Source: US Congressman Gabe Amo (Rhode Island 1st District)
Secretary Marco Rubio confirms Ready-to-Use Therapeutic Food produced by Rhode Island’s Edesia Nutrition is lifesaving aid and Vice Ranking Member Amo presses Secretary to do everything to keep starving children from dying.
WASHINGTON, DC – Today, House Foreign Affairs Vice Ranking Member Gabe Amo (D-RI), demanded Secretary of State Marco Rubio commit to fund the production, transportation, and distribution of Ready-to-Use Therapeutic Food (RUTF) aid to keep starving children from dying. Until recently, over 123,000 boxes of RUTF purchased for Sudan were sitting in Rhode Island’s Edesia Nutrition warehouse because of State Department inflicted delays. Another 185,000 boxes of RUTFs purchased by the U.S. Government still sit in Edesia warehouses undistributed.
“Ready-To-Use Therapeutic Food aid produced in Rhode Island has the potential to save hundreds of thousands of lives. Secretary Rubio promised over and over that he would not stop the distribution of lifesaving foreign aid, but today the truth came out,” said Vice Ranking Member Gabe Amo (D-RI). “Right now in Rhode Island, 185,000 boxes of therapeutic food bought and paid for by American taxpayers are sitting in a warehouse. All that’s standing between those boxes and the starving kids who need them is Secretary Rubio’s State Department. This is unacceptable, and I will call on Secretary Rubio every week until he keeps his word and distributes this live saving food aid.”
Watch Vice Ranking Member Amo’s QuestioningHere.
BACKGROUND
Edesia Nutrition is a Rhode Island-based nonprofit that produces ready-to-use therapeutic food (RUTF) for worldwide distribution to save the lives of millions of children suffering from severe acute malnutrition.
On January 31, 2025 Amoasked Secretary Rubiofor information on the Trump administration’s unilateral foreign aid pause impact on the production and delivery of Rhode Island-made RUTFs. Amocalled outSecretary Rubio for missing a deadline to provide clarity on foreign aid distribution on February 7.
Source: People’s Republic of China in Russian – People’s Republic of China in Russian –
Source: People’s Republic of China – State Council News
GENEVA, May 21 (Xinhua) — China, along with Malaysia, Nepal, Saudi Arabia and the Seychelles, co-hosted for the first time a side event on traditional medicine on the sidelines of the 78th World Health Assembly in Geneva on May 20.
The event focused on integrating traditional medicine into national health systems, supporting universal health coverage, advancing towards the Sustainable Development Goals and building a community of hygiene and health for all humanity.
The event brought together more than 100 participants, including high-level health officials from many countries, representatives of the World Health Organization (WHO), renowned experts and scientists, and figures from international academia.
The event featured a keynote speech by Yu Yanhong, Director of the National Administration of Traditional Chinese Medicine of the People’s Republic of China. She noted China’s centuries-long commitment to the development of traditional Chinese medicine, emphasizing the country’s unique path in developing traditional medicine with Chinese characteristics and the significant successes achieved along the way.
Yu Yanhong called on countries to develop traditional medicine systems in accordance with their national characteristics and promote the modernization of traditional medical practices. She also reaffirmed China’s commitment to promoting more effective integration of traditional medicine into national health systems around the world.
Seychelles Health Minister Peggy Vido said traditional medicine and herbalism have a long history and deep cultural roots in her country, with their benefits gaining increasing public recognition every day.
She proposed to pay special attention to ensuring the necessary level of education and standard training of practitioners, disseminating evidence-based practices and creating a framework to guarantee the quality, effectiveness and safety of traditional medicine as its role in health systems continues to grow. P. Vido also expressed her country’s interest in further strengthening cooperation with China and other countries in this area.
WHO Regional Director for the Western Pacific, Saiya Mau Piukala, described traditional medicine as a vital pillar of health systems that has made a significant contribution to global health.
He praised China’s achievements in preserving and updating traditional medicine, stressing that these practices should complement modern medicine rather than compete with it.
The WHO regional head called for stronger international cooperation to ensure the safety, quality and accessibility of traditional medicine. S. M. Piukala also noted that the Western Pacific Region is actively working to integrate traditional medicine into universal health coverage systems so that more people can benefit from such treatment. –0–
WASHINGTON, D.C. – Today, House Foreign Affairs Committee Chairman Brian Mast delivered opening remarks at a full committee hearing titled, “FY26 State Department Posture: Protecting American Interests.”
Watch Here
-Remarks-
Since day one, President Trump and yourself, you’ve taken bold action to clean house, to restore accountability, to slash waste, and to put America—and Americans—first. I would say that this was desperately needed.
In the past two decades alone, the State Department’s budget grew from about $9.5 billion to over $55 billion. And I think we could all easily say: for what? In any way, shape, or form did our foreign policy feel like it was five times more effective under Joe Biden? I think everybody would say no.
Instead, we had a State Department that was literally a slush fund for many far-left bureaucrats, grifting non-government organizations, and foreign adversaries like the Taliban. We had our tax dollars went to things like vouchers for migrants at our southern border, mobilizing elderly lesbians to vote in Costa Rica, as well as drag shows, LGBT comic books, musicals, plays, and operas.
That stuff was not PEPFAR, to say the least. It didn’t make America safer. It didn’t make America stronger. It didn’t bring other countries closer to us, and it didn’t save lives.
Now, many of my colleagues might think that canceling these programs creates an inroad for China. I would say we could only hope that China is stupid enough to spend money in that way.
I want to thank this administration for bringing charges against those who, it appears, were stealing from the State Department and USAID—and, in turn, the American people.
And I want to thank you, Secretary Rubio, for reorganizing the State Department into a lean and effective diplomatic operation.
Let’s give proof of that.
Just this past week alone, President Trump secured more than $2 trillion of investment from the Middle East. That is more than ten times what Joe Biden secured from the Middle East during his entire four years in the White House—which is not entirely surprising, considering under the Biden State Department, millions were spent on programs like trans inclusion in Tunisia. That was the focus in the Middle East.
Now, as you know, Secretary Rubio, the job is not done. Up until now, over 80% of the State Department has been unauthorized. We have bureaus and offices that have grown from thousands of dollars to billions of dollars, and that changes in law when we pass the first comprehensive and stand-alone State Department reauthorization that has occured since 2002.
I look forward to working with the members of this committee. I look forward to working with you, Secretary Rubio, and I look forward to working with Senator Risch, moving forward, to make sure that one thing—and one thing alone—takes place: Every single dollar and diplomat that we authorize and send into the field puts America first.
Source: Africa Press Organisation – English (2) – Report:
ALGIERS, Algeria, May 21, 2025/APO Group/ —
On Day Two of the IsDB Annual Meetings in Algiers, the International Islamic Trade Finance Corporation (ITFC) (www.ITFC-IDB.org), a member of the Islamic Development Bank (IsDB), signed important agreements and engaged in strategic discussions with OIC member countries and various stakeholders. These engagements underscore ITFC’s continued commitment to advancing trade, economic cooperation, and sustainable development across the OIC region.
The day featured ITFC’s participation during the opening ceremony of the Private Sector Forum, which convened global and regional stakeholders under the theme: “Boosting Intra-OIC Trade and Investment: Overcoming Barriers and Seizing Opportunities.” Eng. Adeeb Y. Al Aama, CEO of ITFC, joined a high-level CEO session where he highlighted key challenges facing OIC countries and shared insights on solutions to scale intra-OIC trade. He emphasized the importance of targeted Islamic trade finance, capacity-building initiatives, and stronger cross-border collaboration to drive sustainable economic growth across the region.
The day’s proceedings also included a series of high-level meetings with key partners and member countries, including the Government of Pakistan and the Government of Tunisia, the OPEC Fund, Afreximbank, and Saudi EXIM Bank, among others. These meetings focused on advancing collaboration, particularly promoting trade and economic integration and supporting economic resilience and sustainability.
Key Signings and Agreements
Afreximbank–US$300 million Murabaha Financing
This financing is structured to facilitate the import of essential goods, ensuring stable supply chains and supporting trade resilience across the region. The agreement was signed by Eng. Adeeb Yousuf Al-Aama, CEO of ITFC, and Mr. Haytham El Maayergi, Executive Vice President of Afreximbank. This facility is designed to benefit enterprises from key sectors across common member countries in Africa. The facility is also aligned with ITFC’s broader mandate to promote regional integration and advance trade-led development among OIC member countries.
Commercial Bank of Cameroun (CBC) – EUR 10 million Murabaha Financing Agreement
A EUR 10 million Murabaha Financing was signed with Commercial Bank of Cameroun (CBC) to finance essential imports. The financing, signed by Mr. Jean Elise Gouater, Deputy CEO of CBC, and Mr. Nazeem Noordali, COO of ITFC will also support the development of Amana Finance Islamique, CBC’s Islamic finance window. Additionally, the signed facility includes an LC confirmation feature and falls under the broader FWA signed with Cameroon in April 2024.
CHEYENNE, Wyo. – The Wyoming National Guard hosted a delegation from the Tunisian Armed Forces for a weeklong noncommissioned officer (NCO) development exchange, strengthening a long-standing partnership through the State Partnership Program.
Staff Sgt. Eric Wenner, a civil affairs senior sergeant currently assigned to U.S. Africa Command’s Office of Security Cooperation Tunisia, said the visit aimed to showcase the U.S. Army’s approach to empowering NCOs and building leadership capacity at every level.
“Although the Tunisian military is a robust force by African standards, we still like to show them how the U.S. Army uses its NCO Corps to grow and strengthen their force,” Wenner said. “It’s about giving them tools to develop their own NCOs and increase overall capability in a way that mirrors what we’ve done in the U.S.”
One of the key challenges for Tunisia’s military, Wenner noted, is a lack of funding and access to modern facilities. The exchange provides an opportunity for Tunisian leaders to observe U.S. processes and infrastructure, sparking ideas on how to improve efficiency with limited resources.
“This visit is about giving them better ideas on how to maximize what they have,” Wenner explained. “Through the State Partnership Program, they can see firsthand how we organize and train and adapt those lessons back home.”
The visit included tours of Wyoming National Guard facilities, NCO-led workshops, and opportunities for Tunisian soldiers to engage directly with their American counterparts. The focus was not only on military tactics but also on leadership philosophy, mentorship, and the role of the NCO in mission success.
From a civil affairs perspective, Wenner emphasized the importance of NCO empowerment and independent decision-making. In civil affairs teams, where small team sizes require flexibility, enlisted Soldiers are often expected to take on responsibilities typically reserved for officers.
“We’d like to share that same concept with Tunisia—training their enlisted soldiers to operate independently without always needing direct orders,” he said. “This creates a more capable and ready force while reducing the need for constant oversight.”
Wenner highlighted that Tunisia’s armed forces have been making steady progress in professionalizing their NCO Corps, but exchanges like these provide practical examples and firsthand experiences that can’t be replicated through briefings alone.
“Being here, seeing how we do things, asking questions face-to-face—that makes a huge difference,” he said. “It’s about more than showing equipment or processes; it’s about building trust, sharing lessons learned, and growing together.”
Beyond the tactical and operational lessons, the exchange also serves a larger purpose of fostering military-to-military and civil-military relationships. Wenner said civil affairs focuses heavily on integration, partnership, and sharing lessons learned.
“The goal here is to grow the partnership and strengthen our relationship through a better understanding of each military’s capabilities,” Wenner said. “It’s about progressing together in an efficient and cooperative manner.”
The Wyoming National Guard and the Tunisian Armed Forces have been partners through the National Guard Bureau’s State Partnership Program (SPP) since 2004. The SPP connects U.S. states with foreign military partners to build long-term relationships, enhance regional security, and promote shared values.
A “health financing emergency” must drive country-led, data-driven solutions
Ministers from multiple countries hit by the abrupt cuts in external funding for health agreed on the urgent need for country-owned and implemented strategies – and a laser-sharp focus on health data – at a ministerial dialogue co-hosted by WHO and the Susan Thompson Buffett Foundation at the Seventy-eighth World Health Assembly.
Opening remarks by Professor Senait Fisseha, Vice President of Global Programs at the Susan Thompson Buffett Foundation, and Dr Tedros Adhanom Ghebreyesus, WHO Director-General, set the tone by noting that the crisis presents an opportunity for a turnaround in how health financing policies and health data systems are built and operated.
Specifically, this is a time for countries to reduce their reliance on external health information systems and external financing; build out their domestic data infrastructure, from vital statistics to downstream impact and return-on-investment; and establish resilient systems designed to withstand shocks, so that access to essential services is protected.
Professor Fisseha called on countries “to use this moment to rethink data and financing in a way that best meets your needs and the needs of your people […] For countries to truly lead and for funders and development partners to start to learn how to follow. Data and financing are a natural place to start because that is where ministers are telling us to start.”
Dr Tedros said, “From expanding domestic financing to pioneering real-time data systems, many of you are advancing solutions that are scalable, sustainable and rooted in equity. Data and sustainable financing are not just technical matters. They are political choices. They shape who is reached, how quickly, and with what quality of care. And they determine whether we progress or fall behind.”
Ministers from Barbados, Central African Republic, Egypt, Liberia, Malawi, Rwanda and Sierra Leone, and representatives from the African Union and the World Bank, among others, shared experiences and advice on concrete actions to strengthen data systems, health financing and planning – urging intensified collaboration in the future. They also spoke of the need to leverage the digital transformation and thereby increase transparency and accountability.
Also discussed: strategies to improve domestic financing capacity while maximizing impact include: strengthening tax administration; exploring revenue sources such as taxes on such items as food, alcohol and tobacco; setting up population-wide mandatory health coverage schemes, coupled with subsidies for low-income households and vulnerable population groups; promoting strategic purchasing of health supplies; prioritizing health in public spending; and integrating externally-funded programmes into domestic financing systems and priorities.
Later this week the Assembly will take up the proposed WHA Health Financing Resolution.
Report on the health conditions in the occupied Palestinian territory, including east Jerusalem, and in the occupied Syrian Golan
On 21 May 2025, the Seventy-eighth World Health Assembly noted a report from the Director-General, outlining WHO’s humanitarian and emergency health response in the occupied Palestinian territory, including east Jerusalem, and in the occupied Syrian Golan, from January 2024 to February 2025.
A report on the health conditions in the occupied Syrian Golan couldn’t be provided this year again due to the ongoing situation and the lack of disaggregated health data on the Syrian population. Member States were invited to provide guidance on how to support WHO and partners to restore essential health services across Syria and enable a WHO field-assessment mission to the occupied Syrian Golan.
Member States expressed grave concerns over the deterioration of the health system in Gaza, including forced displacement, overcrowding and deteriorating sanitation, and attacks on health, stressing the need for concerted action to address the dire health needs.
A number of Member States presented draft decisions asking the Director-General to continue reporting on the health conditions in the occupied Palestinian territory, including east Jerusalem, and in the occupied Syrian Golan, and more specifically on food insecurity and malnutrition in the Gaza Strip, and to continue supporting the Palestinian and Syrian health systems. The decision was adopted.
Related documents
A78/16: Health conditions in the occupied Palestinian territory, including east Jerusalem, and in the occupied Syrian Golan
A78/B/CONF./1: Health conditions in the occupied Palestinian territory, including east Jerusalem, and in the occupied Syrian Golan
A78/B/CONF./1 Add.1: Financial and administrative implications for the Secretariat of decisions proposed for adoption by the Health Assembly
The rover took the image — its fifth since landing in February 2021 — between stops investigating the Martian surface. A Martian dust devil photobombed NASA’s Perseverance Mars rover as it took a selfie on May 10 to mark its 1,500th sol (Martian day) exploring the Red Planet. At the time, the six-wheeled rover was parked in an area nicknamed “Witch Hazel Hill,” an area on Jezero Crater’s rim that the rover has been exploring over the past five months. “The rover self-portrait at the Witch Hazel Hill area gives us a great view of the terrain and the rover hardware,” said Justin Maki, Perseverance imaging lead at NASA’s Jet Propulsion Laboratory in Southern California, which manages the mission. “The well-illuminated scene and relatively clear atmosphere allowed us to capture a dust devil located 3 miles to the north in Neretva Vallis.” The selfie also gives the engineering teams a chance to view and assess the state of the rover, its instruments, and the overall dust accumulation as Perseverance reached the 1,500-sol milestone. (A day on Mars is 24.6 hours, so 1,500 sols equals 1,541 Earth days.)
The bright light illuminating the scene is courtesy of the high angle of the Sun at the time the images composing the selfie were taken, lighting up Perseverance’s deck and casting its shadow below and behind the chassis. Immediately in front of the rover is the “Bell Island” borehole, the latest sampling location in the Witch Hazel Hill area. How Perseverance Did It This newest selfie, Perseverance’s fifth since the mission began, was stitched together on Earth from a series of 59 images collected by the WATSON (Wide Angle Topographic Sensor for Operations and eNgineering) camera at the end of the robotic arm. It shows the rover’s remote sensing mast looking into the camera. To generate the version of the selfie with the mast looking at the borehole, WATSON took three additional images, concentrating on the reoriented mast.
