{"id":720,"date":"2018-05-15T21:38:13","date_gmt":"2018-05-15T21:38:13","guid":{"rendered":"https:\/\/kasperskycontenthub.com\/threatpost\/?p=131994"},"modified":"2018-05-15T21:38:13","modified_gmt":"2018-05-15T21:38:13","slug":"phishing-spy-campaign-targets-top-mideast-officials","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/phishing-spy-campaign-targets-top-mideast-officials\/","title":{"rendered":"Phishing Spy Campaign Targets Top Mideast Officials"},"content":{"rendered":"<div class=\"media_block\"><\/div>\n<div><img decoding=\"async\" src=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/31\/2018\/05\/15153018\/spyware.jpg\" class=\"ff-og-image-inserted\"\/><\/div>\n<p>Researchers have discovered a phishing campaign that infected Android devices\u00a0with custom surveillance-ware bent on extracting data from top officials, primarily in the Middle East.<\/p>\n<p>Researchers at Lookout Security told Threatpost that the tool, dubbed Stealth Mango, has been used to collect over 30 gigabytes of compromised data on attacker infrastructure, including call records, audio recordings, device location information and text messages.<\/p>\n<p>\u201cThese tools have been part of a highly targeted intelligence gathering campaign we believe is operated by members of the Pakistani military,\u201d Lookout researchers said in a <a href=\"https:\/\/info.lookout.com\/rs\/051-ESQ-475\/images\/lookout-stealth-mango-srr-us.pdf\">report<\/a>. \u201cOur investigation indicates this actor has used these surveillance-ware tools to successfully compromise the mobile devices of government officials, members of the military, medical professionals and civilians.\u201d<\/p>\n<p>Once a device is infected with Stealth Mango, the malware initially uploads all data from an infected device and then tracks all changes that occur as soon as they happen. This includes installed device information, changes in SIM cards on the device, pictures and audio stored on the device and contact lists.<\/p>\n<p>Stealth Mango has been evolving over the months; in February 2018, for instance, the tool also showed functionality like key-logging, screenshot captures and screen-record functionality; the ability to track victims in real time; and the ability to access the message databases of third-party social media applications.<\/p>\n<p>Lookout told Threatpost that a \u201cballpark figure\u201d of around 100 unique devices were impacted by the targeted surveillance operations, including those of government officials, members of the military, and activists in Pakistan, Afghanistan, India, Iraq and the United Arab Emirates. Data of officials from other countries, like the U.S. and Germany, have also been swept up in the campaign.<\/p>\n<p>Lookout said it believes the threat actor behind Stealth Mango is also behind the Operation Transparent Tribe and Operation C-Major\u00a0<a href=\"https:\/\/researchcenter.paloaltonetworks.com\/2016\/03\/unit42-projectm-link-found-between-pakistani-actor-and-operation-transparent-tribe\/\">campaigns,<\/a>\u00a0which targeted Indian embassies in Saudi Arabia and Kazakhstan, as well as the Indian military.<\/p>\n<p><strong>Attack Vector<\/strong><\/p>\n<p>Lookout researchers believe that attackers infected devices with Stealth Mango using both phishing techniques as well as at least one watering hole used to distribute the malware.<\/p>\n<p>The watering hole URL was first sent to targets, often via Facebook Messenger. This suggests the \u201cthe attackers are using fake personas to connect with their targets and coerce them into installing the malware onto their devices,\u201d researchers said.<\/p>\n<p>Once they clicked on the URL, victims were taken to the watering hole, which purports to be the third-party Android App store known as APKMonk (secure-apps.azurewebsites[.]net). However, when victims clicked on any link on the site, they would re-direct to the Stealth Mango APK.<\/p>\n<p>Lookout said they initiated a takedown with Microsoft of this particular watering hole, and the account was ultimately suspended.<\/p>\n<p>Researchers also found that these threat actors are using multi-platform capabilities with several custom tools; and while most of the research focused on the Stealth Mango\u00a0Android component, there is also evidence of an iOS tool believed to be a variant of Tangelo, being developed as well.<\/p>\n<p>Researchers said that that the two tools appear to have been created by the same developer group, but it\u2019s unclear if the iOS component is still in a trial phase, or if it is being used in active campaigns as well.