The rover took the image — its fifth since landing in February 2021 — between stops investigating the Martian surface. A Martian dust devil photobombed NASA’s Perseverance Mars rover as it took a selfie on May 10 to mark its 1,500th sol (Martian day) exploring the Red Planet. At the time, the six-wheeled rover was parked in an area nicknamed “Witch Hazel Hill,” an area on Jezero Crater’s rim that the rover has been exploring over the past five months. “The rover self-portrait at the Witch Hazel Hill area gives us a great view of the terrain and the rover hardware,” said Justin Maki, Perseverance imaging lead at NASA’s Jet Propulsion Laboratory in Southern California, which manages the mission. “The well-illuminated scene and relatively clear atmosphere allowed us to capture a dust devil located 3 miles to the north in Neretva Vallis.” The selfie also gives the engineering teams a chance to view and assess the state of the rover, its instruments, and the overall dust accumulation as Perseverance reached the 1,500-sol milestone. (A day on Mars is 24.6 hours, so 1,500 sols equals 1,541 Earth days.)
The bright light illuminating the scene is courtesy of the high angle of the Sun at the time the images composing the selfie were taken, lighting up Perseverance’s deck and casting its shadow below and behind the chassis. Immediately in front of the rover is the “Bell Island” borehole, the latest sampling location in the Witch Hazel Hill area. How Perseverance Did It This newest selfie, Perseverance’s fifth since the mission began, was stitched together on Earth from a series of 59 images collected by the WATSON (Wide Angle Topographic Sensor for Operations and eNgineering) camera at the end of the robotic arm. It shows the rover’s remote sensing mast looking into the camera. To generate the version of the selfie with the mast looking at the borehole, WATSON took three additional images, concentrating on the reoriented mast.
“To get that selfie look, each WATSON image has to have its own unique field of view,” said Megan Wu, a Perseverance imaging scientist from Malin Space Science Systems in San Diego. “That means we had to make 62 precision movements of the robotic arm. The whole process takes about an hour, but it’s worth it. Having the dust devil in the background makes it a classic. This is a great shot.”
The dust covering the rover is visual evidence of the rover’s journey on Mars: By the time the image was captured, Perseverance had abraded and analyzed a total of 37 rocks and boulders with its science instruments, collected 26 rock cores (25 sealed and 1 left unsealed), and traveled more than 22 miles (36 kilometers). “After 1,500 sols, we may be a bit dusty, but our beauty is more than skin deep,” said Art Thompson, Perseverance project manager at JPL. “Our multi-mission radioisotope thermoelectric generator is giving us all the power we need. All our systems and subsystems are in the green and clicking along, and our amazing instruments continue to provide data that will feed scientific discoveries for years to come.” The rover is currently exploring along the western rim of Jezero Crater, at a location the science team calls “Krokodillen.” News Media Contacts DC AgleJet Propulsion Laboratory, Pasadena, Calif.818-393-9011agle@jpl.nasa.gov Karen Fox / Molly WasserNASA Headquarters, Washington202-358-1600karen.c.fox@nasa.gov / molly.l.wasser@nasa.gov 2025-073
A newly discovered planetary system, informally known as 2M1510, is among the strangest ever found. An apparent planet traces out an orbit that carries it far over the poles of two brown dwarfs. This pair of mysterious objects – too massive to be planets, not massive enough to be stars – also orbit each other. Yet a third brown dwarf orbits the other two at an extreme distance.
In a typical arrangement, as in our solar system, families of planets orbit their parent stars in more-or-less a flat plane – the orbital plane – that matches the star’s equator. The rotation of the star, too, aligns with this plane. Everyone is “coplanar:” flat, placid, stately. Not so for possible planet 2M1510 b (considered a “candidate planet” pending further measurements). If confirmed, the planet would be in a “polar orbit” around the two central brown dwarfs – in other words, its orbital plane would be perpendicular to the plane in which the two brown dwarfs orbit each other. Take two flat disks, merge them together at an angle in the shape of an X, and you have the essence of this orbital configuration. “Circumbinary” planets, those orbiting two stars at once, are rare enough. A circumbinary orbiting at a 90-degree tilt was, until now, unheard of. But new measurements of this system, using the ESO (European Southern Observatory) Very Large Telescope in Chile, appear to reveal what scientists previously only imagined.
The method by which the study’s science team teased out the planet’s vertiginous existence is itself a bit of a wild ride. The candidate planet cannot be detected the way most exoplanets – planets around other stars – are found today: the “transit” method, a kind of mini-eclipse, a tiny dip in starlight when the planet crosses the face of its star. Instead they used the next most prolific method, “radial velocity” measurements. Orbiting planets cause their stars to rock back and forth ever so slightly, as the planets’ gravity pulls the stars one way and another; that pull causes subtle, but measurable, shifts in the star’s light spectrum. Add one more twist to the detection in this case: the push-me-pull-you effect of the planet on the two brown dwarfs’ orbit around each other. The path of the brown dwarf pair’s 21-day mutual orbit is being subtly altered in a way that can only be explained, the study’s authors conclude, by a polar-orbiting planet.
Only 16 circumbinary planets – out of more than 5,800 confirmed exoplanets – have been found by scientists so far, most by the transit method. Twelve of those were found using NASA’s now-retired Kepler Space Telescope, the mission that takes the prize for the most transit detections (nearly 2,800). Scientists have observed a small number of debris disks and “protoplanetary” disks in polar orbits, and suspected that polar-orbiting planets might be out there as well. They seem at last to have turned one up.
An international science team led by Thomas A. Baycroft, a Ph.D. student in astronomy and astrophysics at the University of Birmingham, U.K., published a paper describing their discovery in the journal “Science Advances” in April 2025. The planet was entered into NASA’s Exoplanet Archive on May 1, 2025. The system’s full name is 2MASS J15104786-281874 (2M1510 for short).
News In Brief – Source: US Computer Emergency Readiness Team
Executive Summary
This joint cybersecurity advisory (CSA) highlights a Russian state-sponsored cyber campaign targeting Western logistics entities and technology companies. This includes those involved in the coordination, transport, and delivery of foreign assistance to Ukraine. Since 2022, Western logistics entities and IT companies have faced an elevated risk of targeting by the Russian General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (85th GTsSS), military unit 26165—tracked in the cybersecurity community under several names (see “Cybersecurity Industry Tracking”). The actors’ cyber espionage-oriented campaign, targeting technology companies and logistics entities, uses a mix of previously disclosed tactics, techniques, and procedures (TTPs). The authoring agencies expect similar targeting and TTP use to continue.
Executives and network defenders at logistics entities and technology companies should recognize the elevated threat of unit 26165 targeting, increase monitoring and threat hunting for known TTPs and indicators of compromise (IOCs), and posture network defenses with a presumption of targeting.
This cyber espionage-oriented campaign targeting logistics entities and technology companies uses a mix of previously disclosed TTPs and is likely connected to these actors’ wide scale targeting of IP cameras in Ukraine and bordering NATO nations.
The following authors and co-sealers are releasing this CSA:
United States National Security Agency (NSA)
United States Federal Bureau of Investigation (FBI)
United Kingdom National Cyber Security Centre (NCSC-UK)
Germany Federal Intelligence Service (BND) Bundesnachrichtendienst
Germany Federal Office for Information Security (BSI) Bundesamt für Sicherheit in der Informationstechnik
Germany Federal Office for the Protection of the Constitution (BfV) Bundesamt für Verfassungsschutz
Czech Republic Military Intelligence (VZ) Vojenské zpravodajství
Czech Republic National Cyber and Information Security Agency (NÚKIB) Národní úřad pro kybernetickou a informační bezpečnost
Czech Republic Security Information Service (BIS) Bezpečnostní informační služba
Poland Internal Security Agency (ABW) Agencja Bezpieczeństwa Wewnętrznego
Poland Military Counterintelligence Service (SKW) Służba Kontrwywiadu Wojskowego
United States Cybersecurity and Infrastructure Security Agency (CISA)
United States Department of Defense Cyber Crime Center (DC3)
United States Cyber Command (USCYBERCOM)
Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC)
Canadian Centre for Cyber Security (CCCS)
Danish Defence Intelligence Service (DDIS) Forsvarets Efterretningstjeneste
Estonian Foreign Intelligence Service (EFIS) Välisluureamet
Estonian National Cyber Security Centre (NCSC-EE) Küberturvalisuse keskus
French Cybersecurity Agency (ANSSI) Agence nationale de la sécurité des systèmes d’information
Netherlands Defence Intelligence and Security Service (MIVD) Militaire Inlichtingen- en Veiligheidsdienst
Download the PDF version of this report:
Russian GRU Targeting Western Logistics Entities and Technology Companies (PDF, 1,081KB)
For a downloadable list of IOCs, visit:
Introduction
For over two years, the Russian GRU 85th GTsSS, military unit 26165—commonly known in the cybersecurity community as APT28, Fancy Bear, Forest Blizzard, BlueDelta, and a variety of other identifiers—has conducted this campaign using a mix of known tactics, techniques, and procedures (TTPs), including reconstituted password spraying capabilities, spearphishing, and modification of Microsoft Exchange mailbox permissions. In late February 2022, multiple Russian state-sponsored cyber actors increased the variety of cyber operations for purposes of espionage, destruction, and influence—with unit 26165 predominately involved in espionage. [1] As Russian military forces failed to meet their military objectives and Western countries provided aid to support Ukraine’s territorial defense, unit 26165 expanded its targeting of logistics entities and technology companies involved in the delivery of aid. These actors have also targeted Internet-connected cameras at Ukrainian border crossings to monitor and track aid shipments. Note: This advisory uses the MITRE ATT&CK® for Enterprise framework, version 17. See Appendix A: MITRE ATT&CK tactics and techniques for a table of the threat actors’ activity mapped to MITRE ATT&CK tactics and techniques. This advisory uses the MITRE D3FEND® framework, version 1.0.
Description of Targets
The GRU unit 26165 cyber campaign against Western logistics providers and technology companies has targeted dozens of entities, including government organizations and private/commercial entities across virtually all transportation modes: air, sea, and rail. These actors have targeted entities associated with the following verticals within NATO member states, Ukraine, and at international organizations:
Defense Industry
Transportation and Transportation Hubs (ports, airports, etc.)
Maritime
Air Traffic Management
IT Services
In the course of the targeting lifecycle, unit 26165 actors identified and conducted follow-on targeting of additional entities in the transportation sector that had business ties to the primary target, exploiting trust relationships to attempt to gain additional access [T1199].
The actors also conducted reconnaissance on at least one entity involved in the production of industrial control system (ICS) components for railway management, though a successful compromise was not confirmed [TA0043].
The countries with targeted entities include the following, as illustrated in Figure 1:
Bulgaria
Czech Republic
France
Germany
Greece
Italy
Moldova
Netherlands
Poland
Romania
Slovakia
Ukraine
United States
Figure 1: Countries with Targeted Entities
Initial Access TTPs
To gain initial access to targeted entities, unit 26165 actors used several techniques to gain initial access to targeted entities, including (but not limited to):
The actors abused vulnerabilities associated with a range of brands and models of small office/home office (SOHO) devices to facilitate covert cyber operations, as well as proxy malicious activity via devices with geolocation in proximity to the target [T1665]. [2]
Credential Guessing/Brute Force
Unit 26165 actors’ credential guessing [T1110.001] operations in this campaign exhibit some similar characteristics to those disclosed in the previous CSA “Russian GRU Conducting Global Brute Force Campaign to Compromise Enterprise and Cloud Environments.” [3] Based on victim network investigations, the current iteration of this TTP employs a similar blend of anonymization infrastructure, including the use of Tor and commercial VPNs [T1090.003]. The actors frequently rotated the IP addresses used to further hamper detection. All observed connections were made via encrypted TLS [T1573].
Spearphishing
GRU unit 26165 actors’ spearphishing emails included links [T1566.002] leading to fake login pages impersonating a variety of government entities and Western cloud email providers’ webpages. These webpages were typically hosted on free third-party services or compromised SOHO devices and often used legitimate documents associated with thematically similar entities as lures. The subjects of spearphishing emails were diverse and ranged from professional topics to adult themes. Phishing emails were frequently sent via compromised accounts or free webmail accounts [T1586.002, T1586.003]. The emails were typically written in the target’s native language and sent to a single targeted recipient.