“To get that selfie look, each WATSON image has to have its own unique field of view,” said Megan Wu, a Perseverance imaging scientist from Malin Space Science Systems in San Diego. “That means we had to make 62 precision movements of the robotic arm. The whole process takes about an hour, but it’s worth it. Having the dust devil in the background makes it a classic. This is a great shot.”
The dust covering the rover is visual evidence of the rover’s journey on Mars: By the time the image was captured, Perseverance had abraded and analyzed a total of 37 rocks and boulders with its science instruments, collected 26 rock cores (25 sealed and 1 left unsealed), and traveled more than 22 miles (36 kilometers). “After 1,500 sols, we may be a bit dusty, but our beauty is more than skin deep,” said Art Thompson, Perseverance project manager at JPL. “Our multi-mission radioisotope thermoelectric generator is giving us all the power we need. All our systems and subsystems are in the green and clicking along, and our amazing instruments continue to provide data that will feed scientific discoveries for years to come.” The rover is currently exploring along the western rim of Jezero Crater, at a location the science team calls “Krokodillen.” News Media Contacts DC AgleJet Propulsion Laboratory, Pasadena, Calif.818-393-9011agle@jpl.nasa.gov Karen Fox / Molly WasserNASA Headquarters, Washington202-358-1600karen.c.fox@nasa.gov / molly.l.wasser@nasa.gov 2025-073
News In Brief – Source: US Computer Emergency Readiness Team
Executive Summary
This joint cybersecurity advisory (CSA) highlights a Russian state-sponsored cyber campaign targeting Western logistics entities and technology companies. This includes those involved in the coordination, transport, and delivery of foreign assistance to Ukraine. Since 2022, Western logistics entities and IT companies have faced an elevated risk of targeting by the Russian General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (85th GTsSS), military unit 26165—tracked in the cybersecurity community under several names (see “Cybersecurity Industry Tracking”). The actors’ cyber espionage-oriented campaign, targeting technology companies and logistics entities, uses a mix of previously disclosed tactics, techniques, and procedures (TTPs). The authoring agencies expect similar targeting and TTP use to continue.
Executives and network defenders at logistics entities and technology companies should recognize the elevated threat of unit 26165 targeting, increase monitoring and threat hunting for known TTPs and indicators of compromise (IOCs), and posture network defenses with a presumption of targeting.
This cyber espionage-oriented campaign targeting logistics entities and technology companies uses a mix of previously disclosed TTPs and is likely connected to these actors’ wide scale targeting of IP cameras in Ukraine and bordering NATO nations.
The following authors and co-sealers are releasing this CSA:
United States National Security Agency (NSA)
United States Federal Bureau of Investigation (FBI)
United Kingdom National Cyber Security Centre (NCSC-UK)
Germany Federal Intelligence Service (BND) Bundesnachrichtendienst
Germany Federal Office for Information Security (BSI) Bundesamt für Sicherheit in der Informationstechnik
Germany Federal Office for the Protection of the Constitution (BfV) Bundesamt für Verfassungsschutz
Czech Republic Military Intelligence (VZ) Vojenské zpravodajství
Czech Republic National Cyber and Information Security Agency (NÚKIB) Národní úřad pro kybernetickou a informační bezpečnost
Czech Republic Security Information Service (BIS) Bezpečnostní informační služba
Poland Internal Security Agency (ABW) Agencja Bezpieczeństwa Wewnętrznego
Poland Military Counterintelligence Service (SKW) Służba Kontrwywiadu Wojskowego
United States Cybersecurity and Infrastructure Security Agency (CISA)
United States Department of Defense Cyber Crime Center (DC3)
United States Cyber Command (USCYBERCOM)
Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC)
Canadian Centre for Cyber Security (CCCS)
Danish Defence Intelligence Service (DDIS) Forsvarets Efterretningstjeneste
Estonian Foreign Intelligence Service (EFIS) Välisluureamet
Estonian National Cyber Security Centre (NCSC-EE) Küberturvalisuse keskus
French Cybersecurity Agency (ANSSI) Agence nationale de la sécurité des systèmes d’information
Netherlands Defence Intelligence and Security Service (MIVD) Militaire Inlichtingen- en Veiligheidsdienst
Download the PDF version of this report:
Russian GRU Targeting Western Logistics Entities and Technology Companies (PDF, 1,081KB)
For a downloadable list of IOCs, visit:
Introduction
For over two years, the Russian GRU 85th GTsSS, military unit 26165—commonly known in the cybersecurity community as APT28, Fancy Bear, Forest Blizzard, BlueDelta, and a variety of other identifiers—has conducted this campaign using a mix of known tactics, techniques, and procedures (TTPs), including reconstituted password spraying capabilities, spearphishing, and modification of Microsoft Exchange mailbox permissions. In late February 2022, multiple Russian state-sponsored cyber actors increased the variety of cyber operations for purposes of espionage, destruction, and influence—with unit 26165 predominately involved in espionage. [1] As Russian military forces failed to meet their military objectives and Western countries provided aid to support Ukraine’s territorial defense, unit 26165 expanded its targeting of logistics entities and technology companies involved in the delivery of aid. These actors have also targeted Internet-connected cameras at Ukrainian border crossings to monitor and track aid shipments. Note: This advisory uses the MITRE ATT&CK® for Enterprise framework, version 17. See Appendix A: MITRE ATT&CK tactics and techniques for a table of the threat actors’ activity mapped to MITRE ATT&CK tactics and techniques. This advisory uses the MITRE D3FEND® framework, version 1.0.
Description of Targets
The GRU unit 26165 cyber campaign against Western logistics providers and technology companies has targeted dozens of entities, including government organizations and private/commercial entities across virtually all transportation modes: air, sea, and rail. These actors have targeted entities associated with the following verticals within NATO member states, Ukraine, and at international organizations:
Defense Industry
Transportation and Transportation Hubs (ports, airports, etc.)
Maritime
Air Traffic Management
IT Services
In the course of the targeting lifecycle, unit 26165 actors identified and conducted follow-on targeting of additional entities in the transportation sector that had business ties to the primary target, exploiting trust relationships to attempt to gain additional access [T1199].
The actors also conducted reconnaissance on at least one entity involved in the production of industrial control system (ICS) components for railway management, though a successful compromise was not confirmed [TA0043].
The countries with targeted entities include the following, as illustrated in Figure 1:
Bulgaria
Czech Republic
France
Germany
Greece
Italy
Moldova
Netherlands
Poland
Romania
Slovakia
Ukraine
United States
Figure 1: Countries with Targeted Entities
Initial Access TTPs
To gain initial access to targeted entities, unit 26165 actors used several techniques to gain initial access to targeted entities, including (but not limited to):
The actors abused vulnerabilities associated with a range of brands and models of small office/home office (SOHO) devices to facilitate covert cyber operations, as well as proxy malicious activity via devices with geolocation in proximity to the target [T1665]. [2]
Credential Guessing/Brute Force
Unit 26165 actors’ credential guessing [T1110.001] operations in this campaign exhibit some similar characteristics to those disclosed in the previous CSA “Russian GRU Conducting Global Brute Force Campaign to Compromise Enterprise and Cloud Environments.” [3] Based on victim network investigations, the current iteration of this TTP employs a similar blend of anonymization infrastructure, including the use of Tor and commercial VPNs [T1090.003]. The actors frequently rotated the IP addresses used to further hamper detection. All observed connections were made via encrypted TLS [T1573].
Spearphishing
GRU unit 26165 actors’ spearphishing emails included links [T1566.002] leading to fake login pages impersonating a variety of government entities and Western cloud email providers’ webpages. These webpages were typically hosted on free third-party services or compromised SOHO devices and often used legitimate documents associated with thematically similar entities as lures. The subjects of spearphishing emails were diverse and ranged from professional topics to adult themes. Phishing emails were frequently sent via compromised accounts or free webmail accounts [T1586.002, T1586.003]. The emails were typically written in the target’s native language and sent to a single targeted recipient.
Some campaigns employed multi-stage redirectors [T1104] verifying IP-geolocation [T1627.001] and browser fingerprints [T1627] to protect credential harvesting infrastructure or provide multifactor authentication (MFA) [T1111] and CAPTCHA relaying capabilities [T1056]. Connecting endpoints failing the location checks were redirected to a benign URL [T1627], such as msn.com. Redirector services used include:
Webhook[.]site
FrgeIO
InfinityFree
Dynu
Mocky
Pipedream
Mockbin[.]org
The actors also used spearphishing to deliver malware (including HEADLACE and MASEPIE) executables [T1204.002] delivered via third-party services and redirectors [T1566.002], scripts in a mix of languages [T1059] (including BAT [T1059.003] and VBScript [T1059.005]) and links to hosted shortcuts [T1204.001].
CVE Usage
Throughout this campaign, GRU unit 26165 weaponized an Outlook NTLM vulnerability (CVE-2023-23397) to collect NTLM hashes and credentials via specially crafted Outlook calendar appointment invitations [T1187]. [4],[5] These actors also used a series of Roundcube CVEs (CVE-2020-12641, CVE-2020-35730, and CVE-2021-44026) to execute arbitrary shell commands [T1059], gain access to victim email accounts, and retrieve sensitive data from email servers [T1114].
Since at least fall 2023, the actors leveraged a WinRAR vulnerability (CVE-2023-38831) allowing for the execution of arbitrary code embedded in an archive as a means of initial access [T1659]. The actors sent emails with malicious attachments [T1566.001] or embedded hyperlinks [T1566.002] that downloaded a malicious archive prepared using this CVE.
Post-Compromise TTPs
After an initial compromise using one of the above techniques, unit 26165 actors conducted contact information reconnaissance to identify additional targets in key positions [T1589.002]. The actors also conducted reconnaissance of the cybersecurity department [T1591], individuals responsible for coordinating transport [T1591.004], and other companies cooperating with the victim entity [T1591.002].
The actors used native commands and open source tools, such as Impacket and PsExec, to move laterally within the environment [TA0008]. Multiple Impacket scripts were used as .exe files, in addition to the python versions, depending on the victim environment. The actors also moved laterally within the network using Remote Desktop Protocol (RDP) [T1021.001] to access additional hosts and attempt to dump Active Directory NTDS.dit domain databases [T1003.003] using native Active Directory Domain Services commands, such as in Figure 2: Example Active Directory Domain Services command:
C:Windowssystem32ntdsutil.exe "activate instance ntds" ifm "create full C:temp[a-z]{3}" quit quit
Figure 2: Example Active Directory Domain Services command
Additionally, GRU unit 26165 actors used the tools Certipy and ADExplorer.exe to exfiltrate information from the Active Directory. The actors installed python [T1059.006] on infected machines to enable the execution of Certipy. Accessed files were archived in .zip files prior to exfiltration [T1560]. The actors attempted to exfiltrate archived data via a previously dropped OpenSSH binary [T1048].
Incident response investigations revealed that the actors would take steps to locate and exfiltrate lists of Office 365 users and set up sustained email collection. The actors used manipulation of mailbox permissions [T1098.002] to establish sustained email collection at compromised logistics entities, as detailed in a Polish Cybercommand blog. [6]
After initial authentication, unit 26165 actors would change accounts’ folder permissions and enroll compromised accounts in MFA mechanisms to increase the trust-level of compromised accounts and enable sustained access [T1556.006]. The actors leveraged python scripts to retrieve plaintext passwords via Group Policy Preferences [T1552.006] using Get-GPPPassword.py and a modified ldap-dump.py to enumerate the Windows environment [T1087.002] and conduct a brute force password spray [T1110.003] via Lightweight Directory Access Protocol (LDAP). The actors would additionally delete event logs through the wevtutil utility [T1070.001].
After gaining initial access to the network, the actors pursued further access to accounts with access to sensitive information on shipments, such as train schedules and shipping manifests. These accounts contained information on aid shipments to Ukraine, including:
sender,
recipient,
train/plane/ship numbers,
point of departure,
destination,
container registration numbers,
travel route, and
cargo contents.
In at least one instance, the actors attempted to use voice phishing [T1566.004] to gain access to privileged accounts by impersonating IT staff.
Malware
Unit 26165’s use of malware in this campaign ranged from gaining initial access to establishing persistence and exfiltrating data. In some cases, the attack chain resulted in multiple pieces of malware being deployed in succession. The actors used dynamic link library (DLL) search order hijacking [T1574.001] to facilitate malware execution. There were a number of known malware variants tied to this campaign against logistics sector victims, including:
HEADLACE [7]
MASEPIE [8]
While other malware variants, such as OCEANMAP and STEELHOOK, [8] were not directly observed targeting logistics or IT entities, their deployment against victims in other sectors in Ukraine and other Western countries suggest that they could be deployed against logistics and IT entities should the need arise.
Persistence
In addition to the abovementioned mailbox permissions abuse, unit 26165 actors also used scheduled tasks [T1053.005], run keys [T1547.001], and placed malicious shortcuts [T1547.009] in the startup folder to establish persistence.
Exfiltration
GRU unit 26165 actors used a variety of methods for data exfiltration that varied based on the victim environment, including both malware and living off the land binaries. PowerShell commands [T1059.001] were often used to prepare data for exfiltration; for example, the actors prepared zip archives [T1560.001] for upload to their own infrastructure.
The actors also used server data exchange protocols and Application Programming Interfaces (APIs) such as Exchange Web Services (EWS) and Internet Message Access Protocol (IMAP) [T1114.002] to exfiltrate data from email servers. In multiple instances, the actors used periodic EWS queries [T1119] to collect new emails sent and received since the last data exfiltration [T1029]. The actors typically used infrastructure in close geographic proximity to the victim. Long gaps between exfiltration, the use of trusted and legitimate protocols, and the use of local infrastructure allowed for long-term collection of sensitive data to go undetected.
Connections to Targeting of IP Cameras
In addition to targeting logistics entities, unit 26165 actors likely used access to private cameras at key locations, such as near border crossings, military installations, and rail stations, to track the movement of materials into Ukraine. The actors also used legitimate municipal services, such as traffic cams.
The actors targeted Real Time Streaming Protocol (RTSP) servers hosting IP cameras primarily located in Ukraine as early as March 2022 in a large-scale campaign, which included attempts to enumerate devices [T1592] and gain access to the cameras’ feeds [T1125]. Actor-controlled servers sent RTSP DESCRIBE requests destined for RTSP servers, primarily hosting IP cameras [T1090.002]. The DESCRIBE requests were crafted to obtain access to IP cameras located on logically distinct networks from that of the routers that received the request. The requests included Base64-encoded credentials for the RTSP server, which included publicly documented default credentials and likely generic attempts to brute force access to the devices [T1110]. An example of an RTSP request is shown in Figure 3.
Successful RTSP 200 OK responses contained a snapshot of the IP camera’s image and IP camera metadata such as video codec, resolution, and other properties depending on the IP camera’s configuration.
From a sample available to the authoring agencies of over 10,000 cameras targeted via this effort, the geographic distribution of victims showed a strong focus on cameras in Ukraine and border countries, as shown in Table 1:
Table 1: Geographic distribution of targeted IP cameras
Country
Percentage of Total Attempts
Ukraine
81.0%
Romania
9.9%
Poland
4.0%
Hungary
2.8%
Slovakia
1.7%
Others
0.6%
Mitigation Actions
General Security Mitigations
Architecture and Configuration
Employ appropriate network segmentation [D3-NI] and restrictions to limit access and utilize additional attributes (such as device information, environment, and access path) when making access decisions [D3-AMED].
Consider Zero Trust principles when designing systems. Base product choices on how those products can solve specific risks identified as part of the end-to-end design. [9]
Ensure that host firewalls and network security appliances (e.g., firewalls) are configured to only allow legitimately needed data flows between devices and servers to prevent lateral movement [D3-ITF]. Alert on attempts to connect laterally between host devices or other unusual data flows.
Use automated tools to audit access logs for security concerns and identify anomalous access requests [D3-RAPA].
For organizations using on-premises authentication and email services, block and alert on NTLM/SMB requests to external infrastructure [D3-OTF].
Utilize endpoint, detection, and response (EDR) and other cybersecurity solutions on all systems, prioritizing high value systems with large amounts of sensitive data such as mail servers and domain controllers [D3-PM] first.
Perform threat and attack modeling to understand how sensitive systems may be compromised within an organization’s specific architecture and security controls. Use this to develop a monitoring strategy to detect compromise attempts and select appropriate products to enact this strategy.
Collect and monitor Windows logs for certain events, especially for events that indicate that a log was cleared unexpectedly [D3-SFA].
Enable optional security features in Windows to harden endpoints and mitigate initial access techniques [D3-AH]:
Enable attack surface reduction rules to prevent executable content from email [D3-ABPI].
Enable attack surface reduction rules to prevent execution of files from globally writeable directories, such as Downloads or %APPDATA% [D3-EAL].
Unless users are involved in the development of scripts, limit the local execution of scripts (such as batch scripts, VBScript, JScript/JavaScript, and PowerShell [10]) to known scripts [D3-EI], and audit execution attempts.