<\/p>\n<p>\u201cThere\u2019s likely an iOS piece being used alongside Stealth Mango and communicating to the same infrastructure, but we haven\u2019t found that piece in the wild at this time\u2026 and we\u2019re not sure how it\u2019s being deployed,\u201d said Michael Flossman, head of threat intelligence at Lookout, in an interview. \u201cHowever, given the existence of Tangelo on a different server we\u2019re pretty sure the variation of that is being used by these guys.\u201d<\/p>\n<p><strong>Threat Actor<\/strong><\/p>\n<p>Lookout linked the tools to freelance software developers with ties to the Pakistani military, with physical presences in Pakistan, India and the United States.<\/p>\n<p>\u201cFurther analysis of server-side logs on attacker infrastructure showed three IPs that geolocate to a specific area of the G-8 area in Islamabad, Pakistan,\u201d Lookout\u2019s report detailed.<\/p>\n<p>\u201cThis is another nation-state based actor that is using commodity tooling without resorting to any sort of zero-day or exploit, and getting a lot of value from that model,\u201d added Andrew Blaich, head of device intelligence at Lookout, told Threatpost. \u201cIt shows there\u2019s a lot of variants in terms of the surveillance-ware out there and you can get a lot of stuff done without utilizing exploits.\u201d<\/p>\n<p>There were a couple of surprises in the threat actor\u2019s approach as well.<\/p>\n<p>When looking at the threat actor\u2019s infrastructure, which used two IP addresses, \u201cwe were surprised to find how wide open the server was,\u201d Flossman told Threatpost. \u201cThis actor focused very much on setting up the remote infrastructure without securing it\u2026As a result, exfiltrated data was publicly accessible.\u201d<\/p>\n<p>In another surprise to researchers, Flossman added that they found the infrastructure running the WSO web shell, which provides a third party with complete control over the server.<\/p>\n<p>Researchers said it\u2019s unclear when the campaign was first deployed, but they first came across it in mid-January 2018. The latest release of Stealth Mango was as recently as April 2018.<\/p>\n<p>\u201cAt the moment, the infrastructure behind these operations appears to be down,\u00a0 but we don\u2019t expect them to disappear\u2026 we expect them to surface again with other mobile components,\u201d said Flossman.<\/p>\n<p>READ MORE <a href=\"https:\/\/threatpost.com\/phishing-campaign-targeted-top-officials-with-surveillance-ware-tools\/131994\/\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Researchers have discovered a set of custom surveillanceware tools being deployed against Android and iOS devices primarily in the Middle East. READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":721,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[3],"tags":[162,510,126,511,28,512,513,514],"class_list":["post-720","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-threatpost","tag-android","tag-dark-caracal","tag-government","tag-ios-surveillanceware","tag-malware","tag-nation-state","tag-stealth-mango","tag-tangelo"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Phishing Spy Campaign Targets Top Mideast Officials 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/phishing-spy-campaign-targets-top-mideast-officials\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Phishing Spy Campaign Targets Top Mideast Officials 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/phishing-spy-campaign-targets-top-mideast-officials\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2018-05-15T21:38:13+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/05\/phishing-spy-campaign-targets-top-mideast-officials.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"680\" \/>\n\t<meta property=\"og:image:height\" content=\"400\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/phishing-spy-campaign-targets-top-mideast-officials\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/phishing-spy-campaign-targets-top-mideast-officials\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Phishing Spy Campaign Targets Top Mideast Officials\",\"datePublished\":\"2018-05-15T21:38:13+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/phishing-spy-campaign-targets-top-mideast-officials\\\/\"},\"wordCount\":890,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/phishing-spy-campaign-targets-top-mideast-officials\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/05\\\/phishing-spy-campaign-targets-top-mideast-officials.jpg\",\"keywords\":[\"Android\",\"Dark Caracal\",\"Government\",\"iOS Surveillanceware\",\"Malware\",\"nation state\",\"Stealth Mango\",\"Tangelo\"],\"articleSection\":[\"Threatpost\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/phishing-spy-campaign-targets-top-mideast-officials\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/phishing-spy-campaign-targets-top-mideast-officials\\\/\",\"name\":\"Phishing Spy Campaign Targets Top Mideast