Washington, D.C., April 8, 2026 — The Committee to Protect Journalists is alarmed by new reports about spear-phishing attacks against several Egyptian and Lebanese journalists aimed at compromising their Apple, Microsoft, and Google accounts.
According to reports by digital rights organizations Access Now and SMEX, unidentified entities likely hired a South Asia-focused cyber espionage group to target Egyptian journalist Mostafa Al-A’sar, Egyptian journalist and politician Ahmed Tantawy, and an unnamed Lebanese journalist. Researchers found that the same actor may be responsible for all three cases, citing similar impersonation tactics, a common technical fingerprint, and the repeated use of the same attack infrastructure.
“Spying on journalists is often the first step in a broader pattern of intimidation, threats, and attacks,” said CPJ Regional Director Sara Qudah. “These actions endanger not only journalists’ personal safety, but also their sources and their ability to do their work. Authorities in the region must stop weaponizing technology and financial resources to surveil journalists.”
Al-A’sar, an exiled Egyptian journalist who was arrested in Egypt in 2018 and released in 2021, told CPJ that the phishing attempts were part of a broader pattern of digital transnational repression targeting journalists abroad.
“These attacks make me feel that I am constantly under surveillance,” he said. “It puts enormous pressure on my ability to do my work as a journalist and even on my personal interactions.”
Mohammed Al-Maskati, director of the Digital Security Helpline at Access Now, told CPJ that while researchers could not technically confirm government involvement, several indicators point in that direction.
“When we look at who was targeted—prominent journalists with a history of attacks—the technology used, and the cost of hiring such services, it strongly suggests government involvement,” he said.
Ragheb Ghandour, a cybersecurity technologist at SMEX, said governments may rely on “hack-for-hire” services to avoid accountability.
“Phishing campaign commissioned through intermediaries is both cheaper and produces a forensic trail that is harder to trace,” he said. “As accountability frameworks around commercial spyware have expanded, there has been an incentive to turn to tools that fall outside those frameworks. Hack-for-hire services, in that sense, exploit gaps in existing regulatory systems.”
This content originally appeared on Committee to Protect Journalists and was authored by CPJ Staff.