Disable Windows Host Scripting functionality and configure PowerShell to run in Constrained mode [D3-ACH].
Where feasible, implement allowlisting for applications and scripts to limit execution to only those needed for authorized activities, blocking all others by default [D3-EAL].
Consider using open source SIGMA rules as a baseline for detecting and alerting on suspicious file execution or command parameters [D3-PSA].
Use services that provide enhanced browsing services and safe link checking [D3-URA]. Significant reductions in successful spearphishing attempts were noted when email providers began offering link checking and automatic file detonation to block malicious content.
Where possible, block logins from public VPNs, including exit nodes in the same country as target systems, or, if they need to be allowed, alert on them for further investigation. Most organizations should not need to allow incoming traffic, especially logins to systems, from VPN services [D3-NAM].
Educate users to only use approved corporate systems for relevant government and military business and avoid the use of personal accounts on cloud email providers to conduct official business. Network administrators should also audit both email and web request logs to detect such activity.
Many organizations may not need to allow outgoing traffic to hosting and API mocking services, which are frequently used by GRU unit 26165. Organizations should consider alerting on or blocking the following services, with exceptions allowlisted for legitimate activity [D3-DNSDL].
*.000[.]pe
*.1cooldns[.]com
*.42web[.]io
*.4cloud[.]click
*.accesscan[.]org
*.bumbleshrimp[.]com
*.camdvr[.]org
*.casacam[.]net
*.ddnsfree[.]com
*.ddnsgeek[.]com
*.ddnsguru[.]com
*.dynuddns[.]com
*.dynuddns[.]net
*.free[.]nf
*.freeddns[.]org
*.frge[.]io
*.glize[.]com
*.great-site[.]net
*.infinityfreeapp[.]com
*.kesug[.]com
*.loseyourip[.]com
*.lovestoblog[.]com
*.mockbin[.]io
*.mockbin[.]org
*.mocky[.]io
*.mybiolink[.]io
*.mysynology[.]net
*.mywire[.]org
*.ngrok[.]io
*.ooguy[.]com
*.pipedream[.]net
*.rf[.]gd
*.urlbae[.]com
*.webhook[.]site
*.webhookapp[.]com
*.webredirect[.]org
*.wuaze[.]com
Heuristic detections for web requests to new subdomains, including of the above providers, may uncover malicious phishing activity [D3-DNRA]. Logging the requests for each sub-domain requested by users on a network, such as in DNS or firewall logs, may enable system administrators to identify new targeting and victims.
Identity and Access Management
Organizations should take measures to ensure strong access controls and mitigate against common credential theft techniques:
Use MFA with strong factors, such as passkeys or PKI smartcards, and require regular re-authentication [D3-MFA]. [11], [12] Strong authentication factors are not guessable using dictionary techniques, so they resist brute force attempts.
Implement other mitigations for privileged accounts: including limiting the number of admin accounts, considering using hardware MFA tokens, and regularly reviewing all privileged user accounts [D3-JFAPA].
Separate privileged accounts by role and alert on misuse of privileged accounts [D3-UAP]. For example, email administrator accounts should be different from domain administrator accounts.
Reduce reliance on passwords; instead, consider using services like single sign-on [D3-TBA].
For organizations using on-premises authentication and email services, plan to disable NTLM entirely and migrate to more robust authentication processes such as PKI certificate authentication.
Do not store passwords in Group Policy Preferences (GPP). Remove all passwords previously included in GPP and change all passwords on the corresponding accounts [D3-CH]. [13]
Use account throttling or account lockout [D3-ANET]:
Throttling is preferred to lockout. Throttling progressively increases time delay between successive login attempts.
Account lockout can leave legitimate users unable to access their accounts and requires access to an account recovery process.
Account lockout can provide a malicious actor with an easy way to launch a Denial of Service (DoS).
If using lockout, then allowing 5 to 10 attempts before lockout is recommended.
Use a service to check for compromised passwords before using them [D3-SPP]. For example, “Have I Been Pwned” can be used to check whether a password has been previously compromised without disclosing the potential password.
Change all default credentials [D3-CRO] and disable protocols that use weak authentication (e.g., clear-text passwords or outdated and vulnerable authentication or encryption protocols) or do not support multi-factor authentication [D3-ACH] [D3-ET]. Always configure access controls carefully to ensure that only well-maintained and well-authenticated accounts have access. [13]
IP Camera Mitigations
The following mitigation techniques for IP cameras can be used to defend against this type of malicious activity:
Ensure IP cameras are currently supported. Replace devices that are out of support.
Apply security patches and firmware updates to all IP cameras [D3-SU].
Disable remote access to the IP camera, if unnecessary [D3-ITF].
Ensure cameras are protected by a security appliance, if possible, such as by using a firewall to prevent communication with the camera from IP addresses not on an allowlist [D3-NAM].
If remote access to IP camera feeds is required, ensure authentication is enabled [D3-AA] and use a VPN to connect remotely [D3-ET]. Use MFA for management accounts if supported [D3-MFA].
Disable Universal Plug and Play (UPnP), Peer-to-Peer (P2P), and Anonymous Visit features on IP cameras and routers [D3-NI].
Turn off other ports/services not in use (e.g., FTP, web interface, etc.) [D3-ACH].
If supported, enable authenticated RTSP access only [D3-AA].
Review all authentication activity for remote access to make sure it is valid and expected [D3-UBA]. Investigate any unexpected or unusual activity.
Audit IP camera user accounts to ensure they are an accurate reflection of your organization and that they are being used as expected [D3-UAP].
Configure, tune, and monitor logging—if available—on the IP camera.
Indicators of Compromise (IOCs)
Note: Specific IoCs may no longer be actor controlled, may themselves be compromised infrastructure or email accounts, or may be shared infrastructure such as public VPN or Tor exit nodes. Care should be taken when basing triaging logs or developing detection rules on these indicators. GRU unit 26165 almost certainly uses extensive further infrastructure and TTPs not specifically listed in this report.
Utilities and scripts
Legitimate utilities
Unauthorized or unusual use of the following legitimate utilities can be an indication of a potential compromise:
ntdsutil – A legitimate Windows executable used by threat actors to export contents of Active Directory
wevtutil – A legitimate Windows executable used by threat actors to delete event logs
vssadmin – A legitimate Windows executable possibly used by threat actors to make a copy of the server’s C: drive
ADexplorer – A legitimate window executable to view, edit, and backup Active Directory Certificate Services
OpenSSH – The Windows version of a legitimate open source SSH client
schtasks – A legitimate Windows executable used to create persistence using scheduled tasks
whoami – A legitimate Windows executable used to retrieve the name of the current user
tasklist – A legitimate Windows executable used to retrieve the list of running processes
hostname – A legitimate Windows executable used to retrieve the device name
arp – A legitimate Windows executable used to retrieve the ARP table for mapping the network environment
systeminfo – A legitimate Windows executable used to retrieve a comprehensive summary of device and operating system information
net – A legitimate Windows executable used to retrieve detailed user information
wmic – A legitimate Windows executable used to interact with Windows Management Instrumentation (WMI), such as to retrieve letters assigned to logical partitions on storage drives
cacls – A legitimate Windows executable used to modify permissions on files
icacls – A legitimate Windows executable used to modify permissions to files and handle integrity levels and ownership
ssh – A legitimate Windows executable used to establish network shell connections
reg – A legitimate Windows executable used to add to or modify the system registry
Note: Additional heuristics are needed for effective hunting for these and other living off the land (LOTL) binaries to avoid being overwhelmed by false positives if these legitimate management tools are used regularly. See the joint guide, Identifying and Mitigating Living Off the Land Techniques, for guidance on developing a multifaceted cybersecurity strategy that enables behavior analytics, anomaly detection, and proactive hunting, which are part of a comprehensive approach to mitigating cyber threats that employ LOTL techniques.
Malicious scripts
Certipy – An open source python tool for enumerating and abusing Active Directory Certificate Services
Get-GPPPassword.py – An open source python script for finding insecure passwords stored in Group Policy Preferences
ldap-dump.py – A script for enumerating user accounts and other information in Active Directory
Hikvision backdoor string: “YWRtaW46MTEK”
Suspicious command lines
While the following utilities are legitimate, and using them with the command lines shown may also be legitimate, these command lines are often used during malicious activities and could be an indication of a compromise:
edge.exe “-headless-new -disable-gpu”
ntdsutil.exe “activate instance ntds” ifm “create full C:temp[a-z]{3}” quit quit
Disclaimer: These IP addresses date June 2024 through August 2024. The authoring agencies recommend organizations investigate or vet these IP addresses prior to taking action, such as blocking.
June 2024
July 2024
August 2024
192[.]162[.]174[.]94
207[.]244[.]71[.]84
31[.]135[.]199[.]145
79[.]184[.]25[.]198
91[.]149[.]253[.]204
103[.]97[.]203[.]29
162[.]210[.]194[.]2
31[.]42[.]4[.]138
79[.]185[.]5[.]142
91[.]149[.]254[.]75
209[.]14[.]71[.]127
46[.]112[.]70[.]252
83[.]10[.]46[.]174
91[.]149[.]255[.]122
109[.]95[.]151[.]207
46[.]248[.]185[.]236
83[.]168[.]66[.]145
91[.]149[.]255[.]19
64[.]176[.]67[.]117
83[.]168[.]78[.]27
91[.]149[.]255[.]195
64[.]176[.]69[.]196
83[.]168[.]78[.]31
91[.]221[.]88[.]76
64[.]176[.]70[.]18
83[.]168[.]78[.]55
93[.]105[.]185[.]139
64[.]176[.]70[.]238
83[.]23[.]130[.]49
95[.]215[.]76[.]209
64[.]176[.]71[.]201
83[.]29[.]138[.]115
138[.]199[.]59[.]43
70[.]34[.]242[.]220
89[.]64[.]70[.]69
147[.]135[.]209[.]245
70[.]34[.]243[.]226
90[.]156[.]4[.]204
178[.]235[.]191[.]182
70[.]34[.]244[.]100
91[.]149[.]202[.]215
178[.]37[.]97[.]243
70[.]34[.]245[.]215
91[.]149[.]203[.]73
185[.]234[.]235[.]69
70[.]34[.]252[.]168
91[.]149[.]219[.]158
192[.]162[.]174[.]67
70[.]34[.]252[.]186
91[.]149[.]219[.]23
194[.]187[.]180[.]20
70[.]34[.]252[.]222
91[.]149[.]223[.]130
212[.]127[.]78[.]170
70[.]34[.]253[.]13
91[.]149[.]253[.]118
213[.]134[.]184[.]167
70[.]34[.]253[.]247
91[.]149[.]253[.]198
70[.]34[.]254[.]245
91[.]149[.]253[.]20
Detections
Customized NTLM listener
rule APT28_NTLM_LISTENER {
meta:
description = "Detects NTLM listeners including APT28's custom one"
( any of ($sysinternals_*) and any of ($psexec_*) )
or
( 2 of ($network_*) and 2 of ($psexec_*))
)
}
The cybersecurity industry provides overlapping cyber threat intelligence, IOCs, and mitigation recommendations related to GRU unit 26165 cyber actors. While not all encompassing, the following are the most notable threat group names related under MITRE ATT&CK G0007 and commonly used within the cybersecurity community:
APT28 [14]
Fancy Bear [14]
Forest Blizzard [14]
Blue Delta [15]
Note: Cybersecurity companies have different methods of tracking and attributing cyber actors, and this may not be a 1:1 correlation to the U.S. government’s understanding for all activity related to these groupings.
Further Reference
To search for the presence of malicious email messages targeting CVE-2023-23397, network defenders may consider using the script published by Microsoft: https://aka.ms/CVE-2023-23397ScriptDoc.
For the Impacket TTP, network defenders may consider using the following publicly available Impacket YARA detection rule: https://github.com/Neo23x0/signature-base/blob/master/yara/gen_impacket_tools.yar
Works Cited
[1] Microsoft. Defending Ukraine: Early Lessons from the Cyber War. 2022. https://blogs.microsoft.com/on-the-issues/2022/06/22/defending-ukraine-early-lessons-from-the-cyber-war/ [2] FBI et al. Russian Cyber Actors Use Compromised Routers to Facilitate Cyber Operations. 2024. https://media.defense.gov/2024/Feb/27/2003400753/-1/-1/0/CSA-Russian-Actors-Use-Routers-Facilitate-Cyber_Operations.PDF [3] NSA et al. Russian GRU Conducting Global Brute Force Campaign to Compromise Enterprise and Cloud Environments. 2021. https://media.defense.gov/2021/Jul/01/2002753896/-1/-1/0/CSA_GRU_GLOBAL_BRUTE_FORCE_CAMPAIGN_UOO158036-21.PDF [4] ANSSI. Campagnes d'attaques du mode opératoire APT28 depuis 2021. 2023. https://cert.ssi.gouv.fr/cti/CERTFR-2023-CTI-009/ [5] ANSSI. Targeting and compromise of french entities using the APT28 intrusion set. 2025. https://cert.ssi.gouv.fr/cti/CERTFR-2025-CTI-007/ [6] Polish Cyber Command. Detecting Malicious Activity Against Microsoft Exchange Servers. 2023. https://www.wojsko-polskie.pl/woc/articles/aktualnosci-w/detecting-malicious-activity-against-microsoft-exchange-servers/ [7] IBM. Israel-Hamas Conflict Lures to Deliver Headlace Malware. 2023. https://securityintelligence.com/x-force/itg05-ops-leverage-israel-hamas-conflict-lures-to-deliver-headlace-malware/ [8] CERT-UA. APT28: From Initial Attack to Creating Domain Controller Threats in an Hour. 2023. https://cert.gov.ua/article/6276894 [9] NSA. Embracing a Zero Trust Security Model. 2021. https://media.defense.gov/2021/Feb/25/2002588479/-1/-1/0/CSI_EMBRACING_ZT_SECURITY_MODEL_UOO115131-21.PDF [10] NSA et al. Keeping PowerShell: Security Measures to Use and Embrace. 2022. https://media.defense.gov/2022/Jun/22/2003021689/-1/-1/0/CSI_KEEPING_POWERSHELL_SECURITY_MEASURES_TO_USE_AND_EMBRACE_20220622.PDF [11] National Institute of Standards and Technology (NIST). Special Publication 800-63B: Digital Identity Guidelines – Authentication and Lifecycle Management. 2020. https://pages.nist.gov/800-63-3/sp800-63b.html [12] NSA. Selecting Secure Multi-factor Authentication Solutions. October 16, 2020. https://media.defense.gov/2024/Jul/31/2003515137/-1/-1/0/MULTIFACTOR_AUTHENTICATION_SOLUTIONS_UOO17091520.PDF [13] NSA and CSA. NSA and CISA Red and Blue Teams Share Top Ten Cybersecurity Misconfigurations. 2023. https://media.defense.gov/2023/Oct/05/2003314578/-1/-1/0/JOINT_CSA_TOP_TEN_MISCONFIGURATIONS_TLP-CLEAR.PDF
[14] Department of Justice. Justice Department Conducts Court-Authorized Disruption of Botnet Controlled by the Russian Federation’s Main Intelligence Directorate of the General Staff (GRU). 2024. https://www.justice.gov/archives/opa/pr/justice-department-conducts-court-authorized-disruption-botnet-controlled-russian [15] Recorded Future. GRU’s BlueDelta Targets Key Networks in Europe with Multi-Phase Espionage Campaigns. 2024. https://go.recordedfuture.com/hubfs/reports/CTA-RU-2024-0530.pdf
Disclaimer of endorsement
The information and opinions contained in this document are provided "as is" and without any warranties or guarantees. Reference herein to any specific commercial products, process, or service by trade name, trademark, manufacturer, or otherwise, does not constitute or imply its endorsement, recommendation, or favoring by the United States Government, and this guidance shall not be used for advertising or product endorsement purposes.
Purpose
This document was developed in furtherance of the authoring agencies’ cybersecurity missions, including their responsibilities to identify and disseminate threats and to develop and issue cybersecurity specifications and mitigations. This information may be shared broadly to reach all appropriate stakeholders.
Contact
United States organizations
National Security Agency (NSA)
Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI)
U.S. organizations are encouraged to reporting suspicious or criminal activity related to information in this advisory to CISA via the agency’s Incident Reporting System, its 24/7 Operations Center (report@cisa.gov or 888-282-0870), or your local FBI field office. When available, please include the following information regarding the incident: date, time, and location of the incident; type of activity; number of people affected; type of equipment user for the activity; the name of the submitting company or organization; and a designated point of contact.
Department of Defense Cyber Crime Center (DC3)
United Kingdom organizations
Germany organizations
Czech Republic organizations
Poland organizations
Australian organizations
Visit cyber.gov.au or call 1300 292 371 (1300 CYBER 1) to report cybersecurity incidents and access alerts and advisories.