Officials 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/phishing-spy-campaign-targets-top-mideast-officials\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/phishing-spy-campaign-targets-top-mideast-officials\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/05\\\/phishing-spy-campaign-targets-top-mideast-officials.jpg\",\"datePublished\":\"2018-05-15T21:38:13+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/phishing-spy-campaign-targets-top-mideast-officials\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/phishing-spy-campaign-targets-top-mideast-officials\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/phishing-spy-campaign-targets-top-mideast-officials\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/05\\\/phishing-spy-campaign-targets-top-mideast-officials.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/05\\\/phishing-spy-campaign-targets-top-mideast-officials.jpg\",\"width\":680,\"height\":400},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/phishing-spy-campaign-targets-top-mideast-officials\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Android\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/android\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Phishing Spy Campaign Targets Top Mideast Officials\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Phishing Spy Campaign Targets Top Mideast Officials 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/phishing-spy-campaign-targets-top-mideast-officials\/","og_locale":"en_US","og_type":"article","og_title":"Phishing Spy Campaign Targets Top Mideast Officials 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/phishing-spy-campaign-targets-top-mideast-officials\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2018-05-15T21:38:13+00:00","og_image":[{"width":680,"height":400,"url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/05\/phishing-spy-campaign-targets-top-mideast-officials.jpg","type":"image\/jpeg"}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/phishing-spy-campaign-targets-top-mideast-officials\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/phishing-spy-campaign-targets-top-mideast-officials\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Phishing Spy Campaign Targets Top Mideast Officials","datePublished":"2018-05-15T21:38:13+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/phishing-spy-campaign-targets-top-mideast-officials\/"},"wordCount":890,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/phishing-spy-campaign-targets-top-mideast-officials\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/05\/phishing-spy-campaign-targets-top-mideast-officials.jpg","keywords":["Android","Dark Caracal","Government","iOS Surveillanceware","Malware","nation state","Stealth Mango","Tangelo"],"articleSection":["Threatpost"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/phishing-spy-campaign-targets-top-mideast-officials\/","url":"https:\/\/www.threatshub.org\/blog\/phishing-spy-campaign-targets-top-mideast-officials\/","name":"Phishing Spy Campaign Targets Top Mideast Officials 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/phishing-spy-campaign-targets-top-mideast-officials\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/phishing-spy-campaign-targets-top-mideast-officials\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/05\/phishing-spy-campaign-targets-top-mideast-officials.jpg","datePublished":"2018-05-15T21:38:13+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/phishing-spy-campaign-targets-top-mideast-officials\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/phishing-spy-campaign-targets-top-mideast-officials\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/phishing-spy-campaign-targets-top-mideast-officials\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/05\/phishing-spy-campaign-targets-top-mideast-officials.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/05\/phishing-spy-campaign-targets-top-mideast-officials.jpg","width":680,"height":400},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/phishing-spy-campaign-targets-top-mideast-officials\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Android","item":"https:\/\/www.threatshub.org\/blog\/tag\/android\/"},{"@type":"ListItem","position":3,"name":"Phishing Spy Campaign Targets Top Mideast Officials"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/720","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=720"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/720\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/721"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=720"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=720"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=720"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}