Below: NHS trusts shared sensitive medical information with Facebook, and the Defense Department has a new cyber strategy. First:

NSO Group under new ownership as reports about hacks continue

One of the world’s most well-known spyware firms is under new ownership.

The development about NSO Group comes at a time when the company and the cybersurveillance industry face increasing scrutiny from critics and governments around the world.

Here’s more from the Wall Street Journal’s Alexander Saeedy and Dustin Volz, who broke the news on Friday:

“Creditors including Credit Suisse and Senator Investment Group moved earlier this year to foreclose on NSO’s parent company,” Saeedy and Volz wrote, citing people familiar with the matter. “The takeover wiped out NSO’s previous owners, including a private-equity fund started by Novalpina Capital that bought the company in a deal that valued it at roughly $1 billion in 2019, the people familiar said.”

They also reported that Dufresne Holdings, a company controlled by NSO co-founder Omri Lavie , is listed as the only shareholder of NSO’s parent company on corporate filings. That company is helping manage NSO and has fired some NSO corporate officers, they reported.

Meanwhile, NSO’s lenders are working with Lavie and have agreed not to press NSO to default on its debts, they reported.

An NSO spokesperson told the Journal that the company “is managed directly by our CEO, Yaron Shohat,” and its “lenders are currently in a process of restructuring the shareholders.”

The fascinating revelation comes around a year-and-a-half after the Biden administration put NSO and three other firms on its “entity list,” which restricts them from receiving American technologies.

Since then, NSO and its Pegasus spyware have stayed in the news — including as recently as last week, which saw more instances of reported hacks.

Beyond the “entity list” designation, NSO and other spyware firms face pressure outside the United States. In June, the European Parliament is set to consider recommendations by a committee investigating Pegasus and other spyware use.

Read more about some recent developments in the spyware and cyberintelligence world here:

The keys

NHS trusts shared sensitive medical information with Facebook without users’ consent, investigation finds

Some of the trusts that provide care through the National Health Service (NHS), the U.K. health-care system, have been sharing sensitive patient information with Facebook without patient consent and despite promising to not do so, Shanti Das reports for the Observer.

“An Observer investigation has uncovered a covert tracking tool in the websites of 20 NHS trusts which has for years collected browsing information and shared it with the tech giant in a major breach of privacy,” Das writes.

“The data includes granular details of pages viewed, buttons clicked and keywords searched. It is matched to the user’s IP address — an identifier linked to an individual or household — and in many cases details of their Facebook account,” the report adds.

The U.K. privacy regulator, the Information Commissioner’s Office, told the Observer that it “noted the findings” and is reviewing the issue. “People have the right to expect that organisations will handle their information securely and that it will only be used for the purpose they are told,” an ICO spokesperson told the outlet.

User data was collected through Meta Pixel — the Facebook parent’s web-tracking tool for developers — from patients who visited NHS websites about self-harm, gender identity, sexual health and other sensitive matters.

“This weekend, 17 of the 20 NHS trusts that were using Meta Pixel confirmed they had pulled the tracking tool from their websites,” Das writes, adding that eight issued apologies to patients.

Several trusts told the Observer that they used the Pixel tool to help track site engagement for recruitment and charity campaign purposes, but were unaware that sensitive data was being sent back to Facebook.

North Korea state-sponsored hackers targeting vulnerable Windows web servers

The North Korean state-sponsored Lazarus Group is targeting vulnerable Windows Internet Information Services (IIS) servers to access corporate networks, Bill Toulas reports for Bleeping Computer.

Lazarus hackers are using vulnerabilities to place malicious files on the IIS servers without being detected by anti-virus software, according to researchers at the AhnLab Security Emergency Response Center.

Lazarus has been linked to a large-scale supply chain attack earlier this year that stole credentials from companies worldwide. The U.S. government has also blamed the group for stealing hundreds of millions of dollars worth of cryptocurrency.

The United States and South Korea last week announced sanctions against “illicit” North Korean IT workers operating out of China and Russia for allegedly funding weapons and mass destruction and missile programs.

It also sanctioned the Technical Reconnaissance Bureau, which the U.S. government said was controlled by North Korea’s intelligence agency, and its cyber unit. The “Technical Reconnaissance Bureau leads the DPRK’s development of offensive cyber tactics and tools and operates several departments, including those affiliated with the Lazarus Group,” the Treasury Department said.

Defense Department sends updated cyber strategy to Congress

The Defense Department sent an updated, classified cyber strategy to Congress, a highly anticipated cyber guidepost for the agency since its first iteration released in 2018, Mark Pomerleau reports for DefenseScoop.

The Defense Department also released an unclassified fact sheet on the strategy, the report adds.

“Of note, the fact sheet explains that the updated strategy is based upon real-world operations,” Pomerleau writes. “Prior to 2018, the Pentagon had only conducted a limited number of cyber ops due to a variety of factors such as stringent authorities and a high-risk [calculus].”.

The document comes three months after the Biden administration released its national cyber strategy . But it also comes as Chinese hackers appear to be testing capabilities to breach Pentagon and other U.S. government zero-trust defenses, the Cybersecurity 202 previously reported.

The Defense Department began to think differently about cybersecurity strategy and operations following events in Ukraine, the DefenseScoop report adds.

“Since 2018, the Department has conducted a number of significant cyberspace operations through its policy of defending forward, actively disrupting malicious cyber activity before it can affect the U.S. Homeland. This strategy is further informed by Russia’s 2022 invasion of Ukraine, which has demonstrated how cyber capabilities may be used in large-scale conventional conflict,” the fact sheet says.

It adds that China, North Korea, Iran and transnational organized crime groups are of top concern to the United States.

Industry report

Cyber insecurity

Global cyberspace

Encryption wars

Daybook

Brett Holmgren speaks about The State Department’sspeaks about Section 702 of FISA at a Center for Strategic and International Studies event at 2 p.m.

The Atlantic Council convenes an event on U.S. national security challenges at 2:30 p.m.

Secure log off

Thanks for reading. See you tomorrow.