Some campaigns employed multi-stage redirectors [T1104] verifying IP-geolocation [T1627.001] and browser fingerprints [T1627] to protect credential harvesting infrastructure or provide multifactor authentication (MFA) [T1111] and CAPTCHA relaying capabilities [T1056]. Connecting endpoints failing the location checks were redirected to a benign URL [T1627], such as msn.com. Redirector services used include:
Webhook[.]site
FrgeIO
InfinityFree
Dynu
Mocky
Pipedream
Mockbin[.]org
The actors also used spearphishing to deliver malware (including HEADLACE and MASEPIE) executables [T1204.002] delivered via third-party services and redirectors [T1566.002], scripts in a mix of languages [T1059] (including BAT [T1059.003] and VBScript [T1059.005]) and links to hosted shortcuts [T1204.001].
CVE Usage
Throughout this campaign, GRU unit 26165 weaponized an Outlook NTLM vulnerability (CVE-2023-23397) to collect NTLM hashes and credentials via specially crafted Outlook calendar appointment invitations [T1187]. [4],[5] These actors also used a series of Roundcube CVEs (CVE-2020-12641, CVE-2020-35730, and CVE-2021-44026) to execute arbitrary shell commands [T1059], gain access to victim email accounts, and retrieve sensitive data from email servers [T1114].
Since at least fall 2023, the actors leveraged a WinRAR vulnerability (CVE-2023-38831) allowing for the execution of arbitrary code embedded in an archive as a means of initial access [T1659]. The actors sent emails with malicious attachments [T1566.001] or embedded hyperlinks [T1566.002] that downloaded a malicious archive prepared using this CVE.
Post-Compromise TTPs
After an initial compromise using one of the above techniques, unit 26165 actors conducted contact information reconnaissance to identify additional targets in key positions [T1589.002]. The actors also conducted reconnaissance of the cybersecurity department [T1591], individuals responsible for coordinating transport [T1591.004], and other companies cooperating with the victim entity [T1591.002].
The actors used native commands and open source tools, such as Impacket and PsExec, to move laterally within the environment [TA0008]. Multiple Impacket scripts were used as .exe files, in addition to the python versions, depending on the victim environment. The actors also moved laterally within the network using Remote Desktop Protocol (RDP) [T1021.001] to access additional hosts and attempt to dump Active Directory NTDS.dit domain databases [T1003.003] using native Active Directory Domain Services commands, such as in Figure 2: Example Active Directory Domain Services command:
C:Windowssystem32ntdsutil.exe "activate instance ntds" ifm "create full C:temp[a-z]{3}" quit quit
Figure 2: Example Active Directory Domain Services command
Additionally, GRU unit 26165 actors used the tools Certipy and ADExplorer.exe to exfiltrate information from the Active Directory. The actors installed python [T1059.006] on infected machines to enable the execution of Certipy. Accessed files were archived in .zip files prior to exfiltration [T1560]. The actors attempted to exfiltrate archived data via a previously dropped OpenSSH binary [T1048].
Incident response investigations revealed that the actors would take steps to locate and exfiltrate lists of Office 365 users and set up sustained email collection. The actors used manipulation of mailbox permissions [T1098.002] to establish sustained email collection at compromised logistics entities, as detailed in a Polish Cybercommand blog. [6]
After initial authentication, unit 26165 actors would change accounts’ folder permissions and enroll compromised accounts in MFA mechanisms to increase the trust-level of compromised accounts and enable sustained access [T1556.006]. The actors leveraged python scripts to retrieve plaintext passwords via Group Policy Preferences [T1552.006] using Get-GPPPassword.py and a modified ldap-dump.py to enumerate the Windows environment [T1087.002] and conduct a brute force password spray [T1110.003] via Lightweight Directory Access Protocol (LDAP). The actors would additionally delete event logs through the wevtutil utility [T1070.001].
After gaining initial access to the network, the actors pursued further access to accounts with access to sensitive information on shipments, such as train schedules and shipping manifests. These accounts contained information on aid shipments to Ukraine, including:
sender,
recipient,
train/plane/ship numbers,
point of departure,
destination,
container registration numbers,
travel route, and
cargo contents.
In at least one instance, the actors attempted to use voice phishing [T1566.004] to gain access to privileged accounts by impersonating IT staff.
Malware
Unit 26165’s use of malware in this campaign ranged from gaining initial access to establishing persistence and exfiltrating data. In some cases, the attack chain resulted in multiple pieces of malware being deployed in succession. The actors used dynamic link library (DLL) search order hijacking [T1574.001] to facilitate malware execution. There were a number of known malware variants tied to this campaign against logistics sector victims, including:
HEADLACE [7]
MASEPIE [8]
While other malware variants, such as OCEANMAP and STEELHOOK, [8] were not directly observed targeting logistics or IT entities, their deployment against victims in other sectors in Ukraine and other Western countries suggest that they could be deployed against logistics and IT entities should the need arise.
Persistence
In addition to the abovementioned mailbox permissions abuse, unit 26165 actors also used scheduled tasks [T1053.005], run keys [T1547.001], and placed malicious shortcuts [T1547.009] in the startup folder to establish persistence.
Exfiltration
GRU unit 26165 actors used a variety of methods for data exfiltration that varied based on the victim environment, including both malware and living off the land binaries. PowerShell commands [T1059.001] were often used to prepare data for exfiltration; for example, the actors prepared zip archives [T1560.001] for upload to their own infrastructure.
The actors also used server data exchange protocols and Application Programming Interfaces (APIs) such as Exchange Web Services (EWS) and Internet Message Access Protocol (IMAP) [T1114.002] to exfiltrate data from email servers. In multiple instances, the actors used periodic EWS queries [T1119] to collect new emails sent and received since the last data exfiltration [T1029]. The actors typically used infrastructure in close geographic proximity to the victim. Long gaps between exfiltration, the use of trusted and legitimate protocols, and the use of local infrastructure allowed for long-term collection of sensitive data to go undetected.
Connections to Targeting of IP Cameras
In addition to targeting logistics entities, unit 26165 actors likely used access to private cameras at key locations, such as near border crossings, military installations, and rail stations, to track the movement of materials into Ukraine. The actors also used legitimate municipal services, such as traffic cams.
The actors targeted Real Time Streaming Protocol (RTSP) servers hosting IP cameras primarily located in Ukraine as early as March 2022 in a large-scale campaign, which included attempts to enumerate devices [T1592] and gain access to the cameras’ feeds [T1125]. Actor-controlled servers sent RTSP DESCRIBE requests destined for RTSP servers, primarily hosting IP cameras [T1090.002]. The DESCRIBE requests were crafted to obtain access to IP cameras located on logically distinct networks from that of the routers that received the request. The requests included Base64-encoded credentials for the RTSP server, which included publicly documented default credentials and likely generic attempts to brute force access to the devices [T1110]. An example of an RTSP request is shown in Figure 3.
Successful RTSP 200 OK responses contained a snapshot of the IP camera’s image and IP camera metadata such as video codec, resolution, and other properties depending on the IP camera’s configuration.
From a sample available to the authoring agencies of over 10,000 cameras targeted via this effort, the geographic distribution of victims showed a strong focus on cameras in Ukraine and border countries, as shown in Table 1:
Table 1: Geographic distribution of targeted IP cameras
Country
Percentage of Total Attempts
Ukraine
81.0%
Romania
9.9%
Poland
4.0%
Hungary
2.8%
Slovakia
1.7%
Others
0.6%
Mitigation Actions
General Security Mitigations
Architecture and Configuration
Employ appropriate network segmentation [D3-NI] and restrictions to limit access and utilize additional attributes (such as device information, environment, and access path) when making access decisions [D3-AMED].
Consider Zero Trust principles when designing systems. Base product choices on how those products can solve specific risks identified as part of the end-to-end design. [9]
Ensure that host firewalls and network security appliances (e.g., firewalls) are configured to only allow legitimately needed data flows between devices and servers to prevent lateral movement [D3-ITF]. Alert on attempts to connect laterally between host devices or other unusual data flows.
Use automated tools to audit access logs for security concerns and identify anomalous access requests [D3-RAPA].
For organizations using on-premises authentication and email services, block and alert on NTLM/SMB requests to external infrastructure [D3-OTF].
Utilize endpoint, detection, and response (EDR) and other cybersecurity solutions on all systems, prioritizing high value systems with large amounts of sensitive data such as mail servers and domain controllers [D3-PM] first.
Perform threat and attack modeling to understand how sensitive systems may be compromised within an organization’s specific architecture and security controls. Use this to develop a monitoring strategy to detect compromise attempts and select appropriate products to enact this strategy.
Collect and monitor Windows logs for certain events, especially for events that indicate that a log was cleared unexpectedly [D3-SFA].
Enable optional security features in Windows to harden endpoints and mitigate initial access techniques [D3-AH]:
Enable attack surface reduction rules to prevent executable content from email [D3-ABPI].
Enable attack surface reduction rules to prevent execution of files from globally writeable directories, such as Downloads or %APPDATA% [D3-EAL].
Unless users are involved in the development of scripts, limit the local execution of scripts (such as batch scripts, VBScript, JScript/JavaScript, and PowerShell [10]) to known scripts [D3-EI], and audit execution attempts.
Disable Windows Host Scripting functionality and configure PowerShell to run in Constrained mode [D3-ACH].
Where feasible, implement allowlisting for applications and scripts to limit execution to only those needed for authorized activities, blocking all others by default [D3-EAL].
Consider using open source SIGMA rules as a baseline for detecting and alerting on suspicious file execution or command parameters [D3-PSA].
Use services that provide enhanced browsing services and safe link checking [D3-URA]. Significant reductions in successful spearphishing attempts were noted when email providers began offering link checking and automatic file detonation to block malicious content.
Where possible, block logins from public VPNs, including exit nodes in the same country as target systems, or, if they need to be allowed, alert on them for further investigation. Most organizations should not need to allow incoming traffic, especially logins to systems, from VPN services [D3-NAM].
Educate users to only use approved corporate systems for relevant government and military business and avoid the use of personal accounts on cloud email providers to conduct official business. Network administrators should also audit both email and web request logs to detect such activity.
Many organizations may not need to allow outgoing traffic to hosting and API mocking services, which are frequently used by GRU unit 26165. Organizations should consider alerting on or blocking the following services, with exceptions allowlisted for legitimate activity [D3-DNSDL].
*.000[.]pe
*.1cooldns[.]com
*.42web[.]io
*.4cloud[.]click
*.accesscan[.]org
*.bumbleshrimp[.]com
*.camdvr[.]org
*.casacam[.]net
*.ddnsfree[.]com
*.ddnsgeek[.]com
*.ddnsguru[.]com
*.dynuddns[.]com
*.dynuddns[.]net
*.free[.]nf
*.freeddns[.]org
*.frge[.]io
*.glize[.]com
*.great-site[.]net
*.infinityfreeapp[.]com
*.kesug[.]com
*.loseyourip[.]com
*.lovestoblog[.]com
*.mockbin[.]io
*.mockbin[.]org
*.mocky[.]io
*.mybiolink[.]io
*.mysynology[.]net
*.mywire[.]org
*.ngrok[.]io
*.ooguy[.]com
*.pipedream[.]net
*.rf[.]gd
*.urlbae[.]com
*.webhook[.]site
*.webhookapp[.]com
*.webredirect[.]org
*.wuaze[.]com
Heuristic detections for web requests to new subdomains, including of the above providers, may uncover malicious phishing activity [D3-DNRA]. Logging the requests for each sub-domain requested by users on a network, such as in DNS or firewall logs, may enable system administrators to identify new targeting and victims.
Identity and Access Management
Organizations should take measures to ensure strong access controls and mitigate against common credential theft techniques:
Use MFA with strong factors, such as passkeys or PKI smartcards, and require regular re-authentication [D3-MFA]. [11], [12] Strong authentication factors are not guessable using dictionary techniques, so they resist brute force attempts.
