‘Happy Gilmore’ Producer Acquires Spyware Maker NSO Group
▼ Summary
– North Korean scammers are using fake identities to pose as legitimate architectural designers and trick US companies into hiring them as part of broader financial theft campaigns.
– Apple removed apps from its App Store related to monitoring ICE activity under DOJ pressure, but developers are continuing to fight the decision and distribute their apps elsewhere.
– NSO Group, the spyware vendor behind Pegasus, is being purchased by a US investor group led by film producer Robert Simonds for tens of millions of dollars, pending Israeli government approval.
– Hundreds of DHS cybersecurity specialists have been reassigned to support immigration enforcement roles, potentially hindering critical infrastructure threat alerts and capacity building efforts.
– A breach at a Discord customer service provider exposed sensitive data from over 70,000 users, including identification documents and personal information collected for age verification.
The notorious spyware developer NSO Group, creator of the invasive Pegasus malware, is on the verge of being acquired by a consortium of American investors. This group is led by Hollywood producer Robert Simonds, known for backing films like Happy Gilmore and Billy Madison. The transaction, valued in the “several tens of millions of dollars,” still requires final approval from Israel’s Defense Export Control Agency. NSO Group has faced severe financial strain following major lawsuits from WhatsApp and Apple.
In other security developments, North Korean operatives are actively attempting to infiltrate US companies by posing as architectural designers. These scammers use fabricated profiles, counterfeit résumés, and fake Social Security numbers to secure employment, part of a broader, long-running campaign by the isolated nation to illicitly obtain billions from global organizations.
Apple has recently removed several applications from its iOS App Store that were designed to monitor US Immigration and Customs Enforcement (ICE) activities and archive related content. This action came after pressure from the Department of Justice. Despite the removals, numerous developers have stated they will continue to challenge Apple’s decision and are distributing their apps through alternative platforms.
Security researchers are issuing stark warnings about the growing use of AI-generated code within software supply chains. They caution that this trend could drastically worsen existing problems with code transparency and accountability, issues that first emerged with the widespread adoption of open-source software components. In a related move, Apple has announced a significant expansion of its bug bounty program. The update includes a maximum reward of $2 million for discovering specific exploit chains that could be used to distribute spyware, alongside extra incentives for vulnerabilities found in Apple’s Lockdown Mode or beta software.
Hundreds of cybersecurity and national security specialists within the US Department of Homeland Security have been subjected to mandatory reassignment in recent weeks. These personnel, many of whom are senior, non-union staff, are being moved to roles supporting the Trump administration’s immigration and deportation agenda. Reports indicate that workers who refuse these new assignments face termination. Notably, affected members from the Cybersecurity and Infrastructure Security Agency (CISA) were previously involved in issuing critical threat alerts concerning US agencies and national infrastructure. The reassignment of CISA’s Capacity Building team, for instance, could potentially delay vital emergency directives for key government assets. These employees are being shifted to agencies such as Immigration and Customs Enforcement, Customs and Border Protection, and the Federal Protective Service.
A significant data breach has impacted a third-party customer service provider used by Discord, compromising information for over 70,000 users. The stolen data includes identification documents, selfies, email addresses, phone numbers, and some home location details, information originally collected for age verification purposes. This type of data collection has long been criticized for creating centralized repositories of highly sensitive user information. The attackers behind the breach are reportedly attempting to extort Discord, having posted the stolen data on a Telegram channel with a message suggesting the situation will “get really ugly.”
Separately, US Immigration and Customs Enforcement signed an $825,000 contract in May with TechOps Specialty Vehicles (TOSV), a Maryland-based company that supplies law enforcement equipment. The contract is for “Cell Site Simulator (CSS) Vehicles,” which are essentially rogue cellphone towers used for phone surveillance, often referred to as “stingrays.” Public records show this agreement modifies a prior arrangement to supply additional surveillance vehicles. TOSV had also begun a similar $818,000 contract with ICE back in September 2024. The company’s president confirmed they provide these cell-site simulators but clarified that TOSV does not manufacture the devices itself.
(Source: Wired)
