A new cybersecurity investigation has uncovered an existing hacking campaign targeting smartphones running both iOS and Android, revealing that attackers continue to rely on surprisingly simple but effective methods.
The operation has reportedly focused on journalists, activists, and government officials across the Middle East and North Africa, with additional victims identified in Europe and North America.
Coordinated Hack-for-Hire Campaign Exposed by Security Researchers
TechCrunch reported that the findings come from three cybersecurity organizations, Access Now, Lookout, and SMEX, which independently analyzed the activity and identified overlapping evidence pointing to a long-running espionage operation.
The group behind the attacks, known as BITTER APT, is believed to be linked to a commercial hack-for-hire ecosystem operating on behalf of clients seeking surveillance capabilities.
Rather than relying on advanced zero-day exploits, the campaign largely depends on phishing, demonstrating that deception remains one of the most effective tools in modern cyberattacks.
Apple ID Phishing Used to Gain Deep Device Access
One of the primary attack methods involved tricking Apple users into entering their Apple ID credentials on fake login pages. Once obtained, these credentials allowed attackers to access iCloud backups and sensitive personal data tied to compromised accounts.
According to 9to5Mac, researchers identified nearly 1,500 malicious domains designed to mimic legitimate services such as iCloud, FaceTime, and Apple sign-in portals. These counterfeit websites were engineered to closely resemble official pages, making it difficult for victims to distinguish them from real login screens.
Attacks Expand Across Major Tech Platforms
While Apple users were heavily targeted, investigators found that the campaign extended beyond a single ecosystem. Attackers also used similar phishing techniques against users of Google, Microsoft, Signal, WhatsApp, and Yahoo, aiming to harvest login credentials across multiple platforms.
This cross-platform approach highlights the adaptability of phishing operations, which often rely on human error rather than technical vulnerabilities.
Just last month, Google warned of an advanced iOS hack dubbed Coruna iPhone exploit.
Simple Attack Methods Continue to Deliver High Impact
Despite the availability of advanced spyware and sophisticated exploits, the investigation shows that phishing remains one of the most successful attack vectors.
Experts say that improving user awareness and strengthening authentication methods, such as multi-factor authentication, remain essential defenses against increasingly widespread cyber threats.
Originally published on Tech Times