Implement other mitigations for privileged accounts: including limiting the number of admin accounts, considering using hardware MFA tokens, and regularly reviewing all privileged user accounts [D3-JFAPA].
Separate privileged accounts by role and alert on misuse of privileged accounts [D3-UAP]. For example, email administrator accounts should be different from domain administrator accounts.
Reduce reliance on passwords; instead, consider using services like single sign-on [D3-TBA].
For organizations using on-premises authentication and email services, plan to disable NTLM entirely and migrate to more robust authentication processes such as PKI certificate authentication.
Do not store passwords in Group Policy Preferences (GPP). Remove all passwords previously included in GPP and change all passwords on the corresponding accounts [D3-CH]. [13]
Use account throttling or account lockout [D3-ANET]:
Throttling is preferred to lockout. Throttling progressively increases time delay between successive login attempts.
Account lockout can leave legitimate users unable to access their accounts and requires access to an account recovery process.
Account lockout can provide a malicious actor with an easy way to launch a Denial of Service (DoS).
If using lockout, then allowing 5 to 10 attempts before lockout is recommended.
Use a service to check for compromised passwords before using them [D3-SPP]. For example, “Have I Been Pwned” can be used to check whether a password has been previously compromised without disclosing the potential password.
Change all default credentials [D3-CRO] and disable protocols that use weak authentication (e.g., clear-text passwords or outdated and vulnerable authentication or encryption protocols) or do not support multi-factor authentication [D3-ACH] [D3-ET]. Always configure access controls carefully to ensure that only well-maintained and well-authenticated accounts have access. [13]
IP Camera Mitigations
The following mitigation techniques for IP cameras can be used to defend against this type of malicious activity:
Ensure IP cameras are currently supported. Replace devices that are out of support.
Apply security patches and firmware updates to all IP cameras [D3-SU].
Disable remote access to the IP camera, if unnecessary [D3-ITF].
Ensure cameras are protected by a security appliance, if possible, such as by using a firewall to prevent communication with the camera from IP addresses not on an allowlist [D3-NAM].
If remote access to IP camera feeds is required, ensure authentication is enabled [D3-AA] and use a VPN to connect remotely [D3-ET]. Use MFA for management accounts if supported [D3-MFA].
Disable Universal Plug and Play (UPnP), Peer-to-Peer (P2P), and Anonymous Visit features on IP cameras and routers [D3-NI].
Turn off other ports/services not in use (e.g., FTP, web interface, etc.) [D3-ACH].
If supported, enable authenticated RTSP access only [D3-AA].
Review all authentication activity for remote access to make sure it is valid and expected [D3-UBA]. Investigate any unexpected or unusual activity.
Audit IP camera user accounts to ensure they are an accurate reflection of your organization and that they are being used as expected [D3-UAP].
Configure, tune, and monitor logging—if available—on the IP camera.
Indicators of Compromise (IOCs)
Note: Specific IoCs may no longer be actor controlled, may themselves be compromised infrastructure or email accounts, or may be shared infrastructure such as public VPN or Tor exit nodes. Care should be taken when basing triaging logs or developing detection rules on these indicators. GRU unit 26165 almost certainly uses extensive further infrastructure and TTPs not specifically listed in this report.
Utilities and scripts
Legitimate utilities
Unauthorized or unusual use of the following legitimate utilities can be an indication of a potential compromise:
ntdsutil – A legitimate Windows executable used by threat actors to export contents of Active Directory
wevtutil – A legitimate Windows executable used by threat actors to delete event logs
vssadmin – A legitimate Windows executable possibly used by threat actors to make a copy of the server’s C: drive
ADexplorer – A legitimate window executable to view, edit, and backup Active Directory Certificate Services
OpenSSH – The Windows version of a legitimate open source SSH client
schtasks – A legitimate Windows executable used to create persistence using scheduled tasks
whoami – A legitimate Windows executable used to retrieve the name of the current user
tasklist – A legitimate Windows executable used to retrieve the list of running processes
hostname – A legitimate Windows executable used to retrieve the device name
arp – A legitimate Windows executable used to retrieve the ARP table for mapping the network environment
systeminfo – A legitimate Windows executable used to retrieve a comprehensive summary of device and operating system information
net – A legitimate Windows executable used to retrieve detailed user information
wmic – A legitimate Windows executable used to interact with Windows Management Instrumentation (WMI), such as to retrieve letters assigned to logical partitions on storage drives
cacls – A legitimate Windows executable used to modify permissions on files
icacls – A legitimate Windows executable used to modify permissions to files and handle integrity levels and ownership
ssh – A legitimate Windows executable used to establish network shell connections
reg – A legitimate Windows executable used to add to or modify the system registry
Note: Additional heuristics are needed for effective hunting for these and other living off the land (LOTL) binaries to avoid being overwhelmed by false positives if these legitimate management tools are used regularly. See the joint guide, Identifying and Mitigating Living Off the Land Techniques, for guidance on developing a multifaceted cybersecurity strategy that enables behavior analytics, anomaly detection, and proactive hunting, which are part of a comprehensive approach to mitigating cyber threats that employ LOTL techniques.
Malicious scripts
Certipy – An open source python tool for enumerating and abusing Active Directory Certificate Services
Get-GPPPassword.py – An open source python script for finding insecure passwords stored in Group Policy Preferences
ldap-dump.py – A script for enumerating user accounts and other information in Active Directory
Hikvision backdoor string: “YWRtaW46MTEK”
Suspicious command lines
While the following utilities are legitimate, and using them with the command lines shown may also be legitimate, these command lines are often used during malicious activities and could be an indication of a compromise:
edge.exe “-headless-new -disable-gpu”
ntdsutil.exe “activate instance ntds” ifm “create full C:temp[a-z]{3}” quit quit
Disclaimer: These IP addresses date June 2024 through August 2024. The authoring agencies recommend organizations investigate or vet these IP addresses prior to taking action, such as blocking.
June 2024
July 2024
August 2024
192[.]162[.]174[.]94
207[.]244[.]71[.]84
31[.]135[.]199[.]145
79[.]184[.]25[.]198
91[.]149[.]253[.]204
103[.]97[.]203[.]29
162[.]210[.]194[.]2
31[.]42[.]4[.]138
79[.]185[.]5[.]142
91[.]149[.]254[.]75
209[.]14[.]71[.]127
46[.]112[.]70[.]252
83[.]10[.]46[.]174
91[.]149[.]255[.]122
109[.]95[.]151[.]207
46[.]248[.]185[.]236
83[.]168[.]66[.]145
91[.]149[.]255[.]19
64[.]176[.]67[.]117
83[.]168[.]78[.]27
91[.]149[.]255[.]195
64[.]176[.]69[.]196
83[.]168[.]78[.]31
91[.]221[.]88[.]76
64[.]176[.]70[.]18
83[.]168[.]78[.]55
93[.]105[.]185[.]139
64[.]176[.]70[.]238
83[.]23[.]130[.]49
95[.]215[.]76[.]209
64[.]176[.]71[.]201
83[.]29[.]138[.]115
138[.]199[.]59[.]43
70[.]34[.]242[.]220
89[.]64[.]70[.]69
147[.]135[.]209[.]245
70[.]34[.]243[.]226
90[.]156[.]4[.]204
178[.]235[.]191[.]182
70[.]34[.]244[.]100
91[.]149[.]202[.]215
178[.]37[.]97[.]243
70[.]34[.]245[.]215
91[.]149[.]203[.]73
185[.]234[.]235[.]69
70[.]34[.]252[.]168
91[.]149[.]219[.]158
192[.]162[.]174[.]67
70[.]34[.]252[.]186
91[.]149[.]219[.]23
194[.]187[.]180[.]20
70[.]34[.]252[.]222
91[.]149[.]223[.]130
212[.]127[.]78[.]170
70[.]34[.]253[.]13
91[.]149[.]253[.]118
213[.]134[.]184[.]167
70[.]34[.]253[.]247
91[.]149[.]253[.]198
70[.]34[.]254[.]245
91[.]149[.]253[.]20
Detections
Customized NTLM listener
rule APT28_NTLM_LISTENER {
meta:
description = "Detects NTLM listeners including APT28's custom one"
( any of ($sysinternals_*) and any of ($psexec_*) )
or
( 2 of ($network_*) and 2 of ($psexec_*))
)
}
The cybersecurity industry provides overlapping cyber threat intelligence, IOCs, and mitigation recommendations related to GRU unit 26165 cyber actors. While not all encompassing, the following are the most notable threat group names related under MITRE ATT&CK G0007 and commonly used within the cybersecurity community:
APT28 [14]
Fancy Bear [14]
Forest Blizzard [14]
Blue Delta [15]
Note: Cybersecurity companies have different methods of tracking and attributing cyber actors, and this may not be a 1:1 correlation to the U.S. government’s understanding for all activity related to these groupings.
Further Reference
To search for the presence of malicious email messages targeting CVE-2023-23397, network defenders may consider using the script published by Microsoft: https://aka.ms/CVE-2023-23397ScriptDoc.
For the Impacket TTP, network defenders may consider using the following publicly available Impacket YARA detection rule: https://github.com/Neo23x0/signature-base/blob/master/yara/gen_impacket_tools.yar
Works Cited
[1] Microsoft. Defending Ukraine: Early Lessons from the Cyber War. 2022. https://blogs.microsoft.com/on-the-issues/2022/06/22/defending-ukraine-early-lessons-from-the-cyber-war/ [2] FBI et al. Russian Cyber Actors Use Compromised Routers to Facilitate Cyber Operations. 2024. https://media.defense.gov/2024/Feb/27/2003400753/-1/-1/0/CSA-Russian-Actors-Use-Routers-Facilitate-Cyber_Operations.PDF [3] NSA et al. Russian GRU Conducting Global Brute Force Campaign to Compromise Enterprise and Cloud Environments. 2021. https://media.defense.gov/2021/Jul/01/2002753896/-1/-1/0/CSA_GRU_GLOBAL_BRUTE_FORCE_CAMPAIGN_UOO158036-21.PDF [4] ANSSI. Campagnes d'attaques du mode opératoire APT28 depuis 2021. 2023. https://cert.ssi.gouv.fr/cti/CERTFR-2023-CTI-009/ [5] ANSSI. Targeting and compromise of french entities using the APT28 intrusion set. 2025. https://cert.ssi.gouv.fr/cti/CERTFR-2025-CTI-007/ [6] Polish Cyber Command. Detecting Malicious Activity Against Microsoft Exchange Servers. 2023. https://www.wojsko-polskie.pl/woc/articles/aktualnosci-w/detecting-malicious-activity-against-microsoft-exchange-servers/ [7] IBM. Israel-Hamas Conflict Lures to Deliver Headlace Malware. 2023. https://securityintelligence.com/x-force/itg05-ops-leverage-israel-hamas-conflict-lures-to-deliver-headlace-malware/ [8] CERT-UA. APT28: From Initial Attack to Creating Domain Controller Threats in an Hour. 2023. https://cert.gov.ua/article/6276894 [9] NSA. Embracing a Zero Trust Security Model. 2021. https://media.defense.gov/2021/Feb/25/2002588479/-1/-1/0/CSI_EMBRACING_ZT_SECURITY_MODEL_UOO115131-21.PDF [10] NSA et al. Keeping PowerShell: Security Measures to Use and Embrace. 2022. https://media.defense.gov/2022/Jun/22/2003021689/-1/-1/0/CSI_KEEPING_POWERSHELL_SECURITY_MEASURES_TO_USE_AND_EMBRACE_20220622.PDF [11] National Institute of Standards and Technology (NIST). Special Publication 800-63B: Digital Identity Guidelines – Authentication and Lifecycle Management. 2020. https://pages.nist.gov/800-63-3/sp800-63b.html [12] NSA. Selecting Secure Multi-factor Authentication Solutions. October 16, 2020. https://media.defense.gov/2024/Jul/31/2003515137/-1/-1/0/MULTIFACTOR_AUTHENTICATION_SOLUTIONS_UOO17091520.PDF [13] NSA and CSA. NSA and CISA Red and Blue Teams Share Top Ten Cybersecurity Misconfigurations. 2023. https://media.defense.gov/2023/Oct/05/2003314578/-1/-1/0/JOINT_CSA_TOP_TEN_MISCONFIGURATIONS_TLP-CLEAR.PDF
[14] Department of Justice. Justice Department Conducts Court-Authorized Disruption of Botnet Controlled by the Russian Federation’s Main Intelligence Directorate of the General Staff (GRU). 2024. https://www.justice.gov/archives/opa/pr/justice-department-conducts-court-authorized-disruption-botnet-controlled-russian [15] Recorded Future. GRU’s BlueDelta Targets Key Networks in Europe with Multi-Phase Espionage Campaigns. 2024. https://go.recordedfuture.com/hubfs/reports/CTA-RU-2024-0530.pdf
Disclaimer of endorsement
The information and opinions contained in this document are provided "as is" and without any warranties or guarantees. Reference herein to any specific commercial products, process, or service by trade name, trademark, manufacturer, or otherwise, does not constitute or imply its endorsement, recommendation, or favoring by the United States Government, and this guidance shall not be used for advertising or product endorsement purposes.
