When journalists who cover conflict, corruption and power are themselves the subjects of clandestine surveillance, the costs ripple beyond a single inbox or device. Researchers from nonprofit and private-sector groups have uncovered a campaign that raises fresh questions about who hires hackers, what tools are used, and which regions of the world are most exposed.
What researchers uncovered
Researchers from Access Now, Lookout and SMEX joined forces to investigate a hack-for-hire spyware campaign that targeted journalists in the Middle East and North Africa, according to reporting by CyberScoop. Their work identified multiple components of the operation, including a suspected Indian government-connected group known as Bitter and a form of spyware referred to as ProSpy, among other tools and actors involved in the campaign.
Scope and pattern
The collaboration between a digital-rights organization (Access Now), a mobile security firm (Lookout) and a regional advocacy group (SMEX) focused on a cross-border set of intrusions aimed at journalists. The researchers described the campaign as hack-for-hire — a category of activity in which clients procure offensive cyber capabilities to surveil or compromise targets. In this instance, the targets were journalists working in the Middle East and North Africa, and the investigation tied the activity to a constellation of spyware and an actor labeled Bitter.
Why the findings matter
- For journalists: The reported campaign underscores a direct operational threat to sources, reporting and editorial independence when reporters become targets of tailored intrusion attempts. Being surveilled can chill newsgathering and source communication even if individual compromises are not immediately visible.
- For technologists: The discovery of multiple tools in a single operation — including ProSpy and other instruments — highlights the evolving ecosystem of offensive capabilities and the importance of cross-disciplinary detection and attribution work to piece together complex campaigns.
- For policymakers and civil-society advocates: The involvement of alleged third-party groups in a hack-for-hire context raises governance questions about accountability, transparency and redress when private actors are used to conduct surveillance against members of the press across borders.
Perspectives and implications
Access Now, Lookout and SMEX brought complementary expertise to the case: rights-focused documentation, technical detection, and regional context. That partnership model reflects an emerging standard for investigating sophisticated operations that cut across jurisdictions and platforms. The organizations’ findings — as reported by CyberScoop — indicate a layered campaign that combined actor-level attribution (the group Bitter) with deployed malware (ProSpy) and other, unnamed tools.
From the vantage of an adversary, a hack-for-hire model can offer plausible deniability and transactional scaling: clients can commission targeted operations without necessarily exposing state structures or their own identities. From the vantage of defenders, the multiplicity of tools and actors complicates both detection and the formulation of policy responses.
What comes next
The reporting by CyberScoop, based on the joint research, puts pressure on a range of stakeholders to weigh responses: media organizations to harden operational security, technology companies to continuously refine detection and mitigation techniques, and policymakers and advocacy groups to consider legal and diplomatic avenues for accountability. The collaboration that produced these findings also models how NGOs and private security firms can combine skill sets to map and publicize threats.
As this episode shows, the question is not merely who is targeted today but how the marketplace for offensive cyber services will shape the safety of journalism tomorrow. If attackers can blend commercial services, bespoke spyware like ProSpy, and actors such as Bitter into a single operation against reporters, what safeguards remain for the flow of information that democracies and societies rely on?




