Hackers still lean on old tricks, according to a joint probe by Access Now, Lookout, and SMEX. Their analysis traced a 2023‑25 hack‑for‑hire campaign that targeted journalists, activists, and officials across the Middle East and North Africa, and even reached the United Kingdom and the United States. The attackers used simple phishing to harvest Apple IDs and then pry into iCloud backups.

Lookout catalogued nearly 1,500 fake web addresses that mimicked legitimate Apple services, including facetime‑web[.]me‑en[.]io and apple[.]id‑us[.]cc. The campaign’s focus on iCloud—essential for storing photos, messages, and app data—meant that a stolen credential could reveal a device’s entire contents. Beyond Apple, the study flagged similar phishing schemes against Google, Microsoft, Signal, WhatsApp, and Yahoo services.

These findings underscore a growing trend of state actors outsourcing surveillance to private hack‑for‑hire outfits. By running operations through third‑party infrastructure, clients gain plausible deniability while keeping costs lower than commercial spyware. For consumers, the takeaway is clear: verify any Apple‑branded login page before entering credentials, and keep device software up to date to mitigate phishing exploits.

Apple’s response? The company has tightened its two‑factor authentication flow and warns users of spoofed Apple ID prompts. Security researchers advise enabling push‑based MFA wherever possible and monitoring for unfamiliar login notifications. The incident also fuels debate over the adequacy of current mobile security frameworks in protecting personal data from state‑backed adversaries.