Purpose
This document was developed in furtherance of the authoring agencies’ cybersecurity missions, including their responsibilities to identify and disseminate threats and to develop and issue cybersecurity specifications and mitigations. This information may be shared broadly to reach all appropriate stakeholders.
Contact
United States organizations
National Security Agency (NSA)
Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI)
U.S. organizations are encouraged to reporting suspicious or criminal activity related to information in this advisory to CISA via the agency’s Incident Reporting System, its 24/7 Operations Center (report@cisa.gov or 888-282-0870), or your local FBI field office. When available, please include the following information regarding the incident: date, time, and location of the incident; type of activity; number of people affected; type of equipment user for the activity; the name of the submitting company or organization; and a designated point of contact.
Department of Defense Cyber Crime Center (DC3)
United Kingdom organizations
Germany organizations
Czech Republic organizations
Poland organizations
Australian organizations
Visit cyber.gov.au or call 1300 292 371 (1300 CYBER 1) to report cybersecurity incidents and access alerts and advisories.
Canadian organizations
Estonia organizations
French organizations
French organizations are encouraged to report suspicious activity or incident related to information found in this advisory by contacting ANSSI/CERT-FR by email at cert-fr@ssi.gouv.fr or by phone at: 3218 or +33 9 70 83 32 18.
See Table 2 through Table 14 for all the threat actor tactics and techniques referenced in this advisory.
Table 2: Reconnaissance
Tactic/Technique Title
ID
Use
Reconnaissance
TA0043
Conducted reconnaissance on at least one entity involved in the production of ICS components for railway management.
Conducted contact information reconnaissance to identify additional targets in key positions.
Gather Victim Org Information
T1591
Conducted reconnaissance of the cybersecurity department.
Gather Victim Org Information: Identify Roles
T1591.004
Conducted reconnaissance of individuals responsible for coordinating transport.
Gather Victim Org Information: Business Relationships
T1591.002
Conducted reconnaissance of other companies cooperating with the victim entity.
Gather Victim Host Information
T1592
Attempted to enumerate Real Time Streaming Protocol (RTSP) servers hosting IP cameras.
Table 3: Resource development
Tactic/Technique Title
ID
Use
Compromise Accounts: Email Accounts
T1586.002
Sent phishing emails using compromised accounts.
Compromise Accounts: Cloud Accounts
T1586.003
Sent phishing emails using compromised accounts.
Table 4: Initial Access
Tactic/Technique Title
ID
Use
Trusted Relationship
T1199
Conducted follow-on targeting of additional entities in the transportation sector that had business ties to the primary target, exploiting trust relationships to attempt to gain additional access.
Phishing
T1566
Used spearphishing for credentials and delivering malware to gain initial access to targeted entities.
Phishing: Spearphishing Attachment
T1566.001
Sent emails with malicious attachments.
Phishing: Spearphishing Link
T1566.002
Used spearphishing with included links to fake login pages. Sent emails with embedded hyperlinks that downloaded a malicious archive.
Phishing: Spearphishing Voice
T1566.004
Attempted to use voice phishing to gain access to privileged accounts by impersonating IT staff.
External Remote Services
T1133
Exploited Internet-facing infrastructure, including corporate VPNs, to gain initial access to targeted entities.
Exploit Public-Facing Application
T1190
Exploited public vulnerabilities and SQL injection to gain initial access to targeted entities.
Content Injection
T1659
Leveraged a WinRAR vulnerability allowing for the execution of arbitrary code embedded in an archive.
Table 5: Execution
Tactic/Technique Title
ID
Use
User Execution: Malicious Link
T1204.001
Used malicious links to hosted shortcuts in spearphishing.
User Execution: Malicious File
T1204.002
Delivered malware executables via spearphishing.
Scheduled Task/Job: Scheduled Task
T1053.005
Used scheduled tasks to establish persistence.
Command and Scripting Interpreter
T1059
Delivered scripts in spearphishing. Executed arbitrary shell commands.
Command and Scripting Interpreter: PowerShell
T1059.001
PowerShell commands were often used to prepare data for exfiltration.
Command and Scripting Interpreter: Windows Command Shell
T1059.003
Used BAT script in spearphishing.
Command and Scripting Interpreter: Visual Basic
T1059.005
Used VBScript in spearphishing.
Command and Scripting Interpreter: Python
T1059.006
Installed python on infected machines to enable the execution of Certipy.
Enrolled compromised accounts in MFA mechanisms to increase the trust-level of compromised accounts and enable sustained access.
Hijack Execution Flow: DLL Search Order Hijacking
T1574.001
Used DLL search order hijacking to facilitate malware execution.
Boot or Logon Autostart Execution: Registry Run Keys / Startup Folder
T1547.001
Used run keys to establish persistence.
Boot or Logon Autostart Execution: Shortcut Modification
T1547.009
Placed malicious shortcuts in the startup folder to establish persistence.
Table 7: Defense Evasion
Tactic/Technique Title
ID
Use
Indicator Removal: Clear Windows Event Logs
T1070.001
Deleted event logs through the wevtutil utility.
Table 8: Credential access
Tactic/Technique Title
ID
Use
Brute Force
Sent requests with Base64-encoded credentials for the RTSP server, which included publicly documented default credentials, and likely were generic attempts to brute force access to the devices.
Brute Force: Password Guessing
T1110.001
Used credential guessing to gain initial access to targeted entities.
Brute Force: Password Spraying
T1110.003
Used brute force to gain initial access to targeted entities. Conducted a brute force password spray via LDAP.
Multi-Factor Authentication Interception
Used multi-stage redirectors to provide MFA relaying capabilities in some campaigns.
Input Capture
Used multi-stage redirectors to provide CAPTCHA relaying capabilities in some campaigns.
Forced Authentication
Used an Outlook NTLM vulnerability to collect NTLM hashes and credentials via specially crafted Outlook calendar appointment invitations.
OS Credential Dumping: NTDS
T1003.003
Attempted to dump Active Directory NTDS.dit domain databases.
Unsecured Credentials: Group Policy Preferences
T1552.006
Retrieved plaintext passwords via Group Policy Preferences using Get-GPPPassword.py.
Table 9: Discovery
Tactic/Technique Title
ID
Use
Account Discovery: Domain Account
T1087.002
Used a modified ldap-dump.py to enumerate the Windows environment.
Table 10: Command and Control
Tactic/Technique Title
ID
Use
Hide Infrastructure
T1665
Abused SOHO devices to facilitate covert cyber operations, as well as proxy malicious activity, via devices with geolocation in proximity to the target.
Proxy: External Proxy
T1090.002
Actor-controlled servers sent RTSP DESCRIBE requests destined for RTSP servers.
Proxy: Multi-hop Proxy
T1090.003
Used Tor and commercial VPNs as part of their anonymization infrastructure
Encrypted Channel
T1573
Connected to victim infrastructure using encrypted TLS.
Multi-Stage Channels
T1104
Used multi-stage redirectors for campaigns.
Table 11: Defense evasion (mobile framework)
Tactic/Technique Title
ID
Use
Execution Guardrails
Used multi-stage redirectors to verify browser fingerprints in some campaigns.
Execution Guardrails: Geofencing
T1627.001
Used multi-stage redirectors to verify IP-geolocation in some campaigns.
Table 12: Lateral movement
Tactic/Technique Title
ID
Use
Lateral Movement
Used native commands and open source tools, such as Impacket and PsExec, to move laterally within the environment.
Remote Services: Remote Desktop Protocol
T1021.001
Moved laterally within the network using RDP.
Table 13: Collection
Tactic/Technique Title
ID
Use
Email Collection
Retrieved sensitive data from email servers.
Email Collection: Remote Email Collection
T1114.002
Used server data exchange protocols and APIs such as Exchange Web Services (EWS) and IMAP to exfiltrate data from email servers.
Automated Collection
Used periodic EWS queries to collect new emails.
Video Capture
Attempted to gain access to the cameras’ feeds.
Archive Collected Data
Accessed files were archived in .zip files prior to exfiltration.
Archive Collected Data: Archive via Utility
T1560.001
Prepared zip archives for upload to the actors’ infrastructure.
Table 14: Exfiltration
Tactic/Technique Title
ID
Use
Exfiltration Over Alternative Protocol
Attempted to exfiltrate archived data via a previously dropped OpenSSH binary.
Scheduled Transfer
Used periodic EWS queries to collect new emails sent and received since the last data exfiltration.
Appendix B: CVEs exploited
Table 15: Exploited CVE information
CVE
Vendor/Product
Details
CVE-2023-38831
RARLAB WinRAR
Allows execution of arbitrary code when a user attempts to view a benign file within a ZIP archive.
CVE-2023-23397
Microsoft Outlook
External actors could send specially crafted emails that cause a connection from the victim to an untrusted location of the actor’s control, leaking the Net-NTLMv2 hash of the victim that the actor could then relay to another service to authenticate as the victim.
CVE-2021-44026
Roundcube Webmail
Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to a potential SQL injection via search or search params.
CVE-2020-35730
Roundcube Webmail
An XSS issue was discovered in Roundcube Webmail before 1.2.13, 1.3.x before 1.3.16 and 1.4.x before 1.4.10, where a plaintext email message with JavaScript in a link reference element is mishandled by linkref_addindex in rcube_string_replacer.php.
CVE-2020-12641
Roundcube Webmail
Roundcube Webmail before 1.4.4 allows arbitrary code execution via shell metacharacters in a configuration setting for im_convert_path or im_identify_path in rcube_image.php.
Appendix C: MITRE D3FEND Countermeasures
Table 16: MITRE D3FEND countermeasures
Countermeasure Title
ID
Details
Network Isolation
Employ appropriate network segmentation. Disable Universal Plug and Play (UPnP), Peer-to-Peer (P2P), and Anonymous Visit features on IP cameras and routers.
Access Mediation
Limit access and utilize additional attributes (such as device information, environment, and access path) when making access decisions. Configure access controls carefully to ensure that only well-maintained and well-authenticated accounts have access.
Inbound Traffic Filtering
Implement host firewall rules to block connections from other devices on the network, other than from authorized management devices and servers, to prevent lateral movement.
Resource Access Pattern Analysis
Use automated tools to audit access logs for security concerns and identify anomalous access requests.
Outbound Traffic Filtering
Block NTLM/SMB requests to external infrastructure.
Platform Monitoring
Install EDR/logging/cybersecurity solutions onto high value systems with large amounts of sensitive data such as mail servers and domain controllers.
System File Analysis
Collect and monitor Windows logs for certain events, especially for events that indicate that a log was cleared unexpectedly.
Application Hardening
Enable optional security features in Windows to harden endpoints and mitigate initial access techniques.
Application-based Process Isolation
Enable attack surface reduction rules to prevent executable content from email.
Executable Allowlisting
Enable attack surface reduction rules to prevent execution of files from globally writeable directories, such as Downloads or %APPDATA%.