Canadian organizations
Estonia organizations
French organizations
French organizations are encouraged to report suspicious activity or incident related to information found in this advisory by contacting ANSSI/CERT-FR by email at cert-fr@ssi.gouv.fr or by phone at: 3218 or +33 9 70 83 32 18.
See Table 2 through Table 14 for all the threat actor tactics and techniques referenced in this advisory.
Table 2: Reconnaissance
Tactic/Technique Title
ID
Use
Reconnaissance
TA0043
Conducted reconnaissance on at least one entity involved in the production of ICS components for railway management.
Conducted contact information reconnaissance to identify additional targets in key positions.
Gather Victim Org Information
T1591
Conducted reconnaissance of the cybersecurity department.
Gather Victim Org Information: Identify Roles
T1591.004
Conducted reconnaissance of individuals responsible for coordinating transport.
Gather Victim Org Information: Business Relationships
T1591.002
Conducted reconnaissance of other companies cooperating with the victim entity.
Gather Victim Host Information
T1592
Attempted to enumerate Real Time Streaming Protocol (RTSP) servers hosting IP cameras.
Table 3: Resource development
Tactic/Technique Title
ID
Use
Compromise Accounts: Email Accounts
T1586.002
Sent phishing emails using compromised accounts.
Compromise Accounts: Cloud Accounts
T1586.003
Sent phishing emails using compromised accounts.
Table 4: Initial Access
Tactic/Technique Title
ID
Use
Trusted Relationship
T1199
Conducted follow-on targeting of additional entities in the transportation sector that had business ties to the primary target, exploiting trust relationships to attempt to gain additional access.
Phishing
T1566
Used spearphishing for credentials and delivering malware to gain initial access to targeted entities.
Phishing: Spearphishing Attachment
T1566.001
Sent emails with malicious attachments.
Phishing: Spearphishing Link
T1566.002
Used spearphishing with included links to fake login pages. Sent emails with embedded hyperlinks that downloaded a malicious archive.
Phishing: Spearphishing Voice
T1566.004
Attempted to use voice phishing to gain access to privileged accounts by impersonating IT staff.
External Remote Services
T1133
Exploited Internet-facing infrastructure, including corporate VPNs, to gain initial access to targeted entities.
Exploit Public-Facing Application
T1190
Exploited public vulnerabilities and SQL injection to gain initial access to targeted entities.
Content Injection
T1659
Leveraged a WinRAR vulnerability allowing for the execution of arbitrary code embedded in an archive.
Table 5: Execution
Tactic/Technique Title
ID
Use
User Execution: Malicious Link
T1204.001
Used malicious links to hosted shortcuts in spearphishing.
User Execution: Malicious File
T1204.002
Delivered malware executables via spearphishing.
Scheduled Task/Job: Scheduled Task
T1053.005
Used scheduled tasks to establish persistence.
Command and Scripting Interpreter
T1059
Delivered scripts in spearphishing. Executed arbitrary shell commands.
Command and Scripting Interpreter: PowerShell
T1059.001
PowerShell commands were often used to prepare data for exfiltration.
Command and Scripting Interpreter: Windows Command Shell
T1059.003
Used BAT script in spearphishing.
Command and Scripting Interpreter: Visual Basic
T1059.005
Used VBScript in spearphishing.
Command and Scripting Interpreter: Python
T1059.006
Installed python on infected machines to enable the execution of Certipy.
Enrolled compromised accounts in MFA mechanisms to increase the trust-level of compromised accounts and enable sustained access.
Hijack Execution Flow: DLL Search Order Hijacking
T1574.001
Used DLL search order hijacking to facilitate malware execution.
Boot or Logon Autostart Execution: Registry Run Keys / Startup Folder
T1547.001
Used run keys to establish persistence.
Boot or Logon Autostart Execution: Shortcut Modification
T1547.009
Placed malicious shortcuts in the startup folder to establish persistence.
Table 7: Defense Evasion
Tactic/Technique Title
ID
Use
Indicator Removal: Clear Windows Event Logs
T1070.001
Deleted event logs through the wevtutil utility.
Table 8: Credential access
Tactic/Technique Title
ID
Use
Brute Force
Sent requests with Base64-encoded credentials for the RTSP server, which included publicly documented default credentials, and likely were generic attempts to brute force access to the devices.
Brute Force: Password Guessing
T1110.001
Used credential guessing to gain initial access to targeted entities.
Brute Force: Password Spraying
T1110.003
Used brute force to gain initial access to targeted entities. Conducted a brute force password spray via LDAP.
Multi-Factor Authentication Interception
Used multi-stage redirectors to provide MFA relaying capabilities in some campaigns.
Input Capture
Used multi-stage redirectors to provide CAPTCHA relaying capabilities in some campaigns.
Forced Authentication
Used an Outlook NTLM vulnerability to collect NTLM hashes and credentials via specially crafted Outlook calendar appointment invitations.
OS Credential Dumping: NTDS
T1003.003
Attempted to dump Active Directory NTDS.dit domain databases.
Unsecured Credentials: Group Policy Preferences
T1552.006
Retrieved plaintext passwords via Group Policy Preferences using Get-GPPPassword.py.
Table 9: Discovery
Tactic/Technique Title
ID
Use
Account Discovery: Domain Account
T1087.002
Used a modified ldap-dump.py to enumerate the Windows environment.
Table 10: Command and Control
Tactic/Technique Title
ID
Use
Hide Infrastructure
T1665
Abused SOHO devices to facilitate covert cyber operations, as well as proxy malicious activity, via devices with geolocation in proximity to the target.
Proxy: External Proxy
T1090.002
Actor-controlled servers sent RTSP DESCRIBE requests destined for RTSP servers.
Proxy: Multi-hop Proxy
T1090.003
Used Tor and commercial VPNs as part of their anonymization infrastructure
Encrypted Channel
T1573
Connected to victim infrastructure using encrypted TLS.
Multi-Stage Channels
T1104
Used multi-stage redirectors for campaigns.
Table 11: Defense evasion (mobile framework)
Tactic/Technique Title
ID
Use
Execution Guardrails
Used multi-stage redirectors to verify browser fingerprints in some campaigns.
Execution Guardrails: Geofencing
T1627.001
Used multi-stage redirectors to verify IP-geolocation in some campaigns.
Table 12: Lateral movement
Tactic/Technique Title
ID
Use
Lateral Movement
Used native commands and open source tools, such as Impacket and PsExec, to move laterally within the environment.
Remote Services: Remote Desktop Protocol
T1021.001
Moved laterally within the network using RDP.
Table 13: Collection
Tactic/Technique Title
ID
Use
Email Collection
Retrieved sensitive data from email servers.
Email Collection: Remote Email Collection
T1114.002
Used server data exchange protocols and APIs such as Exchange Web Services (EWS) and IMAP to exfiltrate data from email servers.
Automated Collection
Used periodic EWS queries to collect new emails.
Video Capture
Attempted to gain access to the cameras’ feeds.
Archive Collected Data
Accessed files were archived in .zip files prior to exfiltration.
Archive Collected Data: Archive via Utility
T1560.001
Prepared zip archives for upload to the actors’ infrastructure.
Table 14: Exfiltration
Tactic/Technique Title
ID
Use
Exfiltration Over Alternative Protocol
Attempted to exfiltrate archived data via a previously dropped OpenSSH binary.
Scheduled Transfer
Used periodic EWS queries to collect new emails sent and received since the last data exfiltration.
Appendix B: CVEs exploited
Table 15: Exploited CVE information
CVE
Vendor/Product
Details
CVE-2023-38831
RARLAB WinRAR
Allows execution of arbitrary code when a user attempts to view a benign file within a ZIP archive.
CVE-2023-23397
Microsoft Outlook
External actors could send specially crafted emails that cause a connection from the victim to an untrusted location of the actor’s control, leaking the Net-NTLMv2 hash of the victim that the actor could then relay to another service to authenticate as the victim.
CVE-2021-44026
Roundcube Webmail
Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to a potential SQL injection via search or search params.
CVE-2020-35730
Roundcube Webmail
An XSS issue was discovered in Roundcube Webmail before 1.2.13, 1.3.x before 1.3.16 and 1.4.x before 1.4.10, where a plaintext email message with JavaScript in a link reference element is mishandled by linkref_addindex in rcube_string_replacer.php.
CVE-2020-12641
Roundcube Webmail
Roundcube Webmail before 1.4.4 allows arbitrary code execution via shell metacharacters in a configuration setting for im_convert_path or im_identify_path in rcube_image.php.
Appendix C: MITRE D3FEND Countermeasures
Table 16: MITRE D3FEND countermeasures
Countermeasure Title
ID
Details
Network Isolation
Employ appropriate network segmentation. Disable Universal Plug and Play (UPnP), Peer-to-Peer (P2P), and Anonymous Visit features on IP cameras and routers.
Access Mediation
Limit access and utilize additional attributes (such as device information, environment, and access path) when making access decisions. Configure access controls carefully to ensure that only well-maintained and well-authenticated accounts have access.
Inbound Traffic Filtering
Implement host firewall rules to block connections from other devices on the network, other than from authorized management devices and servers, to prevent lateral movement.
Resource Access Pattern Analysis
Use automated tools to audit access logs for security concerns and identify anomalous access requests.
Outbound Traffic Filtering
Block NTLM/SMB requests to external infrastructure.
Platform Monitoring
Install EDR/logging/cybersecurity solutions onto high value systems with large amounts of sensitive data such as mail servers and domain controllers.
System File Analysis
Collect and monitor Windows logs for certain events, especially for events that indicate that a log was cleared unexpectedly.
Application Hardening
Enable optional security features in Windows to harden endpoints and mitigate initial access techniques.
Application-based Process Isolation
Enable attack surface reduction rules to prevent executable content from email.
Executable Allowlisting
Enable attack surface reduction rules to prevent execution of files from globally writeable directories, such as Downloads or %APPDATA%.
Execution Isolation
Unless users are involved in the development of scripts, limit the execution of scripts (such as batch, JavaScript, and PowerShell) to known scripts.
Application Configuration Hardening
Disable Windows Host Scripting functionality and configure PowerShell to run in Constrained mode. Disable protocols that use weak authentication (e.g., clear-text passwords, or outdated and vulnerable authentication or encryption protocols) or do not support multi-factor authentication. Turn off other ports/services not in use (e.g., FTP, web interface, etc.).
Process Spawn Analysis
Use open source SIGMA rules as a baseline for detecting and alerting on suspicious file execution or command parameters.
URL Reputation Analysis
Use services that provide enhanced browsing services and safe link checking.
Network Access Mediation
Do not allow incoming traffic, especially logins to systems, from public VPN services. Where possible, logins from public VPNs, including exit nodes in the same country as target systems, should be blocked or, if allowed, alerted on for further investigation. Ensure cameras and other Internet of Things devices are protected by a security appliance, if possible.
DNS Denylisting
D3-DNSDL
Do not allow outgoing traffic to hosting and API mocking services frequently used by malicious actors.
Domain Name Reputation Analysis
Heuristic detections for web requests to new subdomains may uncover malicious phishing activity. Logging the requests for each sub-domain requested by users on a network, such as in DNS or firewall logs, may enable system administrators to identify new targeting and victims.
Multi-factor Authentication
Use MFA with strong factors and require regular re-authentication, especially for management accounts.
Job Function Access Pattern Analysis
D3-JFAPA
Implement other mitigations for privileged accounts: including limiting the number of admin accounts, considering using hardware MFA tokens, and regularly reviewing all privileged user accounts.
User Account Permissions
Separate privileged accounts by role and alert on misuse of privileged accounts. Audit user accounts on all devices to ensure they are an accurate reflection of your organization and that they are being used as expected.
Token-based Authentication
Reduce reliance on passwords; instead, consider using services like single sign-on.
Credential Hardening
Do not store passwords in Group Policy Preferences (GPP). Remove all passwords previously included in GPP and change all passwords on the corresponding accounts.
Authentication Event Threshholding
Use account throttling or account lockout. Throttling progressively increases time delay between successive login attempts. If using account lockout, allow between 5 to 10 attempts before lockout.
Strong Password Policy
Use a service to check for compromised passwords before using them.
Credential Rotation
Change all default credentials.
Encrypted Tunnels
Disable protocols that use weak authentication (e.g., clear-text passwords, or outdated and vulnerable authentication or encryption protocols). Use a VPN for remote connections to devices.
Software Update
Apply security patches and firmware updates to all devices. Ensure devices are currently supported. Replace devices that are end-of-life.
Agent Authentication
Ensure authentication is enabled for remote access to devices. If supported on IP cameras, enable authenticated RTSP access only.
User Behavior Analysis
Review all authentication activity for remote access to make sure it is valid and expected. Investigate any unexpected or unusual activity.
HACKENSACK, N.J., May 21, 2025 (GLOBE NEWSWIRE) — Heather Lowrie, a highly-experienced CISO, keynote speaker, and cybersecurity advocate, joins Paperclip as an advisor for its SAFE encryption solution. Lowrie will help guide Paperclip SAFE into the international cybersecurity market and bring data-centric security and encryption to the forefront of enterprise security.
With more than 25 years’ experience across cybersecurity, technology, risk, and resilience, Lowrie has led major digital and security transformations for high-impact public and private sector organizations. She is known for delivering business-aligned security that drives growth, builds trust, and creates societal value—underpinned by deep, hands-on experience in managing major cyber incidents.
“We’re thrilled to have Heather join us in an advisory capacity and to benefit from her deep expertise as we continue to advance Paperclip SAFE®,” said Chad Walter, CRO at Paperclip. “We’re excited to collaborate on cybersecurity thought leadership, participate in key industry events, and refine our go-to-market strategy to elevate encryption-in-use and the SAFE technology across the data security landscape.”
Lowrie was recognized by her peers as CISO of the Year at the 2024 SC Awards Europe and is a Fellow of the Chartered Institute of Information Security. She is an accomplished strategist with extensive experience leading through crises—including major cyber incidents—and driving strategic change across digital transformation, data and AI, cybersecurity, and organizational culture initiatives.
Lowrie is also the Co-Founder of Resilionix, a deep-tech startup dedicated to helping organizations build resilience in an increasingly complex and uncertain world.
“I’m delighted to join Paperclip in an advisory capacity and help bring data-centric security and encryption to the forefront of enterprise security,” Lowrie said. “I look forward to working with the excellent team at Paperclip to advance the adoption of encryption-in-use and to support organizations in building resilience”.
Lowrie is a graduate of the University of Edinburgh, where she earned a Master of Science by Research in Science, Technology and Innovation Studies with distinction. She also holds a postgraduate diploma in Information Technology, awarded with distinction, from the University of the West of Scotland, alongside other academic qualifications. Lowrie holds numerous cybersecurity certifications from both U.S. and European organizations, including CISSP, CCSP, CISM, CDPSE, CIPP/E, and more.
About Paperclip, Inc.
Paperclip is a proven technology partner that continues to revolutionize data security, content and document management for Fortune 1,000 companies worldwide. Every second of every day, our innovative solutions are securely processing, transcribing, storing, and communicating highly sensitive content across the internet. Maximizing efficiency to save millions annually, while maintaining absolute security and compliance. For more information, visit paperclip.com.
About SAFE
Paperclip SAFE builds on the foundation of trust and collaboration that Paperclip has established with its security and content management solutions over three decades. Paperclip SAFE utilizes in-depth knowledge of the database and data pipeline to secure all points within the data lifecycle. Nine of the 10 top life insurance carriers in the U.S. are currently protected by Paperclip SAFE. With Paperclip SAFE, outpace threats with data that is always encrypted and always ahead of evolving risk. For more information, visit paperclip.com/safe.
MEDIA CONTACT: Megan Brandow Paperclip, Inc. MBrandow@paperclip.com 585.727.0983
Source: The Conversation – Canada – By Genevieve LeBaron, Distinguished SFU Professor of Global Supply Chain Governance, Simon Fraser University
Gender-based violence and harassment is a widespread issue in supply chains. Women workers in garment manufacturing, food production and hospitality are routinely subjected to unwanted touching and sexual advances and inappropriate comments, while promotion and advancement are often conditional on sex. In the most severe cases, this abuse escalates to sexual assault and rape.
A 2024 report from Statistics Canada, for instance, has found that 47 per cent of women have experienced some form of harassment or sexual assault in the workplace.
Rates of gender-based violence and harassment are thought to be even higher in some countries and industries. In Bangladesh, a 2018 study found at least 60 per cent of garment workers had experienced it in the previous year. Another found 85 per cent of garment workers in Indonesia were concerned about sexual harassment at work.
In the face of such a persistent global issue, women working in garment supply chains have pioneered a highly effective solution for tackling gender-based violence and harassment.
Worker-led binding agreements
Supported by labour unions and organizations like the Asia Floor Wage Alliance, Worker Rights Consortium and Global Labor justice, women workers have led the development of legally binding agreements with brands and suppliers to eliminate gender-based violence and harassment.
The latest of these is called the Central Java Agreement for Gender Justice. Signed in July 2024, it covers 6,250 workers producing clothing for brands like Nike and Fanatics, Inc. under licenses with universities affiliated with the Worker Rights Consortium.
