.)com-ar(.)me
- iCloud(.)com-service(.)information
- sign in to Apple(.)com-en-uk(.)info
As noted in the reports, the campaign went far beyond Apple, also targeting users and services from companies such as Google, Microsoft, Signal, WhatsApp and Yahoo, with different hacking and phishing techniques.
TechCrunch He added that this campaign marks a “growing trend of government agencies outsourcing their hacking operations to private contract hacking companies”:
These groups and their clients get “plausible deniability since they run all operations and infrastructure.” And for their clients, these hacker-for-hire groups are probably cheaper than buying commercial spyware, he said (Justin Albrecht, principal researcher at Lookout).
You can find the TechCrunch report. here.
Worth checking out on Amazon
FTC: We use automatic affiliate links that generate income. Further.