Execution Isolation
Unless users are involved in the development of scripts, limit the execution of scripts (such as batch, JavaScript, and PowerShell) to known scripts.
Application Configuration Hardening
Disable Windows Host Scripting functionality and configure PowerShell to run in Constrained mode. Disable protocols that use weak authentication (e.g., clear-text passwords, or outdated and vulnerable authentication or encryption protocols) or do not support multi-factor authentication. Turn off other ports/services not in use (e.g., FTP, web interface, etc.).
Process Spawn Analysis
Use open source SIGMA rules as a baseline for detecting and alerting on suspicious file execution or command parameters.
URL Reputation Analysis
Use services that provide enhanced browsing services and safe link checking.
Network Access Mediation
Do not allow incoming traffic, especially logins to systems, from public VPN services. Where possible, logins from public VPNs, including exit nodes in the same country as target systems, should be blocked or, if allowed, alerted on for further investigation. Ensure cameras and other Internet of Things devices are protected by a security appliance, if possible.
DNS Denylisting
D3-DNSDL
Do not allow outgoing traffic to hosting and API mocking services frequently used by malicious actors.
Domain Name Reputation Analysis
Heuristic detections for web requests to new subdomains may uncover malicious phishing activity. Logging the requests for each sub-domain requested by users on a network, such as in DNS or firewall logs, may enable system administrators to identify new targeting and victims.
Multi-factor Authentication
Use MFA with strong factors and require regular re-authentication, especially for management accounts.
Job Function Access Pattern Analysis
D3-JFAPA
Implement other mitigations for privileged accounts: including limiting the number of admin accounts, considering using hardware MFA tokens, and regularly reviewing all privileged user accounts.
User Account Permissions
Separate privileged accounts by role and alert on misuse of privileged accounts. Audit user accounts on all devices to ensure they are an accurate reflection of your organization and that they are being used as expected.
Token-based Authentication
Reduce reliance on passwords; instead, consider using services like single sign-on.
Credential Hardening
Do not store passwords in Group Policy Preferences (GPP). Remove all passwords previously included in GPP and change all passwords on the corresponding accounts.
Authentication Event Threshholding
Use account throttling or account lockout. Throttling progressively increases time delay between successive login attempts. If using account lockout, allow between 5 to 10 attempts before lockout.
Strong Password Policy
Use a service to check for compromised passwords before using them.
Credential Rotation
Change all default credentials.
Encrypted Tunnels
Disable protocols that use weak authentication (e.g., clear-text passwords, or outdated and vulnerable authentication or encryption protocols). Use a VPN for remote connections to devices.
Software Update
Apply security patches and firmware updates to all devices. Ensure devices are currently supported. Replace devices that are end-of-life.
Agent Authentication
Ensure authentication is enabled for remote access to devices. If supported on IP cameras, enable authenticated RTSP access only.
User Behavior Analysis
Review all authentication activity for remote access to make sure it is valid and expected. Investigate any unexpected or unusual activity.
News In Brief – Source: US Computer Emergency Readiness Team
Today, CISA, the National Security Agency, the Federal Bureau of Investigation, and other U.S. and international partners released a joint Cybersecurity Advisory, Russian GRU Targeting Western Logistics Entities and Technology Companies.
This advisory details a Russian state-sponsored cyber espionage-oriented campaign targeting technology companies and logistics entities, including those involved in the coordination, transport, and delivery of foreign assistance to Ukraine.
Russian General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center, military unit 26165 cyber actors are using a mix of previously disclosed tactics, techniques, and procedures (TTPs) and are likely connected to these actors’ widescale targeting of IP cameras in Ukraine and bordering NATO nations.
Executives and network defenders at logistics entities and technology companies should recognize the elevated threat of until 26165 targeting, increase monitoring and threat hunting for known TTPs and indicators of compromise, and posture network defenses with a presumption of targeting. For more information on Russian state-sponsored threat actor activity, see CISA’s Russia Cyber Threat Overview and Advisories page.
Montpelier, Vt. – Governor Phil Scott announced action on the following bills, passed by the General Assembly.
On May 21, Governor Scott signed bills of the following titles:
H.398, An act relating to the Vermont Economic Development Authority
H.493, An act relating to making appropriations for the support of the government
S.44,An act relating to authorization to enter into certain immigration agreements
S.56,An act relating to creating an Office of New Americans
When signing H.493, Governor Scott sent the following letter to the General Assembly:
Dear Ms. Wrask:
Today, I’m signing H.493, An act relating to making appropriations for the support of government.
I appreciate that this budget makes important affordability investments – most notably the $77 million general fund transfer to the education fund to help stabilize property taxes this year, and $13.5 million in much needed, targeted tax relief for young families, lower income, working Vermonters and seniors on fixed incomes.
However, affordability must also be about getting state government and public education on a sustainable fiscal path; fixing systemic policy issues that make homebuilding, homeownership and rent far too expensive; and keeping and attracting the workers and employers we need for a strong economy. While I can support this budget, we have not yet done nearly enough to address these other areas.
Specifically, although this budget spends $30 million less in general fund base compared to the Senate version, it still spends $20 million more than my proposal. It also creates roughly 70 unique one-time appropriations. Neither would be sustainable under a more modest – and typical – revenue environment.
Outside of the budget, we must complete the work to transform our education system, starting with H.454, An act relating to transforming Vermont’s education governance, quality and finance systems. I proposed the $77 million transfer in the budget as a bridge to a structurally transformed and fiscally efficient public education system in the near term.
We need to follow through on reform.
And I urge the Legislature to pass the housing legislation I proposed at the start of the session so the housing Vermonters so desperately need can be built.
While not perfect, H.493 makes critical investments in affordability, housing, education and public safety. But we must focus on the policy bills that fix what’s broken so the funding can have its intended impact.
Sincerely,
/s/
Philip B. Scott
Governor
To view a complete list of action on bills passed during the 2025 legislative session,click here.
Lt. Gov. Luke – VNR – Hawaiʻi Schools Win ‘Super Sleuth’ Award in Internet Speeds Mapping Effort
Posted on May 20, 2025 in Latest Department News, Newsroom
STATE OF HAWAIʻI KA MOKU ʻĀINA O HAWAIʻI
SYLVIA LUKE LIEUTENANT GOVERNOR KE KEʻENA O KA HOPE KIAʻĀINA
FOR IMMEDIATE RELEASE
May 20, 2025
Hawaiʻi Schools Win ‘Super Sleuth’ Award in Internet Speeds Mapping Effort
Connect Kākou’s Digital Detectives Initiative included 6,000 participants statewide
Lt. Gov. Luke with Robert Louis Stevenson Middle School (left) and Kona Pacific Charter School (right).
(Videos/Photos Courtesy: Connect Kākou)
HONOLULU – Lieutenant Governor Sylvia Luke announced today that more than 6,000 Hawaiʻi residents, many of them students, participated in the Digital Detectives campaign to map internet speeds across the state. Part of the Connect Kākou initiative, Digital Detectives aimed to close the digital divide by identifying areas in need of urgent broadband infrastructure improvements.
By taking a simple 30-second internet speed test last October, residents provided valuable data to help ensure federal funding is directed where it is most needed. Classes from Robert Louis Stevenson Middle School and Kona Pacific Charter School received the top Digital Detectives Super Sleuth Awards for student participation and classroom reporting. The classes received a visit from Lieutenant Governor Luke and a gift card for classroom supplies.
“Thanks to the thousands of students and their teachers who participated in Digital Detectives, we now have a clearer picture of Hawaiʻi’s internet speeds and where improvements are most needed,” said Lieutenant Governor Luke. “Reliable internet is crucial for education, future careers, and so much more. We were thrilled to see so many students taking part in shaping a more connected future for our state.
“Digital Detectives encouraged our students to become active participants in expanding internet access for their communities,” said Ken Hiraki, executive director of the Public Schools Foundation. “By turning a simple classroom activity into meaningful data for our state, students had a front row seat to civic engagement and real-world impact.”
Results from the internet speed tests have been aggregated to provide a more comprehensive view of connectivity across the state. Construction of fiber-optic internet lines in underserved areas is expected to begin as early as this year.
Connect Kākou is a State of Hawai‘i initiative led by Lieutenant Governor Luke, in collaboration with the Hawai‘i Broadband and Digital Equity Office (HBDEO), the University of Hawai‘i, the Department of Hawaiian Home Lands (DHHL), and multiple state and county agencies. Connect Kākou is working to ensure people from all walks of life have reliable access to high-speed internet and the tools and knowledge to safely and confidently use the internet. Visit www.connectkakou.org to learn more.
DBEDT NEWS RELEASE: HAWAI‘I APRIL UNEMPLOYMENT RATE REMAINS AT 2.9 PERCENT
Posted on May 20, 2025 in Latest Department News, Newsroom
STATE OF HAWAIʻI
KA MOKU ʻĀINA O HAWAIʻI
JOSH GREEN, M.D. GOVERNOR
KE KIAʻĀINA
DEPARTMENT OF BUSINESS, ECONOMIC DEVELOPMENT ANDTOURISM
KA ʻOIHANA HOʻOMOHALA PĀʻOIHANA, ʻIMI WAIWAI A HOʻOMĀKAʻIKAʻI
RESEARCH AND ECONOMIC ANALYSIS DIVISION
JAMES KUNANE TOKIOKA
DIRECTOR
KA LUNA HOʻOKELE
EUGENE TIAN
CHIEF STATE ECONOMIST
HAWAI‘I APRIL UNEMPLOYMENT RATE REMAINS AT 2.9 PERCENT
Jobs Increased by 17,000 Year-Over-Year
FOR IMMEDIATE RELEASE
May 20, 2025
HONOLULU — The Hawai‘i State Department of Business, Economic Development and Tourism (DBEDT) today announced that the seasonally adjusted unemployment rate for April was 2.9 percent, the same as in March. In April, 668,650 persons were employed and 19,650 were unemployed, for a total seasonally adjusted labor force of 688,300 statewide. Nationally, the seasonally adjusted unemployment rate was 4.2 percent in April, the same as in March.
The unemployment rate figures for the state of Hawai‘i and the U.S. in this release are seasonally adjusted in accordance with U.S. Bureau of Labor Statistics (BLS) methodology. The not-seasonally adjusted rate for the state was 2.5 percent in April, compared to 2.4 percent in March.
Industry Payroll Employment (Establishment Survey)
In a separate measure of employment, total nonagricultural jobs increased by 1,500 month-over-month, from March 2025 to April 2025. Job gains were experienced in Leisure & Hospitality (+1,900); Private Education & Health Services (+1,100); Trade, Transportation & Utilities (+500); Professional & Business Services (+400); Construction (+300); and Information (+100). Within Leisure & Hospitality, the rise in employment primarily occurred in Food Services & Drinking Places. Within Private Education & Health Services, the bulk of job gains were spread out over the subsectors of Health Care & Social Assistance. Employment in Manufacturing remained unchanged. Job losses occurred in Financial Activities (-200); and Other Services (-200). Government employment went down by 2,400 jobs, primarily due to below average over-the-month change in staffing at both the Department of Education and the University of Hawai‘i system. Year-over-year, nonfarm jobs have gone up by 17,000, or 2.7 percent.
Technical Notes:
Labor Force Components
The concepts and definitions used by the Local Area Unemployment Statistics (LAUS) program are the same as those used in the Current Population Survey for the national labor force data:
Civilian labor force. Included are all persons in the civilian noninstitutional population ages 16 and older classified as either employed or unemployed. (See the definitions below.)
Employed persons. These are all persons who, during the reference week (the week including the twelfth day of the month), (a) did any work as paid employees, worked in their own business or profession or on their own farm, or worked 15 hours or more as unpaid workers in an enterprise operated by a member of their family, or (b) were not working but who had jobs from which they were temporarily absent because of vacation, illness, bad weather, childcare problems, maternity or paternity leave, labor-management dispute, job training, or other family or personal reasons, whether or not they were paid for the time off or were seeking other jobs. Each employed person is counted only once, even if he or she holds more than one job.