This agreement creates a union-led program to address the problem at two Indonesian factories; if factory management does not comply, it risks losing business with Nike and Fanatics.
Building on success from India to Indonesia
The 2024 Central Java Agreement builds on and incorporates key features of previous worker-led agreements to address the issue.
The Dindigul agreement was led by an independent, majority-Dalit trade union run by women. It established a set of legally binding agreements with major garment companies including H&M Group, Gap Inc., PVH and Eastman Exports Global Clothing Ltd.
The Lesotho agreements involved brands such as Levi Strauss & Co., Nien Hsing Textile Co., unions, women’s rights advocates and labour organizations.
While each agreement is unique, they all adhere to the principles of worker-driven social responsibility.
Under this governance model, “worker organizations and unions, suppliers, and brand companies enter into enforceable and legally binding agreements” and “transnational corporations use their leverage and supply chain relationships to effect change amongst supplier worksites.”
A new model of accountability
These agreements include worker-led detection and remediation systems to address gender-based violence and harassment. For example, under the Lesotho agreement, workers can access a 24-hour hotline operated by a local women’s organization to lodge complaints or bring them directly to the unions involved in the agreement.
The Dindigul agreement also provides multiple channels for workers to raise complaints of gender-based violence and harassment, including shop floor monitors selected by the local union (one for every 25 workers). It also offers multiple avenues for raising complaints, including to the union or to sexual harassment committees required under Indian law.
Under the Central Java Agreement, workers can bring complaints to committees aimed at eliminating the problem, to shop floor monitors or their unions. Not only do each of the agreements permit workers to request independent investigations, they all provide a wide array of remedies in the case of any incidents and violations of freedom of association.
What sets these agreements apart from most other initiatives to combat gender-based violence and harassment in supply chains is that they actually work. One study of the two-year impact of the Dindigul Agreement by Cornell University’s Global Labor Institute found that 76 per cent of grievances were resolved in two weeks.
The report said the program “constituted a powerful monitoring mechanism, ensuring effective remediation and deterring violations” of both gender-based violence and harassment and freedom of association — briefly put, the right to voluntarily join or leave groups (like unions), and for those groups to pursue collective action.
Now, a key question is whether and to what extent these successful programs will continue to thrive and grow under the current “America First” agenda of the U.S. government.
Progress under threat
Despite their success, these worker-led initiatives face mounting challenges.
At the same time, company rollbacks of diversity, equity and inclusion programs are constraining, if not eliminating, the political space in which labour groups negotiate such agreements.
Tariffs and upheaval in global trade — especially efforts to redraw supply chains to evade costly tariffs — gives brands cover to withdraw commitments to worker-led initiatives and change sourcing patterns to circumvent them.
Within the United States, cuts and funding freezes — including to sexual assault prevention groups — are a worrying sign that support for preventing gender-based violence and harassment and helping its survivors are being undercut and failing.
If labour stakeholders lose the resources to support such initiatives, the impacts on women and workplaces within supply chains across the world will be devastating. These programs show that when workers lead, real change is possible, but they need continued investment and political support to survive.
Genevieve LeBaron receives funding from the Social Sciences and Humanities Research Council of Canada, Humanity United Foundation, and Ford Foundation.
Judy Fudge does not work for, consult, own shares in or receive funding from any company or organisation that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.
Noon Briefing by Stéphane Dujarric, Spokesperson for the Secretary-General.
Highlights:
-Occupied Palestinian Territory
-Haiti
-Secretary-General/ECOSOC
-Syria
-Sudan
-Myanmar
-Libya
-International Days
-4th International Conference on Financing for Development
OCCUPIED PALESTINIAN TERRITORY
The Office for the Coordination of Humanitarian Affairs (OCHA) says that yesterday and today, the Israeli authorities granted us access to Kerem Shalom so that our teams could reach additional humanitarian supplies that crossed into the Strip on Monday and Tuesday, crossed from Israel into Kerem Shalom loading areas. Other critical items such as hygiene products or fuel have not been allowed by the Israeli authorities into Kerem Shalom.
So far, and this is as a few minutes ago, but the situation is obviously fluid, none of the supplies have been able to leave the Kerem Shalom loading area. This is because, by yesterday evening, Israeli authorities had only allowed our teams to go through one area that was highly congested, that we felt was insecure and where we felt looting was highly likely to take place, given the prolonged deprivation in Gaza since the blockade by the Israeli authorities for over 11 weeks. The UN hopes that will change very soon. The discussions are ongoing as we speak between our colleagues and the Israeli security authorities.
The UN is continuing to are engage with them to identify the best possible routes out of Kerem Shalom towards Gaza to ensure that the flow of aid is not disrupted or suspended. Partners are in touch with community leaders in Gaza to mitigate the risk of looting and ensure that the supplies entering Gaza reach the people who need them.
However, it is important to underscore that the limited supplies finally being allowed to enter Kerem Shalom are nowhere near enough to meet the needs in Gaza, which are vast, which are tremendous. Much, much more aid needs to get in.
Meanwhile, bombardment and shelling are continuing across the Gaza Strip. Today, the Gaza Ministry of Health reported dozens of people killed in the last 24 hours, and yesterday, it made an urgent call for blood donations for the sick and for those injured.
OCHA is telling us that 80 per cent of the Gaza Strip is now either subject to displacement orders or located in Israeli-militarized zones. These zones require humanitarians to coordinate their movements with the Israeli security authorities.
UN partners says that over the past few days, almost half of the newly displaced people have fled with none of their belongings. The ongoing displacement of Gaza’s population is putting immense pressure on humanitarian teams, especially when there is no food or any basic items being allowed in.
In Gaza City, our partners report an extreme lack of shelter space: Displacement sites and residential buildings are all very much overcrowded. People are settling in abandoned, unfinished, or destroyed or damaged structures. Some are sleeping out in the open.
And as we have been saying over, and over and over again, civilians need be protected, including those fleeing or forced to leave through displacement orders or those who remain despite the displacement orders.
Meanwhile, continued attacks on healthcare facilities are ongoing. Earlier today, Al Awda Hospital, which is the only partially functional hospital in North Gaza governorate, and still treating a dozen patients, was hit. Yesterday, Kamal Adwan Hospital ceased operations.
As of yesterday, UN partners report that about 304,000 daily meals were prepared and delivered through about 70 kitchens. Five kitchens resumed operations, including two in Khan Younis and three that relocated to Gaza City following recent displacement orders from North Gaza. However, five others in Gaza City and Khan Younis were forced to shut down after their supplies were depleted.
UN partners providing water, sanitation and hygiene services say that the water situation is worsening by the day. For example, the largest desalination plant in the north of Gaza is in an area slated for displacement. This has disrupted access to drinking water for about 150,000 people.
In southern Gaza, in Al Mawasi, the water situation is also dire, as the area is not connected to the water network and relies heavily on water trucking. This requires both vehicles and fuel to serve the needy population.
Full Highlights: https://www.un.org/sg/en/content/noon-briefing-highlight?date%5Bvalue%5D%5Bdate%5D=21%20May%202025
Noon Briefing by Stéphane Dujarric, Spokesperson for the Secretary-General.
Highlights:
-Occupied Palestinian Territory
-Haiti
-Secretary-General/ECOSOC
-Syria
-Sudan
-Myanmar
-Libya
-International Days
-4th International Conference on Financing for Development
OCCUPIED PALESTINIAN TERRITORY
The Office for the Coordination of Humanitarian Affairs (OCHA) says that yesterday and today, the Israeli authorities granted us access to Kerem Shalom so that our teams could reach additional humanitarian supplies that crossed into the Strip on Monday and Tuesday, crossed from Israel into Kerem Shalom loading areas. Other critical items such as hygiene products or fuel have not been allowed by the Israeli authorities into Kerem Shalom.
So far, and this is as a few minutes ago, but the situation is obviously fluid, none of the supplies have been able to leave the Kerem Shalom loading area. This is because, by yesterday evening, Israeli authorities had only allowed our teams to go through one area that was highly congested, that we felt was insecure and where we felt looting was highly likely to take place, given the prolonged deprivation in Gaza since the blockade by the Israeli authorities for over 11 weeks. The UN hopes that will change very soon. The discussions are ongoing as we speak between our colleagues and the Israeli security authorities.
The UN is continuing to are engage with them to identify the best possible routes out of Kerem Shalom towards Gaza to ensure that the flow of aid is not disrupted or suspended. Partners are in touch with community leaders in Gaza to mitigate the risk of looting and ensure that the supplies entering Gaza reach the people who need them.
However, it is important to underscore that the limited supplies finally being allowed to enter Kerem Shalom are nowhere near enough to meet the needs in Gaza, which are vast, which are tremendous. Much, much more aid needs to get in.
Meanwhile, bombardment and shelling are continuing across the Gaza Strip. Today, the Gaza Ministry of Health reported dozens of people killed in the last 24 hours, and yesterday, it made an urgent call for blood donations for the sick and for those injured.
OCHA is telling us that 80 per cent of the Gaza Strip is now either subject to displacement orders or located in Israeli-militarized zones. These zones require humanitarians to coordinate their movements with the Israeli security authorities.
UN partners says that over the past few days, almost half of the newly displaced people have fled with none of their belongings. The ongoing displacement of Gaza’s population is putting immense pressure on humanitarian teams, especially when there is no food or any basic items being allowed in.
In Gaza City, our partners report an extreme lack of shelter space: Displacement sites and residential buildings are all very much overcrowded. People are settling in abandoned, unfinished, or destroyed or damaged structures. Some are sleeping out in the open.
And as we have been saying over, and over and over again, civilians need be protected, including those fleeing or forced to leave through displacement orders or those who remain despite the displacement orders.
Meanwhile, continued attacks on healthcare facilities are ongoing. Earlier today, Al Awda Hospital, which is the only partially functional hospital in North Gaza governorate, and still treating a dozen patients, was hit. Yesterday, Kamal Adwan Hospital ceased operations.
As of yesterday, UN partners report that about 304,000 daily meals were prepared and delivered through about 70 kitchens. Five kitchens resumed operations, including two in Khan Younis and three that relocated to Gaza City following recent displacement orders from North Gaza. However, five others in Gaza City and Khan Younis were forced to shut down after their supplies were depleted.
UN partners providing water, sanitation and hygiene services say that the water situation is worsening by the day. For example, the largest desalination plant in the north of Gaza is in an area slated for displacement. This has disrupted access to drinking water for about 150,000 people.
In southern Gaza, in Al Mawasi, the water situation is also dire, as the area is not connected to the water network and relies heavily on water trucking. This requires both vehicles and fuel to serve the needy population.
Full Highlights: https://www.un.org/sg/en/content/noon-briefing-highlight?date%5Bvalue%5D%5Bdate%5D=21%20May%202025
MEPs added a debate on “the Hungarian government’s drift towards Russia-style repression” to today’s agenda.
Changes to the agenda
Wednesday
Council and Commission statements on the Hungarian government’s drift towards Russia-style repression and legislative threats to freedom of expression and democratic participation are added to the agenda later on Wednesday, following the debate on the EU’s response to the Israeli government’s plan to seize the Gaza Strip. As a result of this addition, the sitting is extended to 23:00.
Thursday
The President announced a request from the Committee on Agriculture and Rural Development to fast-track a file under Rule 170(6) of the EP’s Rules of Procedure for the Commission proposal on additional assistance and further flexibility to outermost regions affected by severe natural disasters and in the context of cyclone Chido devastating Mayotte.
The vote on this request will take place on Thursday. If approved, the file will be added to the June plenary agenda.
Interinstitutional negotiations
The Committee on Economic and Monetary Affairs has decided to enter into interinstitutional negotiations, in accordance with Rule 72(1) of Parliament’s Rules of Procedure, on the basis of the report available on the plenary website.
The EU and South Africa (SA) have a Strategic Partnership based, among other, on democratic values and human rights, as exemplified by the recent EU-SA Summit, where the EU announced the Global Gateway Investment Package with South Africa to which the Honourable Member refers. This package will mainly support projects promoting SA’s clean and just energy transition. In the context of this partnership, the EU and SA are engaged in a regular human rights dialogue.
With Global Gateway, the EU aims to embed democratic principles, and transparency in all investments. The EU assesses in each country whether the required pre-conditions for investments exist, including regarding human rights.
When the Commission becomes aware of any suspected cases of fraud, corruption or any other illegal activity affecting the EU budget, it takes all measures deemed fit and informs without delay the European Anti-Fraud Office and, where applicable, the European Public Prosecutor’s Office.
The new Financial Regulation (Article 6(3))[1] makes an explicit reference to the EU values, including human dignity, freedom, democracy, and the rights of minorities, and requires that the EU budget be implemented in full respect of such values. In cases of serious human rights violations, the Commission may take precautionary and/or corrective measures such as suspending or terminating contracts, carrying out internal or external audits, verifying expenditures, and applying other relevant controls.
Source: United States House of Representatives – Congresswoman Sara Jacobs (D-CA-53)
May 21, 2025
Rep. Sara Jacobs (CA-51) grilled Secretary Marco Rubio on President Trump’s conflicts of interest in the United Arab Emirates (UAE). In recent weeks, the Trump Organization has announced plans to build an 80-story Trump Tower in Dubai, and President Trump’s crypto company, World Liberty Financial, has secured a $2 billion deal with an Emirati company with deep ties to the government. Then the Trump Administration blew through a congressional hold on over $1.5 billion in arms sales to the UAE, which continues to arm and fund the Rapid Support Forces’ genocide in Sudan.
Watch Rep. Sara Jacobs Here
Rep. Sara Jacobs said: “Mr. Secretary, I want to turn to the war in Sudan. This is, as you know, the world’s largest displacement and humanitarian crisis, half a million people are facing famine. I saw firsthand the suffering when I visited Sudanese refugees in Chad.
“Earlier this year and again yesterday, you reiterated that the Rapid Support Forces, a militia, is committing genocide in Sudan. Is that correct?”
Secretary Marco Rubio said: “We’re very concerned about what both sides are doing frankly, but the RSF in particular.”
Rep. Sara Jacobs said: “Correct, I agree with that. You also said that, as part of that, all of our engagement with the UAE, we need to ‘raise the fact that they’re openly supporting an entity that is carrying out a genocide.’ And yet, President Trump continues to arm the UAE. In fact, he just blew through Ranking Member Meeks’ congressional hold on over $1 billion in arms sales, ignoring this Committee’s longstanding role as an independent check on major arms sales. Now, we can have a policy debate on the merits of whether to arm the UAE or not, despite this genocide. I had that conversation with Secretary Blinken. But actually, I want to talk about the events that led up to that decision.
“So on April 30th, the Trump Organization, which Donald Trump still owns, unveiled plans to build an 80-story Trump Tower in Dubai.
“On May 1, Trump’s crypto company, World Liberty Financial, secured a $2 billion deal with an Emirati company with deep ties to the government.
“And only 11 days later, on May 12, your Department notified our committee that it would ignore Ranking Member Meeks’ holds on UAE arms sales.
“Secretary Rubio, we have a President who is personally profiting from a deal with a foreign government-backed company at the same time he is selling lethal weapons to that same government. Isn’t that a clear conflict of interest?”
Secretary Marco Rubio said: “I think no matter who is president, they would have to deal with the UAE. We have to. They’re a member of…
Rep. Sara Jacobs said: “That’s not my question. We can have a policy debate about how we should engage with the UAE. I was just there a few weeks ago.
Secretary Marco Rubio said: “You’re making claims about corruption. I’m trying to answer them. Any President in the United States – I don’t care who it is – has to deal with the UAE. They’re a member of the Abraham Accords, number one. They’ve been incredibly cooperative on a bunch of other issues. We don’t agree with them 100%. We have some concerns about some of the things they do. But this is called the balancing of our foreign policy. It is in our national interest to have a good relationship with the UAE. And sometimes they do things we don’t like.
Rep. Sara Jacobs said: “Secretary Rubio, I don’t disagree with you. I just visited the UAE a couple weeks ago and had these very same conversations there and I don’t think this is a complicated question. President Trump is personally profiting from a deal with a foreign government and selling weapons to that same government who is enabling a genocide. Policy aside, are you really saying you don’t think this is a conflict of interest?
Secretary Marco Rubio said: “No, you’re making claims. The president’s family owns a business and they can conduct business anywhere in the world they want. The president has never once raised business deals in the UAE when talking about…Any President would have to have a relationship with the UAE.
Rep. Sara Jacobs said: “Secretary Rubio, that’s just silly. President Trump has retained his ownership of these companies and I have an image right here from World Liberty Financial’s website, so the idea that President Trump is not the face of the brand of this company on top of benefiting from them. And it literally says on the website that Mr. Trump and his family members own a 60% stake in this company. That’s silly. We can talk about the policy merits – that’s not what I’m asking you. I’m asking you a very simple question: do you believe that it’s a conflict of interest to have a president personally profiting from a deal with a foreign government while selling weapons to that same government who is enabling a genocide?
