Researchers catch Yemeni hackers spying on Middle East military phones | CyberScoop<\/title> <meta name=\"description\" content=\"The firm Lookout says that Houthi use of cyberespionage is a sign that mobile surveillance is a growing force in global conflicts.\"> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/researchers-catch-yemeni-hackers-spying-on-middle-east-military-phones\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"Researchers catch Yemeni hackers spying on Middle East military phones\"> <meta property=\"og:description\" content=\"The firm Lookout says that Houthi use of cyberespionage is a sign that mobile surveillance is a growing force in global conflicts.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/researchers-catch-yemeni-hackers-spying-on-middle-east-military-phones\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:published_time\" content=\"2024-07-09T10:05:00+00:00\"> <meta property=\"article:modified_time\" content=\"2024-07-08T19:40:48+00:00\"> <meta property=\"og:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/07\/researchers-catch-yemeni-hackers-spying-on-middle-east-military-phones-2.jpg\"> <meta property=\"og:image:width\" content=\"1920\"> <meta property=\"og:image:height\" content=\"1299\"> <meta property=\"og:image:type\" content=\"image\/jpeg\"> <meta name=\"author\" content=\"Tim Starks\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:creator\" content=\"@timstarks\">  <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1720117134g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress\/dist\/css\/related-posts-block-styles.min.css?m=1719935282g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1720001752g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=74528d75ce0daeb8628a\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/80921\"><link rel=\"EditURI\" type=\"application\/rsd+xml\" title=\"RSD\" href=\"https:\/\/cyberscoop.com\/xmlrpc.php?rsd\">\n<meta name=\"generator\" content=\"WordPress 6.5.5\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=80921\">\n<link rel=\"alternate\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fresearchers-catch-yemeni-hackers-spying-on-middle-east-military-phones%2F\">\n<link rel=\"alternate\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fresearchers-catch-yemeni-hackers-spying-on-middle-east-military-phones%2F&format=xml\">   <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"post-template-default single single-post postid-80921 single-format-standard\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/researchers-catch-yemeni-hackers-spying-on-middle-east-military-phones\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--newsletter js-stickybar\" readability=\"0.82\"> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"25.297830374753\">\n<div class=\"single-article__header-content\" readability=\"29.863636363636\">\n<ul class=\"single-article__eyebrow\">\n<li class=\"single-article__category\"> <a class=\"single-article__category-link\" href=\"https:\/\/cyberscoop.com\/news\/cybersecurity\/\"> <span>Cybersecurity<\/span> <\/a> <\/li>\n<\/ul>\n<p> The firm Lookout says that Houthi use of cyberespionage is a sign that mobile surveillance is a growing force in global conflicts. <\/p>\n<\/p><\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"433\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/07\/researchers-catch-yemeni-hackers-spying-on-middle-east-military-phones.jpg?resize=640%2C433&ssl=1\" class=\"single-article__cover-image wp-post-image\" alt decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/07\/researchers-catch-yemeni-hackers-spying-on-middle-east-military-phones-2.jpg 1920w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/07\/researchers-catch-yemeni-hackers-spying-on-middle-east-military-phones-2.jpg?resize=300,203 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/07\/researchers-catch-yemeni-hackers-spying-on-middle-east-military-phones-2.jpg?resize=768,520 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/07\/researchers-catch-yemeni-hackers-spying-on-middle-east-military-phones-2.jpg?resize=1024,693 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/07\/researchers-catch-yemeni-hackers-spying-on-middle-east-military-phones-2.jpg?resize=1536,1039 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/07\/researchers-catch-yemeni-hackers-spying-on-middle-east-military-phones-2.jpg?resize=600,406 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/07\/researchers-catch-yemeni-hackers-spying-on-middle-east-military-phones-2.jpg?resize=248,168 248w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/07\/researchers-catch-yemeni-hackers-spying-on-middle-east-military-phones-2.jpg?resize=498,337 498w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/07\/researchers-catch-yemeni-hackers-spying-on-middle-east-military-phones-2.jpg?resize=998,675 998w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/07\/researchers-catch-yemeni-hackers-spying-on-middle-east-military-phones-2.jpg?resize=1246,843 1246w\" sizes=\"(max-width: 998px) 100vw, 998px\"><figcaption> Houthi movement supporters brandish rifles, flags of Yemen and Palestine, Houthi emblems, and chant slogans as they participate in a demonstration in solidarity with the Palestinian people on June 28, 2024, in Sana’a, Yemen. (Photo by Mohammed Hamoud\/Getty Images) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"27.863592544987\"><body readability=\"58.298474134723\"><\/p>\n<p>A Yemeni hacking group is eavesdropping on the phones of military personnel in the Middle East, the latest sign of how surveillance has gone mobile in conflicts across the world, researchers say.<\/p>\n<p><a href=\"https:\/\/www.lookout.com\/threat-intelligence\/guardzoo-houthi-android-surveillanceware\">In a report published Tuesday<\/a>, researchers from the cybersecurity firm Lookout say hackers affiliated with Yemen\u2019s Houthi movement \u2014 the militant group that <a href=\"https:\/\/www.aljazeera.com\/news\/2024\/1\/12\/who-are-yemens-houthis-a-basic-guide\">controls of most of the country<\/a> \u2014 have successfully infected surveillance software on phones belonging to more than 450 people in their home country as well as in Saudi Arabia, Egypt, Oman, the United Arab Emirates, Qatar and Turkey.<\/p>\n<p>\u201cIt just shows how mobile as a threat really has made it into every conflict on Earth as a cyber target,\u201d said Christoph Hebeisen, the director of security intelligence research at Lookout. \u201cYemen always seems like a small and not very advanced place, and they don\u2019t have great means, yet they managed to create this kind of cyber weapon.