Unemployed persons. Included are all persons who had no employment during the reference week, were available for work, except for temporary illness and had made specific efforts to find employment sometime during the four-week period ending with the reference week. Persons who were waiting to be recalled to a job from which they had been laid off need not have been looking for work to be classified as unemployed.
Unemployment rate. The unemployed percent of the civilian labor force [i.e., 100 times (unemployed/civilian labor force)].
Seasonal Adjustment
The seasonal fluctuations in the number of employed and unemployed persons reflect hiring and layoff patterns that accompany regular events such as the winter holiday season and the summer vacation season. These variations make it difficult to tell whether month-to-month changes in employment and unemployment are due to normal seasonal patterns or to changing economic conditions. Therefore, the BLS uses a statistical technique called seasonal adjustment to address these issues. This technique uses the history of the labor force data and the job count data to identify the seasonal movements and to calculate the size and direction of these movements. A seasonal adjustment factor is then developed and applied to the estimates to eliminate the effects of regular seasonal fluctuations on the data. Seasonally adjusted statistical series enable more meaningful data comparisons between months or with an annual average.
Current Population (Household) Survey (CPS)
A survey conducted for employment status in the week that includes the twelfth day of each month generates the unemployment rate statistics, which is a separate survey from the Establishment Survey that yields the industry job counts. The CPS survey contacts approximately 1,000 households in Hawai‘i to determine an individual’s current employment status. Employed persons consist of 1) all persons who did any work for pay or profit during the survey reference week, 2) all persons who did at least 15 hours of unpaid work in a family owned enterprise operated by someone in their household and 3) all persons who were temporarily absent from their regular jobs, whether they were paid or not. Persons considered unemployed are those that do not have a job, have actively looked for work in the prior four weeks and are available for work. Temporarily laid-off workers are counted as unemployed, whether or not they have engaged in a specific job-seeking activity. Persons not in the labor force are those who are not classified as employed or unemployed during the survey reference week.
Benchmark Changes to Local Area Unemployment Statistics Data
Statewide and sub-state data for 2019 to 2024 have revised inputs and data for 1990 to 2024 have been re-estimated to reflect revised population controls and model re-estimation.
Change to Monthly Employment Estimates
This release incorporates revised job count figures for the seasonally adjusted series. The revised data reflects historical corrections applied to unadjusted super sector or sector-level series dating back from 2018 through 2024. For years, analysts with the state of Hawai‘i Department of Labor and Industrial Relations Research and Statistics Office have developed monthly employment estimates for Hawai‘i and its metropolitan areas. These estimates were based on a monthly survey of Hawai‘i businesses and analysts’ knowledge about our local economies. Beginning with the production of preliminary estimates for March 2011, responsibility for the production of state and metropolitan area (MSA) estimates were transitioned from individual state agencies to the U.S. Bureau of Labor Statistics (BLS).
For Hawai‘i, this means the transition of statewide, Honolulu and Kahului-Wailuku MSA estimates for both the seasonally adjusted and not-seasonally adjusted areas are produced by BLS. State agencies will continue to provide the BLS with information on local events that may affect the estimates, such as strikes or large layoffs/hiring at businesses not covered by the survey and to disseminate and analyze the Current Employment Statistics (CES) estimates for local data users. BLS feels this change is designed to improve the cost efficiency of the CES program and to reduce the potential bias in state and area estimates. A portion of the cost savings generated by this change is slated to be directed toward raising survey response rates in future years, which will decrease the level of statistical error in the CES estimates. Until then, state analysts feel this change could result in increased month-to-month variability for the industry employment numbers, particularly for Hawai‘i’s counties and islands. BLS can be reached at 202-691-6555 for any questions about these estimates.
The not-seasonally adjusted job estimates for Hawai‘i County, Kaua‘i County, Maui, Moloka‘i and Lāna‘i are produced by the state of Hawai‘i Department of Business, Economic Development and Tourism.
Labor Force Estimates for Small Areas
Labor Force estimates for the islands within Maui County (Maui, Moloka‘i and Lānai) are produced by the state of Hawai‘i Department of Business, Economic Development and Tourism.
Seasonally Adjusted Labor Force and Unemployment Estimates for Honolulu and Maui County
BLS publishes smoothed seasonally adjusted civilian labor force and unemployment estimates for all metropolitan areas, which includes the City and County of Honolulu and Maui County.
BLS releases this data each month in the Metropolitan Area Employment and Unemployment news release. The schedule is available at http://www.bls.gov/news.release/metro.toc.htm.
Alternative Measures of Labor Underutilization
Alternative Measures of Labor Underutilization for States, Second Quarter of 2024 through First Quarter of 2025 Averages
Area
Measure
U-1
U-2
U-3
U-4
U-5
U-6
United States
1.5
2.0
4.1
4.3
5.0
7.7
Hawai‘i
0.7
1.2
3.0
3.1
3.9
6.2
The six alternative labor underutilization state measures based on the Current Population Survey (CPS) and compiled on a four-quarter moving-average basis defined as:
U-1, persons unemployed 15 weeks or longer, as a percent of the civilian labor force;
U-2, job losers and persons who completed temporary jobs, as a percent of the civilian labor force;
U-3, total unemployed, as a percent of the civilian labor force (this is the definition used for the official unemployment rate);
U-4, total unemployed plus discouraged workers, as a percent of the civilian labor force plus discouraged workers;
U-5, total unemployed, plus discouraged workers, plus all other marginally attached workers*, as a percent of the civilian labor force plus all marginally attached workers; and
U-6, total unemployed, plus all marginally attached workers, plus total employed part-time for economic reasons, as a percent of the civilian labor force plus all marginally attached workers.
*Individuals who want and are available for work, and who have looked for a job sometime in the prior 12 months (or since the end of their last job if they had one within the past 12 months) but were not counted as unemployed because they had not searched for work in the four weeks preceding the survey, for such reasons as childcare or transportation problems, for example. Discouraged workers are a subset of the marginally attached.
Please note that the state unemployment rates (U-3) that are shown are derived directly from the CPS. As a result, these U-3 measures may differ from the official state unemployment rates for the latest four-quarter period. The latter are estimates developed from statistical models that incorporate CPS estimates, as well as input data from other sources, such as state unemployment claims data.
# # #
Media contacts:
Dr. Eugene Tian
Chief State Economist
Research and Economic Analysis Division
Department of Business, Economic Development and Tourism, State of Hawai‘i
Phone: 808-586-2470
Email: [email protected]
Laci Goshi
Communications Officer
Department of Business, Economic Development and Tourism, State of Hawai‘i
DLNR News Release – ADDITIONAL TEMPORARY CLOSURES AT DIAMOND HEAD STATE MONUMENT IN JUNE, May 20, 2025
Posted on May 20, 2025 in Latest Department News, Newsroom
STATE OF HAWAIʻI
KA MOKUʻĀINA O HAWAIʻI
JOSH GREEN, M.D.
GOVERNOR
KE KIAʻĀINA
DEPARTMENT OF LAND AND NATURAL RESOURCES
KA ‘OIHANA KUMUWAIWAI ‘ĀINA
DAWN N.S. CHANG
CHAIRPERSON
KA LUNA HOʻOKELE
ADDITIONAL TEMPORARY CLOSURES AT DIAMOND HEAD STATE MONUMENT IN JUNE
FOR IMMEDIATE RELEASE
May 20, 2025
HONOLULU – More full-day closures are forthcoming to Diamond Head State Monument (DHSM) next month. The DLNR Division of State Parks (DSP) announces park closures for ongoing rockfall mitigation work from June 17-20 and 24-27 at the popular O‘ahu landmark.
During these full closures, access to the park will be restricted and no visitors will be allowed entry. Employees will access the crater via the Kapahulu Tunnel between 6 a.m. and 6 p.m. A guard will be stationed at the entry gate leading to the tunnel for the duration of the closures.
On Monday June 16 and 23, the park will maintain its current partial closure hours from 6 a.m. – 2 p.m. All other days in June will continue with the current schedule: weekdays with closure at 2 p.m. and weekends with closure at 6 p.m.
DSP appreciates the patience of residents and visitors through this process to create a safer, more enjoyable experience at Diamond Head. The estimated project completion date is July 25, 2025.
# # #
RESOURCES
(All images/video courtesy: DLNR)
HD Video – Diamond Head rockfall mitigation project (February 7, 2025):
Source: United States Senator for New Hampshire Maggie Hassan
WASHINGTON – U.S. Senator Maggie Hassan (D-NH), Ranking Member of the Senate Finance Subcommittee on Health, responded to a new analysis from the non-partisan Congressional Budget Office finding that the plan put forward by President Trump and Congressional Republicans to give corporate special interests and billionaires a tax break increases the deficit by $2.3 trillion, which will trigger a $490 billion automatic cut to Medicare over the next 10 years.
“Seniors pay into Medicare their entire life, based on the promise that it will provide them with health care when they retire. It is absolutely ridiculous that Republicans want to take hundreds of billions of dollars away from Medicare in order to provide more tax giveaways to corporate special interests and billionaires,” said Senator Hassan, Ranking Member of the Senate Finance Subcommittee on Health. “At a time when we should be working to make health care more affordable, Congressional Republicans instead continue to push ahead with this partisan tax giveaway paid for by exploding the deficit and cutting Medicare, Medicaid, and Affordable Care Act, which will only increase health care costs for millions of Americans across the country.”
The non-partisan Congressional Budget Office analysis finds that because the Congressional Republican plan increases the deficit by $2.3 trillion, it will trigger automatic cuts of $490 billion to Medicare. More than 60 million American seniors are enrolled in Medicare. An additional recent non-partisan analysis of the Republican tax plan finds that the legislation will also result in 13.7 million Americans losing their health insurance by 2034 because of proposed cuts to Medicaid and the Affordable Care Act.
Source: United States Senator for Commonwealth of Virginia Mark R Warner
WASHINGTON – U.S. Sens. Mark R. Warner (D-VA), Tim Kaine (D-VA), and Michael Bennet (D-CO) issued the statement below after the Department of Defense (DoD) announced immediate modifications to the military’s broken moving system, which handles servicemember relocations. These modifications follow close advocacy by the senators, who have pushed for months to address the delays, poor communication, and repeated issues under the Global Household Goods Contract.
“Military members and their families sacrifice so much in service to our country, including every time they relocate and integrate into a new community. After pushing for months, we’re pleased to see the Department of Defense move to address ongoing challenges with the contract tasked with moving household goods for military members and families in the process of relocating.
“As these policy changes are implemented, we will continue to work with the Department of Defense and TRANSCOM to ensure that servicemembers and military families who are already well into the relocation process are not left in the lurch. Additionally, as these shifts put more pressure on federal employees to adapt to this change, we will continue to push for adequate federal staffing levels and against Trump’s senseless hiring freeze, which continues to prevent critical positions from being filled across government.”
In February, Sen. Warner requested a briefing from USTRANSCOM and sounded the alarm about missed household goods pickups, delivery issues, and communication difficulties with HomeSafe Alliance, the contractor responsible for the moves. Earlier this month, the lawmakers raised their concerns, reiterating the ongoing delays and confusion being faced by military families, and requesting additional information from TRANSCOM on its plan to address these issues.
WASHINGTON – The Department of Homeland Security today announced that Immigration and Customs Enforcement (ICE) lodged a detainer for a 24-year-old illegal alien from Venezuela who posed as a teenager to attend an Ohio high school.
On May 19, the Perrysburg Ohio Police Department arrested and charged Anthony Emmanuel Labrador-Sierra with forgery. On May 20, ICE issued a detainer.
Mug shot from Wood County Jail.
“Anthony Emmanuel Labrador-Sierra is a 24-year-old illegal alien from Venezuela who has been posing as teenager and attending Perrysburg High School in Ohio,” said Assistant Secretary Tricia McLaughlin. “Labrador was arrested and charged with forgery by the Perrysburg Ohio Police Department on May 19 for using fake documents to become enrolled in the high school. ICE lodged a detainer to ensure that this criminal illegal alien is removed from this community and no longer able to prey on the students of Perrysburg High School. It is disturbing that a grown man would impersonate a teenager and infiltrate the lives of underage girls and boys to fool them into doing God knows what.”