Secretary Marco Rubio said: “I don’t…I don’t accept the premise of your question. I think this has nothing to do with personally benefiting from anything. This has to do with the fact that in order to conduct foreign policy in the Middle East, you’re going to have to deal with the UAE. You have to have deals in place with the UAE.
Rep. Sara Jacobs said: “Mr. Secretary, this is a clear conflict of interest. Anyone with any common sense can see that. The President is personally benefiting from billions of dollars in deals, and he doesn’t care at all about the people of Sudan who are experiencing famine and genocide.
“It’s shocking to me that you can’t admit that. It’s clear to me that you seem more concerned about staying in Trump’s good graces than sticking up for human rights and American values that you once were a champion for. With that, I’m going to yield the rest of my time to Representative Olszewski.”
Source: United States House of Representatives – Congresswoman Pramila Jayapal (7th District of Washington)
WASHINGTON, D.C. — U.S. Representative Pramila Jayapal (WA-07), Ranking Member of the Subcommittee on Immigration Integrity, Security, released the following statement regarding the attempted deportation of immigrants to South Sudan.
“Any person convicted of serious crimes should be held accountable, and we have laws to govern that, including due process, which the Trump Administration has been violating. It is exactly for this reason that the courts have consistently blocked the Trump Administration from deporting immigrants to third-party countries, where they then claim they cannot get them back to obey the courts.
“And yet, again in violation of these court orders, the Trump Administration just unlawfully deported immigrants, attempting to send them to South Sudan, a country that the U.S. State Department currently has a ‘Do Not Travel’ warning for. It is extremely reprehensible to send immigrants to such a dangerous country, with armed conflict, rampant violent crime, and political and ethnic turmoil. Just two weeks ago, U.S. Citizenship and Immigration Services (USCIS) extended Temporary Protected Status (TPS) for South Sudan, further acknowledging how dangerous the country currently is.
“If the Trump Administration can disobey court orders for immigrants and send them into active war zones, who will be next — lawful permanent residents who use their free speech in a way this administration disagrees with? U.S. citizens who break the law? Trump’s political enemies?
“Donald Trump is not a king. He is not above the law. He must obey the courts, full stop, and stop deporting immigrants in violation of their rights and the law.”
Source: Africa Press Organisation – English (2) – Report:
ACCRA, Ghana, May 21, 2025/APO Group/ —
As shepherds of the Catholic Church in Africa and in Europe, we, the bishops of the Symposium of Episcopal Conferences of Africa and Madagascar (SECAM) (www.SECAM.org) and of the Commission of the Bishops’ Conferences of the European Union (COMECE), speak today with a voice formed by the lived realities of our people – farmers, fisherfolk, pastoralists, women and youth – whose lives are shaped by the land, and whose hope depends on justice, peace, and dignity. We welcome the convening of the joint African Union–European Union Foreign Ministers’ Meeting as an opportunity to examine not only shared ambitions but the very nature of our partnership. As SECAM and COMECE have already stated five years ago, “we are firmly convinced that Africa and Europe could become the engines for a reinvigoration of multilateral cooperation by reinforcing their longstanding ties marked by our common roots and geographical proximity […] towards an equitable and responsible partnership that puts the people at its centre”.
We are, however, deeply concerned about certain developments in this partnership over recent years. We have witnessed a profound shift in European priorities – away from solidarity with the most fragile regions and communities, and from development cooperation aimed at eradicating poverty and hunger, towards a more narrowly defined set of geopolitical and economic interests. Notwithstanding the commendable intention behind some projects promoting human development at the grassroots, certain initiatives supported under the EU’s Global Gateway – while presented as mutually beneficial – too often seem to replicate extractive patterns of the past: privileging European corporate and strategic aims over the real needs and aspirations of African people.
Land, water, seeds, and minerals – the very foundations of life – seem to be once again treated as commodities for foreign profit rather than as common goods to be stewarded with care. Africa is being asked to sacrifice its ecosystems and communities to help Europe meet its decarbonisation goals – whether through massive land deals for so-called “green” energy projects, the expansion of carbon offset plantations, or the outsourcing of industrial agriculture’s toxic inputs and waste. This is not partnership. This is not justice.
“The earth herself, burdened and laid waste, is among the most abandoned and maltreated of our poor” (Laudato Si’, §2)
The Catholic Church, inspired by late Pope Francis’ encyclical Laudato Si’, shares the understanding that we must hear both the cry of the earth and the cry of the poor. These cries are loud and clear across Africa. Climate change is wreaking havoc on those who depend on the land, even as our continent has contributed least to the crisis. Soil degradation, poisoned water, and the loss of biodiversity are destroying the foundation of rural life. Hunger in Africa is growing, not because we lack food, but because we have allowed systems to dominate that put profit above people and that treat agriculture as an industrial process, not a way of life.
We urge the ministers gathered in Brussels to place the dignity of African peoples at the heart of the AU-EU partnership. This means supporting a transformation of agriculture that breaks free from dependency on imported fertilisers, chemical inputs, and genetically modified seeds. It means protecting and promoting farmer-managed seed systems, which are the repositories of Africa’s agricultural biodiversity and the key to food sovereignty. These systems are not backward or inefficient – they are resilient, rooted in tradition, and adapted to local ecologies. Criminalising farmers for saving seeds or imposing rigid intellectual property regimes aligned with UPOV or corporate agendas violates both their rights and the planet’s needs.
We call for an immediate ban on the export and use of Highly Hazardous Pesticides in Africa. It is a grave injustice that chemicals banned in Europe for their risks to health and ecosystems are still manufactured there and marketed to African farmers. This double standard must end. Instead, we must invest in agroecology – a science, a practice, and a social movement that nourishes the land, respects cultural traditions, and empowers women and youth. Agroecology offers a truly African path to climate adaptation and rural regeneration. It is rooted in the wisdom of our communities and validated by science. It is our future.
Moreover, we remind our political leaders that land is sacred. For most Africans, land is not merely a factor of production or a tradable asset. It is a gift from God, entrusted to us by our ancestors and held in common for future generations. Large-scale land acquisitions by foreign investors or development finance institutions, carried out without free, prior, and informed consent, are an affront to this sacred trust. They displace communities, erode customary rights, and contribute to conflict and forced migration. Ministers must act decisively to end land grabbing and ensure legal protection for communal and customary tenure systems.
We are particularly disturbed by growing use of African territory as a site for Europe’s resource needs and climate ambitions. Decarbonisation must not come at the cost of African ecosystems or the rights of African communities. It is ethically untenable to demand that Africa become the dumping ground for Europe’s “green transition” – whether through extractive mining for critical minerals or vast land projects that reduce our continent to a carbon sink.
Let us be clear: Africa does not need charity, nor does it need to be a battleground for external interests. What it needs is justice. What it needs is a partnership grounded in mutual respect, environmental stewardship, and the centrality of human dignity. We believe such a partnership is possible – but only if the structures and priorities of AU-EU cooperation are fundamentally reoriented towards these objectives.
We therefore urge ministers to listen more closely to African civil society, Indigenous peoples, and faith communities – not as token participants, but as equal co-creators of policy. Real dialogue means making space for the voices of those who live on and with the land.
We conclude by echoing the spirit of Laudato Si’, which calls for an “integral ecology” – one that recognises the profound interconnection between people, planet, and purpose.
We pray that this meeting may mark a turning point – not only in diplomatic relations but in the moral and spiritual compass guiding our shared future.
Africa needs a transformation rooted in the Gospel values of care for creation, solidarity with the poor, and the pursuit of peace. As Laudato Si’ teaches us, “everything is interconnected” (§117) – and so our response must be holistic and courageous.
We invite the AU and EU Foreign Ministers to rise to this moment. Let this be the partnership that listens to the cries of the earth and the cries of the poor. Let this be the moment when Africa’s future is shaped not by external interests, but by the aspirations of its people – especially those who till the land, feed the nation, and protect the environment.
RESEARCH TRIANGLE PARK, N.C., May 21, 2025 (GLOBE NEWSWIRE) — Syncfusion®, Inc., the enterprise technology provider of choice, today announced the release of its fourth set of open-source .NET MAUI controls at Microsoft Build 2025. These additions expand the Syncfusion Toolkit for .NET MAUI as part of the company’s continued investment in the .NET MAUI developer community.
“Microsoft Build is an incredible event and an opportunity to engage directly with our fellow cross-platform developers,” said Daniel Jebaraj, CEO of Syncfusion. “As a trusted Microsoft collaborator, we are especially excited to debut our latest open-source .NET MAUI controls. We hope they’ll empower developers to build beautiful apps faster and with greater flexibility.”
A Growing Ecosystem of Open-Source Tools for .NET MAUI With the latest release, the Syncfusion Toolkit for .NET MAUI now includes more than two dozen open-source controls that simplify the development of modern, responsive apps. New components in this release include:
Picker: Offers a customizable user interface for selecting one or more items from a list with support for multicolumn layouts and tailored pop-up views.
Date Picker: A flexible component that enables users to select a date using a structured, scrollable interface with customization options.
Time Picker: Provides an intuitive interface to select time values with a fully customizable format, layout, and time intervals.
Date Time Picker: Combines date and time selection in a single, customizable UI, allowing for precise scheduling.
Circular ProgressBar: Visualizes task progress in a circular format with smooth animations, segments, and customizable content at the center.
Linear ProgressBar: Displays progress in a horizontal bar with support for buffer states, color ranges, and visual customizations.
These controls are fully open source, designed to integrate seamlessly into AI-enhanced development workflows, and are available now.
Syncfusion at Microsoft Build 2025 In addition to showcasing its open-source .NET MAUI tools, Syncfusion is offering hands-on opportunities for developers to explore its full ecosystem of developer solutions—including the flagship Essential Studio® library of over 1,900 components and the Bold product line, which includes tools for data visualization, help desk support, and eSignature workflows.
Syncfusion experts will be on-site to connect with developers, share product insights, and lead sessions, including:
Attendees can visit Syncfusion at Booth 205 (Level 4 in the Hub) to experience live demos, learn more about the latest releases, and access exclusive giveaways—including the Microsoft MVP Spotlight Package.
About Syncfusion®, Inc. Headquartered in the technology hub of Research Triangle Park, N.C., Syncfusion®, Inc. delivers an award-winning ecosystem of developer control suites, embeddable BI platforms, and business software. Syncfusion was founded in 2001 with a single software component and a mission to support businesses of all sizes—from individual developers and start-ups to Fortune 500 enterprises. Though its pilot product, the Essential Studio® suite, has grown to over 1,900 developer controls, its mission remains the same. With offices in the U.S., India, and Kenya, Syncfusion prioritizes the customer experience by providing feature-rich solutions to help developers and enterprises solve complex problems, save money, and build high-performance, robust applications.
Source: United States Senator for Hawaii Brian Schatz
WASHINGTON – At two separate Senate hearings today, U.S. Senator Brian Schatz (D-Hawai‘i), questioned Secretary of State Marco Rubio, pressing him on his role in foreign assistance decisions and securing a commitment that Rubio and other foreign assistance officials come back before Congress and work together to write and pass a bipartisan funding bill that protects foreign aid and maintains U.S influence and leadership around the world.
At the Senate Appropriations Subcommittee on State and Foreign Operations hearing, Schatz, the lead Democrat on the panel, said, “Fighting HIV/AIDS, helping partners defend themselves, responding to disasters, that is not ‘woke’ or ‘leftist’ or ‘radical.’ It is a foundation of American foreign policy. And they are all under threat. Any time we’ve asked for clarity about what the Trump administration is doing, we’ve gotten very little.” Schatz continued, “In order to put USAID under the State Department and better align it, we need a statute. In order to reform all of these programs, we need an SFOPS bill… If we can get to writing a bill, the country will be better for it.”
At the Senate Foreign Relations Committee hearing, Schatz underscored the human consequences of the administration’s cuts to foreign aid, saying, “Mothers who have fled Boko Haram in Nigeria are watching their babies starve. Children in South Sudan are dying of cholera. Families are dying because they have been cut off from their HIV medication – there are 103 deaths an hour. And so we can talk about the reorganization of the State Department, but this becomes quickly not an abstraction, not a normal public policy tug and pull, because the way that this has been done, set aside our disagreement over whether it’s been done lawfully, has been done in a rather catastrophic fashion.”
Video of the Foreign Relations Committee exchange is available here. Video of Schatz’s opening statement and questioning at the Senate Appropriations Subcommittee hearing is available here.
Joint statement by the leaders of France, the United Kingdom and Canada on (…)
Published on May 21, 2025
Lire la version
We strongly oppose the expansion of Israel’s military operations in Gaza. The level of human suffering in Gaza is intolerable. Yesterday’s announcement that Israel will allow a basic quantity of food into Gaza is wholly inadequate. We call on the Israeli Government to stop its military operations in Gaza and immediately allow humanitarian aid to enter Gaza. This must include engaging with the UN to ensure a return to delivery of aid in line with humanitarian principles. We call on Hamas to release immediately the remaining hostages they have so cruelly held since 7 October 2023.
The Israeli Government’s denial of essential humanitarian assistance to the civilian population is unacceptable and risks breaching international humanitarian law. We condemn the abhorrent language used recently by members of the Israeli Government, threatening that, in their despair at the destruction of Gaza, civilians will start to relocate. Permanent forced displacement is a breach of international humanitarian law.
Israel suffered a heinous attack on 7 October. We have always supported Israel’s right to defend Israelis against terrorism. But this escalation is wholly disproportionate.
We will not stand by while the Netanyahu Government pursues these egregious actions. If Israel does not cease the renewed military offensive and lift its restrictions on humanitarian aid, we will take further concrete actions in response.
We oppose any attempt to expand settlements in the West Bank. Israel must halt settlements which are illegal and undermine the viability of a Palestinian state and the security of both Israelis and Palestinians. We will not hesitate to take further action, including targeted sanctions.
We strongly support the efforts led by the United States, Qatar and Egypt to secure an immediate ceasefire in Gaza. It is a ceasefire, the release of all remaining hostages and a long-term political solution that offer the best hope of ending the agony of the hostages and their families, alleviating the suffering of civilians in Gaza, ending Hamas’ control of Gaza and achieving a pathway to a two-state solution, consistent with the goals of the 18 June conference in New York co-chaired by Saudi Arabia and France. These negotiations need to succeed, and we must all work towards the implementation of a two-state solution, which is the only way to bring long-lasting peace and security that both Israelis and Palestinians deserve, and ensure long-term stability in the region.
We will continue to work with the Palestinian Authority, regional partners, Israel and the United States to finalize consensus on arrangements for Gaza’s future, building on the Arab plan. We affirm the important role of the High-level Two-State Solution Conference at the UN in June in building international consensus around this aim. And we are committed to recognising a Palestinian State as a contribution to achieving a two-state solution and are prepared to work with others to this end./.
Clownfish that shrank during heatwaves were more likely to survive them.Morgan Bennett-Smith
As the world contemplates dealing with more extreme temperatures, one coral reef fish has found a novel way to beat the heat: shrinking.
Wanting to know how clownfish cope with changes to their environment, we repeatedly measured 134 wild fish in Kimbe Bay, Papua New Guinea, during a marine heatwave that started in March 2023 and is part of an ongoing global mass coral bleaching event. Clownfish have unique markings, which make it easy to identify and measure them underwater.
To our complete surprise, we found that 100 of the fish we measured shrank during our study from February to August 2023. Those that shrank had a better chance of surviving the heatwave.
The clownfish, Amphiprion percula, lives in small social groups within anemones on coral reefs. As the movie Finding Nemo indicated, clownfish rarely, if ever, leave their host anemone because the anemone offers them protection from predators.
Sadly, this also means that clownfish cannot move to cooler areas as marine heatwaves become more common on coral reefs due to rising global temperatures. Clownfish need other strategies to survive the heat.
Get your news from actual experts, straight to your inbox.Sign up to our daily newsletter to receive all The Conversation UK’s latest coverage of news and research, from politics and business to the arts and sciences.
This is the first time that coral reef fish have been shown to shrink in response to heat stress. And by shrink, we don’t mean getting skinnier – we mean getting shorter.
This is surprising because growth in vertebrates (animals with backbones, like us) is generally considered to be a one-way street. You get larger over time and you might stop growing if stressed or as you reach your maximum length, but it is rare to find vertebrates shrinking, especially over periods as short as a month, and in response to environmental conditions.
It may also seem counter-intuitive to shrink. After all, smaller individuals are more prone to being eaten and they breed less. Here, however, being smaller increased the chances of survival for clownfish, possibly because smaller fish need less food and are typically more efficient at foraging and using oxygen, which is scarcer in hot water.
Orange clownfish in a bleached anemone during the 2023 heatwave in Kimbe Bay, Papua New Guinea. Morgan Bennett-Smith
If you shrink, I shrink
We found that there is a social component to shrinking and surviving a heatwave.
A remarkable feature of clownfish social groups is that they maintain strict hierarchies based on size. This means growth – and shrinking – don’t just affect the individual in question, but also risks conflict within the group that could force a fish to be evicted, which usually leads to death. So, shrinking is a risky proposition.