\u201d<\/p>\n<p>The Houthi operation kicked off in 2019 and targets military personnel of interest to the group, Lookout said. It relies on a version of the <a href=\"https:\/\/www.securityweek.com\/source-code-android-rat-dendroid-leaked-online\/\">Dendroid malware that leaked online<\/a> a decade ago \u2014dubbed GuardZoo \u2014 that can collect data from phones such as photos, documents and files related to marked locations, according to Lookout.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>The Houthi movement came to international prominence in 2014 when it launched a military campaign against the then-government, causing its collapse and setting off a subsequent humanitarian crisis. The group is backed by Iran and has spent years fighting a Saudi-backed military force. More recently, the group has carried out crippling attacks on international shipping passing through the Strait of Hormuz in retaliation for Israel\u2019s military campaign in Gaza. <\/p>\n<p>The Houthis have in recent years embraced the use of cyber capabilities. Last year, researchers with Recorded Future <a href=\"https:\/\/cyberscoop.com\/oil-alpha-houthi-yemen\/\">observed a hacking group<\/a> with likely ties to the Houthis carrying out a digital espionage campaign that relied on WhatsApp to send malicious lures to its targets. <\/p>\n<p>The activity described in Tuesday\u2019s report also relied on WhatsApp, in addition to direct browser downloads, to infect its targets, but Lookout said its researchers had not previously observed activity from the group behind the campaign. Of particular interest to the group are maps that might reveal the locations of military assets, said Lookout\u2019s senior security researcher, Alemdar Islamoglu.<\/p>\n<p>\u201cThe campaign mostly uses military themes to lure victims, but Lookout researchers also observed that religion and other themes are being used,\u201d the report says, citing examples such as a religious-themed prayer app or military-themed apps.<\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\">\n<div class=\"author-card\" readability=\"7.7216117216117\">\n<div class=\"author-card__avatar\">\n<figure class=\"author-card__image-wrap\"> <img data-recalc-dims=\"1\" decoding=\"async\" class=\"author-card__image\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/07\/researchers-catch-yemeni-hackers-spying-on-middle-east-military-phones-1.jpg?w=640&ssl=1\" alt=\"Tim Starks\"> <\/figure>\n<\/p><\/div>\n<div class=\"author-card__details\" readability=\"10.901098901099\">\n<h4 class=\"author-card__name\">Written by Tim Starks<\/h4>\n<p> Tim Starks is senior reporter at CyberScoop. His previous stops include working at The Washington Post, POLITICO and Congressional Quarterly. An Evansville, Ind. native, he’s covered cybersecurity since 2003. Email Tim here: <a href=\"mailto:tim.starks@cyberscoop.com\">tim.starks@cyberscoop.com<\/a>. <\/div>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<p>  <\/div>\n<p>\n<\/div>\n<p> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Geopolitics<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p>   <\/body> <a href=\"https:\/\/cyberscoop.com\/researchers-catch-yemeni-hackers-spying-on-middle-east-military-phones\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Researchers catch Yemeni hackers spying on Middle East military phones<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[78,2286,302,2287,2288,2289,2015,2290,1181,288,2291,2292,2293,2294,1337],"tags":[86,2295,306,2296,2297,2298,2017,2299,1183,294,2300,2301,2302,2303,1339],"class_list":["post-4363","post","type-post","status-publish","format-standard","hentry","category-cybersecurity","category-egypt","category-geopolitics","category-lookout","category-oman","category-qatar","category-recorded-future","category-saudi-arabia","category-surveillance","category-threats","category-turkey","category-united-arab-emirates","category-united-arab-emirates-uae","category-whatsapp","category-yemen","tag-cybersecurity","tag-egypt","tag-geopolitics","tag-lookout","tag-oman","tag-qatar","tag-recorded-future","tag-saudi-arabia","tag-surveillance","tag-threats","tag-turkey","tag-united-arab-emirates","tag-united-arab-emirates-uae","tag-whatsapp","tag-yemen"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybersecurity\/\" rel=\"category tag\">Cybersecurity<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/egypt\/\" rel=\"category tag\">Egypt<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/geopolitics\/\" rel=\"category tag\">Geopolitics<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/lookout\/\" rel=\"category tag\">Lookout<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/oman\/\" rel=\"category tag\">Oman<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/qatar\/\" rel=\"category tag\">Qatar<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/recorded-future\/\" rel=\"category tag\">Recorded Future<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/saudi-arabia\/\" rel=\"category tag\">Saudi Arabia<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/surveillance\/\" rel=\"category tag\">surveillance<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/threats\/\" rel=\"category tag\">Threats<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/turkey\/\" rel=\"category tag\">Turkey<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/united-arab-emirates\/\" rel=\"category tag\">United Arab Emirates<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/united-arab-emirates-uae\/\" rel=\"category tag\">United Arab Emirates (UAE)<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/whatsapp\/\" rel=\"category tag\">WhatsApp<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/yemen\/\" rel=\"category tag\">Yemen<\/a>","tag_info":"Yemen","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/4363","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=4363"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/4363\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=4363"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=4363"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=4363"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":4363,"date":"2024-07-09T05:05:00","date_gmt":"2024-07-09T10:05:00","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=80921"},"modified":"2024-07-09T05:05:00","modified_gmt":"2024-07-09T10:05:00","slug":"researchers-catch-yemeni-hackers-spying-on-middle-east-military-phones","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2024\/07\/09\/researchers-catch-yemeni-hackers-spying-on-middle-east-military-phones\/","title":{"rendered":"Researchers catch Yemeni hackers spying on Middle East military phones"},"content":{"rendered":"