Labrador has illegally been in the U.S. since March 24, 2020.
A delegation of eight Members of the Committee on Foreign Affairs (AFET), led by Chair David McAllister, will travel to Uruguay and Argentina from 26 to 29 May. Members will engage in high-level discussions regarding the EU-Mercosur Partnership Agreement which was concluded last December in Montevideo, Uruguay. The findings from this visit will contribute to the preparatory work for the consent procedure on the political and cooperation aspects of the Agreement, for which AFET is responsible.
More broadly, this mission will allow to exchange views on bilateral, regional and multilateral cooperation, as well as geopolitical issues such as Russia’s war of aggression against Ukraine, the situation in the Middle East, and China’s expanding influence in Latin America.
Question for written answer E-001902/2025 to the Commission Rule 144 Dolors Montserrat (PPE)
The reply to questions E-000571/2025, E-000570/2025, E-000572/2025 and E-000573/2025[1] on the use of the Recovery and Resilience Facility (RRF) by RTVE only makes reference to a digital training project and defers its assessment to a later date. Taking account of the results of the European Court of Auditors’ report on the RRF, which identifies structural weaknesses that need to be addressed if a performance-based funding model is to be consolidated:
1.How does the Commission intend to ensure that Recovery and Resilience Facility funds actually reach the final recipients, especially in countries such as Spain, where a lack of traceability, delays in implementation and poor assessment of the impact of the reforms financed have been identified?
2.How does it intend to prevent the opaque use of funds within RTVE, bearing in mind that this could open the door to bad practices, corruption or favouritism, thereby eroding public trust in the institutions?
Reporting to the meeting in her capacity as Chair of the Trade Negotiations Committee (TNC), the Director-General said that in recent meetings she had with leaders and ministers in Japan and the Republic of Korea, the issue of WTO reform “was front and centre” of the discussions.
“Prime Minister Ishiba (of Japan) and his ministers of trade, foreign affairs and finance, along with virtually every APEC minister that I met in Jeju, have bought into the idea that we must not waste a crisis, and that we need deep and thorough reform of the WTO if it is to remain relevant,” DG Okonjo-Iweala said.
“For a successful MC14, we must act here in Geneva to deliver a package of reform proposals for ministers to consider and bless at MC14,” she added. “Nothing short of this can reposition this organization in the way and form needed.”
The Director-General met with Prime Minister Ishiba and other senior Japanese government officials in Tokyo on 13 May and then attended a meeting of trade ministers from the Asia-Pacific Economic Cooperation (APEC) forum in Jeju, Republic of Korea, on 15-16 May.
At their 12th Ministerial Conference in 2022, WTO members for the first time agreed to undertake a comprehensive review of the WTO’s functions in order to ensure the organization is capable of responding more effectively to both the challenges facing the multilateral trading system and the opportunities provided by contemporary developments in global trade.
The Director-General said that while the ministers she met “made clear they value the system, they also admitted it cannot continue the way it is.”
“Members keep sweeping things under the carpet and not solving problems,” she said. “I think what has brought us here is the inability to solve problems when they occur, and this has led to unilateral actions, instead of a cooperative approach to solve these problems.”
“It has taken time for members to admit that things are not working as well as they should, and that they want solutions,” she continued.
The Director-General said she was pleased work is continuing on possible deliverables for MC14, including further work on fisheries subsidies, agriculture, the Investment Facilitation for Development initiative, electronic commerce, and issues pertaining to least developed countries (LDCs). Members will have a chance to assess progress on these issues at the next TNC meeting in July and decide later which packages are ready to take forward to MC14 for decision.
She welcomed the recent progress made on member acceptances of the Agreement on Fisheries Subsidies, noting that 99 members have now accepted the Agreement with only 12 more needed to bring it into force.
Twenty-six delegations took the floor after the Director-General’s intervention, some of them speaking on behalf of groups of members. Many members commented on a suggested road map for MC14 prepared by the WTO Secretariat and highlighted issues of interest, including WTO reform, new disciplines on fisheries subsidies, progress on agriculture, the e-commerce moratorium, and industrial policy, among others.
General Council Chair to initiate MC14 consultations
Under a separate agenda item, the General Council Chair, Ambassador Saqer Abdullah Almoqbel (Kingdom of Saudi Arabia), noted that discussions he had with delegations over the past weeks revealed various calls to proceed with work in three key areas, namely: WTO reform; dispute settlement reform; and the process towards preparing a possible MC14 outcome document.
With MC14 taking place in 10 months, “time is not on our side,” he told members. “Accordingly, immediately after this General Council meeting, I intend to consult interested delegations on how to take forward work in each of these areas.”
Investment facilitation for development
On the Investment Facilitation for Development (IFD) initiative, members were once again unable to reach consensus on the request supported by 126 members to incorporate the IFD Agreement under Annex 4 of the Marrakesh Agreement establishing the WTO. This marked the eighth time the proposal has been submitted to members for adoption.
Speaking on behalf of the 126 co-sponsors, the Republic of Korea underlined the urgent need for incorporating the Agreement into the WTO framework in order to help members attract investment, in particular developing and least developed country members. IFD Agreement participants are also actively engaging with non-participating members to build understanding and highlight the Agreement’s benefit, the Republic of Korea said.
Three members reiterated their objections to incorporating the IFD Agreement into the WTO multilateral framework.
Current trade tensions
On behalf of 47 members, Singapore and Switzerland introduced a statement in support of the rules-based multilateral trading system. The statement cites the value and achievements of the WTO since it was established in 1995, underlining how the organization has contributed to the economic development of both developed and developing members by promoting trade liberalization and facilitating economic integration, fostering stability, predictability and consumers’ trust while preserving incentives for innovation. The WTO’s support for developing economies, including LDCs, has lifted millions out of poverty, the co-sponsors said.
China introduced its communication regarding heightened trade turbulence and responses from the WTO. Faced with the current situation of heightened trade turbulence, China said, members should safeguard the rules-based multilateral trading system with the WTO at its core. China proposed a “Stability, Development and Reform” (SDR) approach for the WTO and said it stands ready to work with all parties to safeguard the WTO rules system and inject more certainty and predictability into the global economy.
The European Union introduced an item on fragmentation of global trade through tariffs and the global costs. The EU said the item was submitted in response to the economic and trade uncertainty created by recent tariff actions. The EU underlined its support for a rules-based multilateral trading system and highlighted the importance of ongoing dialogue on tariffs to assess impacts, monitor trade patterns, and consider systemic effects.
WTO retreat on sustainable agriculture
Brazil expressed its appreciation for the recent WTO retreat on sustainable agriculture and the broad engagement across regions and constituencies. It highlighted trends in agriculture production globally, including towards increased productivity and the search for greater resilience and sustainability. Brazil said it saw value in further discussing this topic in a forward-looking manner as a conversational WTO exercise.
Thirty-six delegations took the floor to comment.
Electronic commerce
Japan, on behalf of the co-sponsors of the Agreement on Electronic Commerce, informed members of the co-sponsors’ recent efforts to gather members’ support for incorporation of the Agreement into the WTO multilateral framework. Japan also reported that the co-sponsors are undertaking work to advance implementation of the Agreement, including a needs assessment survey to better understand priorities for implementation support.
Several members reiterated their concerns about the Agreement and their objections to its incorporation into the WTO multilateral framework.
Next meeting
The next meeting of the General Council is tentatively scheduled for 22-23 July.
Source: United States of America – Federal Government Departments (video statements)
In this episode, Deputy Secretary of Veterans Affairs, the Honorable Paul R. Lawrence, Ph.D., is exploring a question that matters to Veterans and their families: Who’s eligible to be buried in a VA national cemetery and how can you find out in advance?
Apply today to see if you’re eligible for burial in a VA cemetery: https://www.va.gov/burials-memorials/pre-need-eligibility/
Source: United States of America – Federal Government Departments (video statements)
We arrested Honduran criminal alien Darwin Ronaldo Rodriguez Lopez. He received a DUI conviction Feb. 25, 2024, and just six months later was arrested again for impaired driving.
Don’t come to this country, break our laws multiple times, and expect to stay.
In fact, thanks to the Trump administration, if you’re here illegally at all — expect an ICE arrest.
Source: United States of America – Department of State (video statements)
Secretary of State Marco A. Rubio Opening Statement before the House Foreign Affairs Committee on the FY26 Department of State Budget Request on Capitol Hill, on May 21, 2025.
———-
Under the leadership of the President and Secretary of State, the U.S. Department of State leads America’s foreign policy through diplomacy, advocacy, and assistance by advancing the interests of the American people, their safety and economic prosperity. On behalf of the American people we promote and demonstrate democratic values and advance a free, peaceful, and prosperous world.
The Secretary of State, appointed by the President with the advice and consent of the Senate, is the President’s chief foreign affairs adviser. The Secretary carries out the President’s foreign policies through the State Department, which includes the Foreign Service, Civil Service and U.S. Agency for International Development.
Get updates from the U.S. Department of State at www.state.gov and on social media!
Facebook: https://www.facebook.com/statedept
X: https://x.com/StateDept
Instagram: https://www.instagram.com/statedept
Flickr: https://flickr.com/photos/statephotos/
Rumble: https://rumble.com/c/StateDept
Substack: https://statedept.substack.com
Watch on-demand State Department videos: https://video.state.gov/
Subscribe to The Week at State e-newsletter: https://public.govdelivery.com/accounts/USSTATEBPA/signup/32562
State Department website: https://www.state.gov/
Careers website: https://careers.state.gov/
White House website: https://www.whitehouse.gov/
Terms of Use: https://state.gov/tou
Local governments, First Nations and not-for-profit organizations throughout British Columbia are receiving funding to promote economic diversification, clean-economy opportunities and infrastructure development.
“We’re partnering with rural community leaders to invest in the future of their local economies,” said Diana Gibson, Minister of Jobs, Economic Development and Innovation. “By helping fund impactful projects throughout the province, we’re supporting people and helping their communities to flourish.”
The Government of B.C is investing as much as $43 million from the third intake of the Rural Economic Diversification and Infrastructure Program (REDIP) toward more than 130 projects that will strengthen local economies, create an estimated 2,200 jobs and make a positive impact for people and communities across rural areas of the province.
One example is the Sea to Sky Outdoor Adventure Recreation Enterprise’s (SOARE) Basecamp Innovation Centre expansion project, which will further develop the outdoor recreation sector within the Sea-to-Sky region. Funding will support a facility upgrade, specialized manufacturing equipment and a repair hub, a six-month business accelerator program and high-impact events for industry networking and cross-sector collaboration. These expanded services will empower local businesses, support sustainable growth and establish the Sea-to-Sky region as a leader in outdoor recreation innovation and economic diversification.
“SOARE is incredibly grateful to have been a successful recipient of REDIP. This funding has been pivotal to our non-profit’s growth, to our physical innovation centre and the programming we are able to offer. SOARE is able to provide assistance to our outdoor business members, creating highly impactful workshops and keeping our physical space equipped with machinery and tools,” said Anirban (JoJo) Das, executive director of SOARE.
In northern B.C., the Indigenous Economic Resilience in the Rural/Remote North project supports clean job growth, economic resilience and community wellness. This is through the continued development of an Indigenous-led, culturally safe skills-training and employment centre in northern B.C. This project will support vital employment and training infrastructure to boost jobs and circular economic growth that is much needed in rural, remote regions with high Indigenous populations.
“The Indigenous Food Sovereignty Association (IFSA) is excited to receive this support from the REDIP program. It will build economic resilience, revitalize food systems, and support job skills development in rural, northern Indigenous communities,” said Jacob Beaton, executive director of the IFSA.
Another project aims to increase understanding of rural, remote coastal and Indigenous community economies. The Communities Talking project will ensure communities are discussing economic solutions internally and with each other. The goal is to work with select communities to collect their unique economic information and weave Indigenous conversations with western data-collection approaches.