On each anemone the biggest clownfish is female, the second biggest is male, and together they form a breeding pair. To avoid fights in the pair, males control their growth to keep a fixed size ratio between the two.
In our study, breeding pairs in which both fish shrank were more likely to survive the heatwave than if only one, or neither, fish shrank.
We also found that those fish who shrank by a lot could catch up and grow rapidly when conditions improved. That means that it’s not just the shrinking that helps, but being able to shrink and grow flexibly to meet your needs.
A breeding pair of clownfish. The large female is on the right and the smaller male on the left. Theresa Rueger
While not all fish beat the heat and survived, none of the fish that shrank multiple times in our study died, and even shrinking once increased a clownfish’s survival probability during the heatwave by 78%.
Our research didn’t investigate how clownfish do this, but studies on other vertebrates might give us clues. Marine iguanas on the Galápagos Islands for example shrink during El Niño years, when water temperatures in the eastern and central tropical Pacific Ocean warm. This reduces the amount of food and prompts the reptiles to shrink by absorbing part of their bones.
If our finding of adult fish shrinking in response to environmental stress is more widespread, it could be another reason why fish in the world’s ocean are getting smaller.
Don’t have time to read about climate change as much as you’d like?
Theresa Rueger receives funding from The Leverhulme Trust and the Natural Environment Research Council UK.
Chancey MacDonald receives funding from the Natural Envirnoment Research Council of UKRI.
Melissa Versteeg receives funding from Murray Foundation UK, the Prins Bernard Cultuurfonds, the International Coral Reef Society and the School of Natural and Environmental Sciences at Newcastle University, UK.
Source: People’s Republic of China in Russian – People’s Republic of China in Russian –
Source: People’s Republic of China – State Council News
BEIJING, May 21 (Xinhua) — Chinese Foreign Minister Wang Yi, a member of the Political Bureau of the Communist Party of China Central Committee and a member of the Political Bureau of the Communist Party of China (CPC) Central Committee, will chair the third China-Pacific Island Countries Foreign Ministers’ Meeting to be held in Xiamen, east China’s Fujian Province, from May 28 to 29, Foreign Ministry spokesperson Mao Ning said on Wednesday.
As noted by the official representative, the heads of the Ministries of Foreign Affairs and representatives of 11 Pacific island states that have diplomatic relations with China have been invited to take part in the event, namely: the President and Minister of Foreign Affairs of Kiribati Taneti Maamau, the Prime Minister and Minister of Foreign Affairs of Niue Dalton Tagelagi, the Crown Prince and Minister of Foreign Affairs of Tonga Tupoutoa Ulukalala, the Minister of Foreign Affairs and Trade of Nauru Lionel Aingimea, the Minister of Foreign Affairs of the Federated States of Micronesia Lorin Robert, the Minister of Foreign Affairs and Foreign Trade of the Solomon Islands Peter Chanel Agovaka, the Minister of Foreign Affairs, International Cooperation and Foreign Trade of Vanuatu Mark Ati, the Minister of Foreign Affairs and Immigration of Papua New Guinea Justin Tkachenko, the Minister of Foreign Affairs and Immigration of the Cook Islands Tingika Elikana, the Assistant Minister of Foreign Affairs and Deputy Speaker of the Parliament of Fiji Lenora Kerekeretabua, the representative of the Government of Samoa, the Ambassador of Samoa to China Luamanuvae Mariner, as well as the Deputy Secretary General of the Forum Pacific islands of Esala Nayashi.
At a regular press briefing, Mao Ning said China and the Pacific island countries are comprehensive strategic partners committed to mutual respect and common development, adding that the two sides have continuously deepened and developed friendly ties and cooperation in recent years.
Mao Ning noted that the upcoming meeting will be held in China for the first time in an offline format. According to her, the parties will discuss in detail the comprehensive exchanges and cooperation between China and the Pacific island countries, as well as international and regional issues of mutual interest.
China attaches great importance to relations with the Pacific island countries and hopes that this event will contribute to the active implementation of the important consensus reached by the leaders of the two sides, strengthening cohesion and cooperation, joining efforts for development and prosperity, and jointly building an even closer community with a shared future for China and the Pacific island countries, the official representative of the Chinese Foreign Ministry added. –0–
The UK government has announced its plans for controlling immigration, and these include new rules for international students.
The recent white paper on immigration proposes that most graduates will be allowed to stay in the UK for 18 months after their course finishes. This is six months less than currently permitted.
There will be a higher bar for universities to sponsor visas, excluding those universities at which higher numbers of students fail to complete their courses. The white paper also proposes a 6% levy on universities’ income from international students.
Universities think these changes will worsen their financial problems. However, this appears less important to the government than controlling immigration.
Get your news from actual experts, straight to your inbox.Sign up to our daily newsletter to receive all The Conversation UK’s latest coverage of news and research, from politics and business to the arts and sciences.
Universities are one of the UK’s strongest global assets, generating influence alongside export income. After the general election last year, science minister Peter Kyle vowed Labour would end what he termed the “war on universities” conducted by the previous Conservative government. That included a more welcoming approach to international students.
One reason for the change in tone and policy signalled by the white paper is common to other popular destinations for international students: the rise of nationalist parties opposed to immigration. But there is another reason specific to the UK, which is the government’s aim to reform higher education.
Politics and immigration
Two weeks before the release of the immigration white paper, the Reform party secured control of ten local authorities across England, winning 677 seats. The party’s rising popularity will be of increasing concern to the Labour government.
In the US and Netherlands, similar movements have taken steps to reduce university funding and international students once in power. But these policies are not confined to nationalist parties.
Canada and Australia’s Liberal and Labour governments also signalled caps on international student recruitment before their re-election earlier this year.
This appears to be the strategy adopted by the UK’s Labour party – that it wants to assure voters who are more concerned about immigration than university finances.
Higher education policy
Alongside this, the government thinks employers are too reliant on migrant labour, and universities on international students. It wants them to focus more on developing the UK workforce. That requires employers to invest in skills development, and universities to provide courses that build crucial capabilities for the future.
The white paper states that “at a time when skills matter more than ever to the economy and people’s employment prospects, there has been a long-term lack of coordination or investment to deliver the skills and capabilities our economy needs”.
In England, coordinated higher education investment is difficult because most government funding is routed through loans to students. This encourages universities to meet demand from young people, which does not necessarily align with economic and public service priorities.
Higher education policy is increasingly focused on key skills. goodluz/Shutterstock
In response, the last government encouraged young people to take apprenticeships rather than university degrees. It also allowed student maintenance loans and fees to decline in value in real terms.
Universities filled the gap in their income with international students – particularly one-year taught postgraduates from Nigeria and India who often bring family members then stay for work. This made universities reliant on short-term income, while increasing immigration statistics.
Changes to family visa rules, combined with a global economic downturn and geopolitical tensions, have led universities to forecast a 21% reduction in new international student entrants this year. And 44% of universities are expecting to be in financial deficit.
Unlike its predecessor, the government accepts that UK student fees should increase with inflation, so has allowed this for the first time since 2017. But it wants a change from universities in return. Rather than relying on international students, they should make efficiencies and focus on courses that align with government priorities.
In a system mostly financed by student fees, there are few levers for influencing this. The Office for Students, which regulates higher education, has been asked to focus on managing quality and financial risks rather than policy.
Its funding for strategic priorities has been reduced. There are, though, three measures highlighted within the white paper that could become influential.
First, the government is reforming the apprenticeships levy, so it can be used more flexibly for workforce development priorities. Second, the tightening of sponsorship rules aims to drive international recruitment towards courses supplying the highest levels of skills and knowledge. Third, the proposed levy on international student income equips the government to invest in priority courses, rather than relying on student choice.
This may include funds from the proposed levy on international student income, though the precedent of Australia suggests that may be difficult. Regardless, there is a mood in government for higher education reform.
Chris Millward is a member of staff at the University of Birmingham. He is also a board member of MEDR, the Commission for Tertiary Education and Research in Wales, and a Trustee of the Academy of Social Sciences. All of these organisations are affected by the issues addressed in this article.
Headline: The autonomous enterprise: How generative AI is reshaping business applications
Today at Microsoft Build 2025, we’re excited to announce the new Model Context Protocol (MCP) servers for Microsoft Dynamics 365 ERP and CRM business applications. These MCP servers will help remove the tedious work of connecting systems together to build agents and accelerate the ability for our customers and partners to build AI-powered agents to drive business processes quicker, accelerating their journey to the Frontier Firm in the era of the autonomous enterprise.
Build AI agents to drive business processes with Model Context Protocol servers
To provide some context, generative AI is fundamentally reshaping the way organizations work, introducing a new way of interacting with technology—using natural language to simplify and accelerate tasks. This innovation is driving unprecedented productivity gains, streamlining complex processes that once required manual effort and specialized tools. As this technology matures, we’re entering the next phase: the autonomous enterprise, where organizations and people use technology, particularly AI and automation, to operate and adapt in an age of rapid transformation and innovation. Where there once was “an app for that,” there will now be “an agent for that”.
This transformation isn’t just about automation—it’s about people. By putting intelligent agents in the hands of every employee, organizations are empowering individuals to focus on higher-value work, make decisions faster, and drive innovation. Sales teams can deepen customer relationships without being bogged down by administrative tasks. Finance professionals can move from manual reconciliation to strategic forecasting. Marketers can go from idea to execution, and product managers can orchestrate complex workflows with clarity and speed.
The autonomous enterprise is the future of business. Business applications will work with agents built by Microsoft and our partners. In this new era, organizations aren’t just streamlining operations, they’re amplifying human potential and accelerating their journey to the autonomous enterprise.
This is why we’re so excited about the Dynamics 365 ERP and CRM MCP servers. These servers help eliminate data and application silos, allowing agents to work seamlessly across processes and help enable new autonomous scenarios for improved business functionality and productivity.
Dynamics 365: Agent-ready business applications
Agentic AI is an AI system that can take actions generated by the system, with very limited or even no direct human intervention. Autonomous actions built into agents operating across various business processes, industries, and segments, can make businesses more efficient and responsive. Designed not just to support tasks, but to operate autonomously, AI agents can intelligently orchestrate workflows and make context-aware selections. But how do you create a context-aware agent when data, information, and processes are ever-changing?
MCP standardizes how applications provide context to language models, helping enable seamless integration with different data sources and tools. This open standard connects AI assistants and agents to various systems where data resides, such as content repositories, business tools, and development environments. An MCP-compliant agent uses rich contextual information to act efficiently, unlike a non-MCP-compliant agent, which lacks necessary context.
Using the MCP server, makers can easily connect agents to existing knowledge sources and APIs, helping enable them to interface directly with Dynamics 365 applications. Actions and knowledge synchronize automatically, facilitating real-time updates and the evolution of functionality. This model significantly simplifies agent development and minimizes ongoing maintenance efforts.
Central to this innovation is Microsoft Copilot Studio, which provides a standardized protocol for agents to seamlessly interact with Dynamics 365 applications, helping to ensure consistency, reliability, and scalability. Security and governance are also prioritized from the start as Dynamics 365 MCP servers require authentication and enforce authorization. Agents that access Dynamics 365 through the MCP server must authenticate as a valid Dynamics 365 user, helping to ensure the benefits of Entra ID identity protection. This also prevents escalation of privileges, meaning the agent will only be able to perform the MCP actions that they’re authorized to do. The MCP servers are also made available to Microsoft Copilot Studio using connector infrastructure. This means they can employ enterprise security and governance controls such as data loss prevention controls and multiple authentication methods.
For partners and customers, MCP standardization dramatically reduces complexity, accelerates development, and increases time to value.
MCP-compliant agentic AI
At Microsoft, we bring a deep understanding of critical business processes for small and medium business (SMB) as well as large enterprise organizations through our market-leading Dynamics 365 ERP and CRM business solutions—combined with our industry-specific expertise delivered through our Microsoft Cloud for Industry solutions. This combination of experience and expertise uniquely positions us to deliver on the needs of customers across size, business process, industry, or region.
Our newly introduced set of MCP servers help enable multiple scenarios across business processes. Below are a few examples of what’s possible with Dynamics 365, Microsoft Cloud for Industry, and our broad ecosystem of partners.
Sales and service
Custom agents and AI assistants can now be connected to Microsoft Dynamics 365 Sales, Microsoft Dynamics 365 Customer Service, and Microsoft Dynamics 365 Business Central applications through MCP servers. Agents can retrieve and update CRM data, create quotes, and complete orders. They can also get order/case summaries and email drafts. These MCP servers open endless possibilities in automating tedious jobs in sales and service functions, irrespective of company size or industry.
For example, telesales representatives can use intelligent assistants, such as Claude, connected to Dynamics 365 MCP servers to prioritize leads, qualify them, generate quotes, and send personalized emails—without needing to switch contexts or rely on complex integrations. And when customers encounter an order issue, service representatives can resolve it quickly by using Dynamics 365 Customer Service data to retrieve/update case information and create replacement orders in real time.
Supply chain and finance
The AI procurement agent illustrated below efficiently validates purchase requisitions against company policies, existing inventory, and delivery records to identify a suitable supplier that meets the criteria for cost, speed, sustainability, and reliability. It further consolidates multiple items from the same supplier into one purchase order and sends it for purchase. The agent can significantly enhance efficiency in procurement processes, where timely and budget-conscious supply delivery is critical.
Business Central
For small and medium size businesses, for example, looking to optimize sourcing information and vendor compliance, the custom agent demonstrated here can quickly identify shipments containing materials that require compliance checks. The agent provides guidance on recycling requirements and updated sourcing standards, reads supplier contracts, and suggests next steps like confirming vendor certifications and updating shipment checklists. A solution like this could streamline the compliance process, which can help customers gain a competitive advantage.
Partners using the Dynamics 365 MCP server
Our partners play a crucial role in driving innovation and delivering value to customers. We’re dedicated to making Dynamics 365 MCP servers accessible, helping enable our customers and partners to develop diverse agent scenarios across industries and business processes, regardless of their business application vendor.
With MCP server becoming the standard of the future for agents, partners can use it to more quickly and efficiently orchestrate headless business services in ERP and external systems. It turns simple intent into action, automating procurement for faster, efficient, and resilient supply chain operations. Our ecosystem of partners has started using MCP server for Dynamics 365 to create a host of industry-specific agents.
Avanade, an early adopter of Microsoft 365 Copilot for Sales and a leading Microsoft partner, is excited to use MCP servers for Dynamics 365 to enrich their AI-powered request for proposal (RFP) Insights agent. This agent helps sellers summarize, evaluate, and respond to RFPs using historical Dynamics 365 data, further streamlining proposal generation. While initially for internal use, Avanade is exploring deployment for clients in engineering, construction, and professional services.
Emission AI agent by Fellowmindwill use AI and MCP servers for Dynamics 365 to automatically classify and organize purchase transactions to prepare it for greenhouse gas (GHG) emission accounting purposes by categorizing spend-types (such as office supplies, raw materials, and travel expenses) through data extraction, classification, algorithms, taxonomy mapping, and real-time feedback and learning. The agent provides support to procurement and environmental, social, and governance (ESG) professionals, helping them streamline their processes and achieve more accurate results.
HSO’s PayFlow Agent improves invoice payment efficiency in accounts payable. Streamlining timely payments and reducing inquiries that require manual intervention leads to faster resolutions and enhanced supplier relationships. Using MCP server for Dynamics ERP MCP, PayFlow processes seller payment inquiries, identifies invoice statuses, matches them against buyer receipts, and retrieves tracking information to notify responsible parties to either remit payment promptly or set an expectation of when payment can be received.
JourneyTeam is enriching its Strategic Account Manager agent that accesses MCP servers for Dynamics 365 to optimize lead engagement. The agent summarizes historical services and projects, compares lead summaries and interests, compiles recommendations, then, after manual reviews, will initiate next steps by utilizing MCP servers, Microsoft Azure AI Search, and Document Intelligence.
MCA Connect is building a smart sourcing agent that accesses MCP servers for Dynamics 365 to automate requisition processing, supplier assignment, and workflow submission. The MCP servers give the agent access to actions like getting open requisitions, approving vendors, and assigning suppliers based on supplier performance metrics without the need to create new APIs and integrate with Dynamics 365.
Publicis SapientHummingbird is building an agent to improve lead management using MCP servers for Dynamics 365 to access data that will streamline the process of managing business-to-business leads. This agent automates lead qualification, scoring, and personalized engagement, accelerating hot leads to quotes faster and nurturing warm leads through a series of targeted emails. This innovative approach enhances efficiency, improves customer experience, and drives higher conversion rates and revenue growth.
RSM is building intelligent, secure, and context-aware agents that accelerate workflows, improve decisions, and expand capabilities by embedding them directly into real-world business processes. These agents, developed using Microsoft Copilot Studio, will access MCP servers for Dynamics 365 to support humanitarian logistics by coordinating critical supply chains, helping to ensure timely delivery of life-saving equipment, and automating procurement tasks.
TTEC Digital is building a post-service upselling agent that accesses MCP servers for Dynamics 365 to prospect for warranty plans after a purchase, turning each sale into an upsell opportunity. The agent will help drive personalized sales and service conversations at scale by using the knowledge, tools, and actions from the MCP server.
As we look ahead, the convergence of intelligent agents, standardized platforms, and deep domain expertise will define the next frontier of business transformation. The ability to harness autonomous capabilities will define tomorrow’s market leaders. Businesses that act now will gain a decisive competitive edge and chart a course toward sustained success. The autonomous enterprise is no longer a vision of the future—it’s here, built with Microsoft and its partner ecosystem.
Join us at Microsoft Build 2025 to explore how MCP servers are transforming Dynamics 365 and the broader Microsoft Cloud–MCP server focused sessions at Microsoft Build 2025.
Let’s shape what’s next, together.
Satish Thomas
Corporate Vice President, Business and Industry Solutions
Satish is responsible for strategy, product management, and engineering execution for Microsoft Business & Industry Solutions. This organization and its partner ecosystem develop industry leading solutions and AI-driven Business Applications. Prior to this role, Satish has held various engineering product management leadership roles at Microsoft spanning Microsoft Cloud for Industries, Microsoft Insights – Customer Data Platform (CDP), Microsoft AppSource, Microsoft’s business apps marketplace, and Microsoft Dynamics 365. Satish joined Microsoft in 2006 and is from Botswana, Africa.
Source: Republic of Taiwan – Ministry of Foreign Affairs
May 18, 2025
No. 161
Former Vice President Chen Chien-jen, serving as special envoy of President Lai Ching-te, together with his wife and Deputy Minister of Foreign Affairs François Chihchung Wu, attended the inauguration of Pope Leo XIV on the morning of May 18. In an audience with the pontiff following the ceremony, Mr. Chen conveyed greetings from President Lai and the sincere congratulations of the government, people, and Catholic community of Taiwan.
Upon arriving for the ceremony in St. Peter’s Square, Mr. Chen was received by a ceremonial officer for the Holy See. The inauguration, a grand and solemn occasion, took around two hours. According to statistics released by the Holy See, more than 150 delegations attended. Before the ceremony commenced, Mr. Chen exchanged greetings with Paraguayan Chamber of Deputies Speaker Raúl Latorre; Guatemalan Special Envoy and Ambassador to the Holy See Alfredo Vásquez Rivera; other officials from diplomatic allies; and delegates from the United States, Japan, Europe, and numerous other friendly countries. He also extended felicitations to and shared cordial interactions with several high-ranking members of the Vatican clergy, including Secretary of State Cardinal Pietro Parolin and Secretary of the Dicastery for Interreligious Dialogue Monsignor Indunil Janakaratne Kodithuwakku Kankanamalage.
After the inauguration, Pope Leo received the heads of national delegations. Mr. Chen presented the pontiff with a congratulatory letter from President Lai, a commemorative set of postage stamps depicting four of Taiwan’s Catholic churches—St. Joseph’s Church in Jinlun Village, Taitung County; the Holy Family Catholic Church in Taipei City; the Basilica of the Immaculate Conception in Wanjin Village, Pingtung County; and the Holy Rosary Cathedral Basilica in Kaohsiung City—and a collection of postcards on Holy See artifacts jointly produced by Taiwan and the Apostolic Nunciature in Taiwan, highlighting the close connection between the Catholic Church in Taiwan and the Holy See. Mr. Chen also presented Pope Leo with a photo taken in 2020, when the pontiff was serving as bishop of the Chiclayo Diocese in Peru. The picture showed him accepting antipandemic supplies donated by Taiwan. The materials, delivered in cartons labeled “Taiwan Box,” were donated to Cáritas Chiclayo and other Peruvian healthcare and charitable organizations by the Pingtung County Government and Dr. Lai Hsien-yung of Hualien County’s Mennonite Christian Hospital. The government and people of Taiwan provided proactive assistance to the international community throughout the COVID-19 pandemic, fulfilling their international responsibilities and demonstrating that Taiwan could help and that Taiwan was helping.
When Mr. Chen arrived at the airport in Rome on May 17, he met with Eswatini Prime Minister Russell Dlamini, who had also made the trip to attend the papal inauguration. Mr. Chen also attended a mass and prayer service for peace led by Bishop John Lee Keh-mien, President of the Chinese Regional Bishops’ Conference of Taiwan, at St. Benedict’s Monastery. On May 18, Mr. Chen had dinner with 16 prominent members of the Catholic clergy and several key officials and ambassadors of diplomatic allies, including Special Delegate of the Holy See to the Sovereign Military Order of Malta Cardinal Silvano Tomasi and Haitian Special Envoy and former Minister of Foreign Affairs Alrich Nicolas.
Since establishing diplomatic ties 83 years ago, Taiwan and the Holy See have enjoyed a profound diplomatic alliance and shared the core values of religious freedom, human rights, peace, and benevolence. The two sides will build on their existing friendship and solid foundation of cooperation in humanitarian assistance and other domains to further deepen bilateral relations and together make even greater contributions to the world. (E)
President Trump and Secretary Noem are working every day to get vicious criminals out of our country while activist judges are fighting to bring them back onto American soil
WASHINGTON – The Department of Homeland Security today hosted a press conference to set the record straight and to address the media’s misleading reporting on migrant flights to South Sudan. DHS conducted a deportation flight from Texas to remove some of the most barbaric, violent individuals illegally in the United States. Now a federal judge in Massachusetts is trying to force the United States to bring these criminals back.
“We are removing these convicted criminals from American soil so they can never hurt another American victim. It is absurd that an activist judge is trying to force the United States to bring back these uniquely barbaric monsters who present a clear and present threat to the safety of the American people,” said Assistant Secretary Tricia McLaughlin.“We have given the media the names of these monsters. I implore the media to stop doing the bidding of these criminals and to tell the stories of innocent Americans who have been victimized.”
Below are the individuals ICE removed from American communities.
Enrique ARIAS-Hierro, a Cuban national, was arrested by ICE on May 2, 2025. His criminal history includes convictions for homicide, armed robbery, false impersonation of official, kidnapping, robbery strong arm.
On April 30, 2025, ICE arrested Cuban national, Jose Manuel RODRIGUEZ-QUINONES. He has been convicted of attempted first-degree murder with a weapon, battery and larceny, canine possession and trafficking.
Thongxay NILAKOUT, a citizen of Laos, was arrested by ICE on January 26, 2025. NILAKOUT is Convicted of first-degree murder and robbery; sentenced to life confinement.
On May 12, 2025, ICE arrested Mexican national, Jesus MUNOZ-Gutierrez. He is Convicted of second-degree murder; sentenced to life confinement.
Dian Peter DOMACH, a citizen of South Sudan, was arrested by ICE on May 8, 2024. DOMACH is convicted of robbery and possession of a firearm, of possession of burglar’s tools and possession of defaced firearm and driving under the influence.
Kyaw MYA, a citizen of Burma was arrested by ICE on February 18, 2025. MYA is convicted of Lascivious Acts with a Child-Victim less than 12 years of age; sentenced to 10 years confinement, paroled after 4 years.
Nyo MYINT, a citizen of Burma was arrested by ICE on February 19, 2025. MYINT is convicted of first-degree sexual assault involving a victim mentally and physically incapable of resisting; sentenced to 12 years confinement. MYINT is also charged with aggravated assault-nonfamily strongarm.
On May 3, 2025, ICE arrested Tuan Thanh PHAN, a Vietnamese national. PHAN is Convicted of first-degree murder and second-degree assault; sentenced to 22 years confinement.
Source: United Kingdom – Executive Government & Departments
World news story
UK-East Africa trade forum to kickstart investment
UK hosts first-ever forum dedicated to trade and investment with East Africa, including announcements on cross-border trade and electric motorbikes.
The UK has announced two investments in East Africa to de-risk cross-border trade for buyers and sellers, as well as to provide more electric bikes and charging infrastructure in Kenya.
The announcements were made at the first-ever East Africa Trade and Investment Forum (EATIF). The forum has brought together businesses and governments from Kenya, Uganda and Tanzania to engage directly with British businesses, and agree future investments. The forum takes place on 21 to 22 May 2025. It has been organised by DMA Invest and the East Africa Association, in partnership with the UK Government.
British International Investment (BII) and Standard Chartered Bank will support trade finance in Kenya and Tanzania with a USD $100 million facility to de-risk cross-border and local trade. This will make finance more accessible for businesses as well as increase the availability of vital goods and services. Investment qualifies for the ‘2X Challenge’ which advances gender equality and women’s economic empowerment in developing countries. The facility will support female-led businesses, as well as employment and leadership opportunities for women, and is expected to finance over USD $450 million in trade volumes over its lifetime.
In addition, BII will make a USD $5 million investment in electric motorbike infrastructure in Kenya. The investment will support ARC Ride’s initial rollout of 5,000 electric motorbikes and upgrade battery swapping infrastructure which will increase adoption. This will directly result in over 100,000 metric tons of CO2 per year being saved as electric mobility replaces petrol motorbikes.
Lord Collins, the UK Government’s Minister for Africa, represented the United Kingdom at the summit, which was also attended by government delegations from Kenya, Uganda and Tanzania. This included: Abubakar Hassan Abubakar, Principal Secretary State Department for Investment Promotion, Kenya, and the CEO of the Kenya Investment Authority (KenInvest), John Mwendwa; General Wamala, Minister for Works and Transport in Uganda; and Msafiri Lameck Mbibo, Deputy Permanent Secretary of the Ministry of Minerals in Tanzania.
Lord Collins, the UK Government’s Minister for Africa, said:
The UK is a long-term partner for long-term investment in East Africa. This forum will showcase the best of East African business to British business and lay a pipeline of private sector investment between them. This, combined with much-needed improvements to regulations and resilience, will lead to jobs and mutual growth in the future. We go far when we go together.
Mwebesa Francis, Ugandan Minister for Trade, Industry and Cooperatives said:
We welcome the UK-East Africa Trade and Investment Forum 2025 as a platform to highlight Uganda’s vibrant trade and investment opportunities. By engaging with UK investors and partners, we aim to enhance our trade infrastructure, diversify our export markets, and drive sustainable development. We hope this forum will also explore ways to leverage trade and investment to accelerate progress towards our Ten-fold Growth Strategy, unlocking new opportunities for economic growth and development.
Abubakar Hassan Abubakar, Principal Secretary, State Department for Investment Promotion, Kenya, said:
Kenya provides Africa’s leading value proposition for private capital, with a great portfolio of opportunities in key sectors. We are proud to be part of the UK EATIF and welcome the regional focus that fosters economic integration.
Chris Chijiutomi, MD and Head of Africa at British International Investment, said:
BII is proud to announce these two investments today at the EATIF, demonstrating our commitment to fostering economic growth in East Africa. By making trade finance more accessible and backing innovative infrastructure projects like electric motorbikes, we are addressing critical needs in the region. We’re not only supporting businesses that are the backbone of these economies, but also driving inclusive and sustainable growth, contributing to a more resilient and prosperous East African region.
The EATIF aims to deliver mutually beneficial growth and jobs by building partnerships between businesses and policymakers in Kenya, to create a long pipeline of investment between the UK and the region. It will aim to channel private sector funding into high-impact sectors critical for sustainable development like infrastructure, clean energy, agribusiness, healthcare, and manufacturing.
EATIF aims to replicate the success of the West and Central Africa Forum (WCAF), which built a pipeline of over GBP 1 billion in deals over three years. EATIF is just the beginning, with a series of follow-up engagements planned to sustain momentum and translate relationships into tangible deals.
These interactions, ranging from government-to-government meetings to C-suite business dialogues, will help align priorities and lay the groundwork for future partnerships. The forum will showcase the full suite of UK government support available to businesses, such as UK Export Finance (UKEF) and BII. UKEF has played a transformative role in other regions, growing its exposure in West and Central Africa from £3 million to over £1.2 billion, and similar outcomes are expected in East Africa over time. These tools can help UK and East African businesses de-risk projects and access finance more easily.
the USD $100 million Trade Finance Programme with BII and SCB is a 50:50 risk-sharing facility to increase access to trade finance for businesses in Kenya and Tanzania
the facility will provide much-needed trade finance support to businesses in sectors such as food, agriculture, healthcare, industrials, and infrastructure to increase access to trade financing and support growth in the region
the investment qualifies for the 2x Challenge as at least 30% of the facility will support businesses that provide employment and leadership opportunities for women
it is expected to support and facilitate over USD $450 million in trade volumes over its lifetime, creating better economic opportunities for suppliers and businesses in East Africa
the long-standing partnership between BII, the UK’s development finance institution and impact investor and SCB, a leading international cross-border bank, demonstrates how UK organisations are collaborating to enhance trade and economic development in the region
2. ARC Ride
BII’s investment in ARC Ride, Africa’s e-mobility battery-as-a-service (BaaS) provider, will support the company to provide affordable, reliable and clean e-mobility solutions for rapidly developing cities in Kenya
the financing will enable ARC Ride’s initial rollout of 5,000 electric two-wheelers (E2W) and accelerate the expansion of E2W BaaS infrastructure
with the goal to build Africa’s first and largest automated battery swapping network, it is also establishing the industry standard for battery swapping of E2Ws both from ARC Ride and other manufacturers, which is important for more Electric Vehicle (EV) adoption
it will directly result in over 100,000 metric tonnes of CO2 per year being saved as electric mobility replaces petrol motor bikes
Media Content
Photos and videos from the event can be found here.
Former Vice President Chen Chien-jen, serving as special envoy of President Lai Ching-te, together with his wife and Deputy Minister of Foreign Affairs François Chihchung Wu, attended the inauguration of Pope Leo XIV on the morning of May 18. In an audience with the pontiff following the ceremony, Mr. Chen conveyed greetings from President Lai and the sincere congratulations of the government, people, and Catholic community of Taiwan.
Upon arriving for the ceremony in St. Peter’s Square, Mr. Chen was received by a ceremonial officer for the Holy See. The inauguration, a grand and solemn occasion, took around two hours. According to statistics released by the Holy See, more than 150 delegations attended. Before the ceremony commenced, Mr. Chen exchanged greetings with Paraguayan Chamber of Deputies Speaker Raúl Latorre; Guatemalan Special Envoy and Ambassador to the Holy See Alfredo Vásquez Rivera; other officials from diplomatic allies; and delegates from the United States, Japan, Europe, and numerous other friendly countries. He also extended felicitations to and shared cordial interactions with several high-ranking members of the Vatican clergy, including Secretary of State Cardinal Pietro Parolin and Secretary of the Dicastery for Interreligious Dialogue Monsignor Indunil Janakaratne Kodithuwakku Kankanamalage.
After the inauguration, Pope Leo received the heads of national delegations. Mr. Chen presented the pontiff with a congratulatory letter from President Lai, a commemorative set of postage stamps depicting four of Taiwan’s Catholic churches—St. Joseph’s Church in Jinlun Village, Taitung County; the Holy Family Catholic Church in Taipei City; the Basilica of the Immaculate Conception in Wanjin Village, Pingtung County; and the Holy Rosary Cathedral Basilica in Kaohsiung City—and a collection of postcards on Holy See artifacts jointly produced by Taiwan and the Apostolic Nunciature in Taiwan, highlighting the close connection between the Catholic Church in Taiwan and the Holy See. Mr. Chen also presented Pope Leo with a photo taken in 2020, when the pontiff was serving as bishop of the Chiclayo Diocese in Peru. The picture showed him accepting antipandemic supplies donated by Taiwan. The materials, delivered in cartons labeled “Taiwan Box,” were donated to Cáritas Chiclayo and other Peruvian healthcare and charitable organizations by the Pingtung County Government and Dr. Lai Hsien-yung of Hualien County’s Mennonite Christian Hospital. The government and people of Taiwan provided proactive assistance to the international community throughout the COVID-19 pandemic, fulfilling their international responsibilities and demonstrating that Taiwan could help and that Taiwan was helping.
When Mr. Chen arrived at the airport in Rome on May 17, he met with Eswatini Prime Minister Russell Dlamini, who had also made the trip to attend the papal inauguration. Mr. Chen also attended a mass and prayer service for peace led by Bishop John Lee Keh-mien, President of the Chinese Regional Bishops’ Conference of Taiwan, at St. Benedict’s Monastery. On May 18, Mr. Chen had dinner with 16 prominent members of the Catholic clergy and several key officials and ambassadors of diplomatic allies, including Special Delegate of the Holy See to the Sovereign Military Order of Malta Cardinal Silvano Tomasi and Haitian Special Envoy and former Minister of Foreign Affairs Alrich Nicolas.
Since establishing diplomatic ties 83 years ago, Taiwan and the Holy See have enjoyed a profound diplomatic alliance and shared the core values of religious freedom, human rights, peace, and benevolence. The two sides will build on their existing friendship and solid foundation of cooperation in humanitarian assistance and other domains to further deepen bilateral relations and together make even greater contributions to the world. (E)