“Successfully addressing the economic challenges of B.C.’s coastal rural, remote and Indigenous communities requires current, evidence-based data. Thanks to REDIP 2024-25 funding, we can integrate Indigenous relational approaches with western economic data to support co-ordinated local decision-making, job creation and investment attraction,” said Francine Carlin, chair of the Rural Islands Economic Partnership.
In its first three years, REDIP will see as much as $142 million invested in more than 450 projects across B.C. that will create an estimated 7,000 jobs in rural areas. The ministry anticipates that additional funding opportunities for rural economic-development projects will be available this year.
Quotes:
Steve Morissette, parliamentary secretary for rural development –
“Investing in local priorities is making communities stronger, more resilient and better prepared for the future. REDIP is ensuring people in every corner of the province have the tools needed for success.”
Stephanie Higginson, MLA for Ladysmith-Oceanside –
“Through REDIP, we’re empowering rural communities throughout B.C. to thrive and grow. Together, we’re building a sustainable future in every corner of our province.”
Quick Facts:
The Rural Economic Diversification and Infrastructure Program completed three application intake periods from fiscal year 2022-23 to fiscal year 2024-25.
A total of approximately $142 million has been allocated to 453 projects in rural communities throughout the province.
The Forest Impact Transition stream has provided approximately $32.6 million in targeted funding to support economic recovery and diversification in affected forestry-dependent communities.
The next intake of REDIP is expected to open in July 2025.
Learn More:
To learn more about the Rural Economic Diversification and Infrastructure Program and see the lists of approved projects, visit: https://gov.bc.ca/redip
Headline: Missouri Man Sentenced to Over Nine Years in Prison for Church Arson
A Missouri man was sentenced yesterday to 111 months in prison by U.S. District Judge Matthew T. Schelp for the Eastern District of Missouri for burning down a Cape Girardeau, Missouri house of worship in 2021. He was also ordered to pay $6,968,223.36 in restitution for damages incurred by the church.
Source: United States Senator for South Carolina Lindsey Graham
WASHINGTON – U.S. Senators Lindsey Graham (R-South Carolina) and Richard Blumenthal (D-Connecticut) today made this joint statement after their legislation to impose primary and secondary sanctions against Russia and actors supporting Russia’s aggression in Ukraine reached 81 cosponsors in the U.S. Senate.
These sanctions would be imposed if Russia refuses to engage in good faith negotiations for a lasting peace with Ukraine or initiates another effort, including military invasion, that undermines the sovereignty of Ukraine after peace is negotiated. The legislation also imposes a 500 percent tariff on imported goods from countries that buy Russian oil, gas, uranium and other products.
“As Secretary Rubio indicated yesterday to the Senate Appropriations Subcommittee on State and Foreign Operations, Russia has agreed to provide its term sheet for a ceasefire in the next few days. Its contents will speak volumes as to whether or not Russia is serious about peace. We suspect it will be more of the same.
“If it is more of the same, Russia can expect decisive action from the United States Senate. To that end, we are beyond pleased that we now have 81 cosponsors for legislation to sanction Russia for its barbaric invasion of Ukraine. Our legislation will isolate Russia – putting it on a trade island by imposing stiff tariffs on other countries that support these atrocities. One of the main priorities of our legislation is to hold China accountable for propping up Putin’s war machine by buying cheap Russian oil from the shadow fleet. Without China’s economic support, Putin’s war machine would come to a grinding halt.
“While we yearn for peace, it is increasingly clear to us – and a supermajority of the Senate – that Putin is playing games. The United States Senate stands ready to act if these games continue.”
Background on the Sanctioning Russia Act of 2025 is available HERE.
Bill text is available HERE.
As climate change continues to impact the way we interact with our planet, it’s critical to consider ways we can encourage youth to participate in climate action initiatives.
Young people across Canada are feeling frightened about the future of the planet. A Canadian study published in 2023 surveyed 1,000 young participants on their feelings about climate change. Sixty-six per cent of respondents said they felt anxiousness or hopelessness about climate change, while 78 per cent said it impacts their overall mental health.
There are a number of ways to approach this overwhelming emotion, considering it could result not only in poor quality of life for youth but also continued inaction for the planet.
My research in outdoor physical education leads me to consider more positive behaviour for youth in association to climate change that could likely benefit youth and the planet. The challenge is finding opportunities to develop pro-environmental behaviours and environmental stewardship with Canadian youth.
When looking to develop pro-environmental behaviours, one way could be to simply encourage more time outdoors. But research from Germany suggests that just interacting with nature is not enough; rather, young people need to find ways to engage with nature and use the natural landscape to develop an emotional connection with the environment.
According to the German study, certain sports can lead to more environmentally sustainable attitudes and behaviours from participants. Some sports in particular — like cross-country skiing, mountain biking or triathlon — increase those positive behaviours more than others. This isn’t simply because participants are alone within a natural setting; it’s because the focus of the sport is on the natural landscape.
To explain a bit further, soccer, for example, is typically played outside but often on a manicured, sometimes artificial, field that is in many ways devoid of any natural influence.
Alternatively, mountain biking requires participants to ride on trails that take them directly through forested areas or spaces that are selected based on their unique natural landscape. As athletes participate in sports more frequently and spend more time within nature, they then develop a stronger emotional connection to the space they’re in. This leads to pro-environmental behaviours and attitudes, which can then generate environmental stewardship.
Within rock climbing groups and organizations, there is evidence suggesting members frequently participate in beneficial environmental stewardship projects. Outdoor rock-climbing groups typically manage spaces — sometimes privately owned, but frequently under government jurisdiction in provincial or national parks — to ensure safe and responsible climbing practices. Climbers rely on ropes, equipment and bolts to ensure safety as they’re climbing.
But another obvious factor is the rock face they climb. The connection to rock and the climbing routes over those rock faces help foster a sense of environmental stewardship within climbers. Similar to mountain biking, the process starts with an introduction to the sport, but slowly develops into more care and attention paid to the natural spaces where climbers practise their activity.
The research finds that for climbers, the challenge is to maintain natural spaces and keep the rock as pristine as possible. This also extends to conservation efforts to ensure that space maintains its use for climbing as opposed to turning it into a more urban or commercialized area.
The joy that participants received from the sport of climbing initiated this environmental stewardship and maintained progressive action in local environmental initiatives.
Element of physical risk
One thing to note is that climbing and mountain biking do involve an element of physical risk.
Doing some research on these sports can help youth assess risks alongside what can be gained from participating. But it’s also important to acknowledge that encouraging young people to foster deeper connections to nature as opposed to having simple interactions with outdoor spaces doesn’t mean they have to cycle down a mountain or climb a massive rock wall.
Instead of a high-risk sport, educators and outdoor leaders can influence participants with simpler actions. I am aware of outings involving outdoor hikes, or taking time at night to gaze at the stars and listen to the sounds of nature, that have sparked in young people an interest in outdoor spaces — and caring for them.
Such experiences can then lead young people to continue to explore outdoor adventure and sport, that can , significantly, foster an appreciation of natural settings through direct interaction as well as a positive sense of community. This can be a starting point to help alleviate feelings of hopelessness to climate change.
Despite the benefits of participating in outdoor sports, there is a need to acknowledge that participation can have some negative impact on the environment.
This being said, it’s critical to consider what we can gain from supporting youth to participate in outdoor sport and education when such activities are planned with attentiveness and care.
Brett Tomlinson does not work for, consult, own shares in or receive funding from any company or organisation that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.
Source: The Conversation – Canada – By Genevieve LeBaron, Distinguished SFU Professor of Global Supply Chain Governance, Simon Fraser University
Gender-based violence and harassment is a widespread issue in supply chains. Women workers in garment manufacturing, food production and hospitality are routinely subjected to unwanted touching and sexual advances and inappropriate comments, while promotion and advancement are often conditional on sex. In the most severe cases, this abuse escalates to sexual assault and rape.
A 2024 report from Statistics Canada, for instance, has found that 47 per cent of women have experienced some form of harassment or sexual assault in the workplace.
Rates of gender-based violence and harassment are thought to be even higher in some countries and industries. In Bangladesh, a 2018 study found at least 60 per cent of garment workers had experienced it in the previous year. Another found 85 per cent of garment workers in Indonesia were concerned about sexual harassment at work.
In the face of such a persistent global issue, women working in garment supply chains have pioneered a highly effective solution for tackling gender-based violence and harassment.
Worker-led binding agreements
Supported by labour unions and organizations like the Asia Floor Wage Alliance, Worker Rights Consortium and Global Labor justice, women workers have led the development of legally binding agreements with brands and suppliers to eliminate gender-based violence and harassment.
The latest of these is called the Central Java Agreement for Gender Justice. Signed in July 2024, it covers 6,250 workers producing clothing for brands like Nike and Fanatics, Inc. under licenses with universities affiliated with the Worker Rights Consortium.
This agreement creates a union-led program to address the problem at two Indonesian factories; if factory management does not comply, it risks losing business with Nike and Fanatics.
Building on success from India to Indonesia
The 2024 Central Java Agreement builds on and incorporates key features of previous worker-led agreements to address the issue.
The Dindigul agreement was led by an independent, majority-Dalit trade union run by women. It established a set of legally binding agreements with major garment companies including H&M Group, Gap Inc., PVH and Eastman Exports Global Clothing Ltd.
The Lesotho agreements involved brands such as Levi Strauss & Co., Nien Hsing Textile Co., unions, women’s rights advocates and labour organizations.
While each agreement is unique, they all adhere to the principles of worker-driven social responsibility.
Under this governance model, “worker organizations and unions, suppliers, and brand companies enter into enforceable and legally binding agreements” and “transnational corporations use their leverage and supply chain relationships to effect change amongst supplier worksites.”
A new model of accountability
These agreements include worker-led detection and remediation systems to address gender-based violence and harassment. For example, under the Lesotho agreement, workers can access a 24-hour hotline operated by a local women’s organization to lodge complaints or bring them directly to the unions involved in the agreement.
The Dindigul agreement also provides multiple channels for workers to raise complaints of gender-based violence and harassment, including shop floor monitors selected by the local union (one for every 25 workers). It also offers multiple avenues for raising complaints, including to the union or to sexual harassment committees required under Indian law.
Under the Central Java Agreement, workers can bring complaints to committees aimed at eliminating the problem, to shop floor monitors or their unions. Not only do each of the agreements permit workers to request independent investigations, they all provide a wide array of remedies in the case of any incidents and violations of freedom of association.
What sets these agreements apart from most other initiatives to combat gender-based violence and harassment in supply chains is that they actually work. One study of the two-year impact of the Dindigul Agreement by Cornell University’s Global Labor Institute found that 76 per cent of grievances were resolved in two weeks.
The report said the program “constituted a powerful monitoring mechanism, ensuring effective remediation and deterring violations” of both gender-based violence and harassment and freedom of association — briefly put, the right to voluntarily join or leave groups (like unions), and for those groups to pursue collective action.
Now, a key question is whether and to what extent these successful programs will continue to thrive and grow under the current “America First” agenda of the U.S. government.
Progress under threat
Despite their success, these worker-led initiatives face mounting challenges.
At the same time, company rollbacks of diversity, equity and inclusion programs are constraining, if not eliminating, the political space in which labour groups negotiate such agreements.
Tariffs and upheaval in global trade — especially efforts to redraw supply chains to evade costly tariffs — gives brands cover to withdraw commitments to worker-led initiatives and change sourcing patterns to circumvent them.
Within the United States, cuts and funding freezes — including to sexual assault prevention groups — are a worrying sign that support for preventing gender-based violence and harassment and helping its survivors are being undercut and failing.
If labour stakeholders lose the resources to support such initiatives, the impacts on women and workplaces within supply chains across the world will be devastating. These programs show that when workers lead, real change is possible, but they need continued investment and political support to survive.
Genevieve LeBaron receives funding from the Social Sciences and Humanities Research Council of Canada, Humanity United Foundation, and Ford Foundation.
Judy Fudge does not work for, consult, own shares in or receive funding from any company or organisation that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.
Home ownership is often seen as a symbol of success and is linked to various life opportunities, like starting a family or growing your wealth. It’s also often seen as the ultimate housing goal, while renting is seen as transitional. Eventually, everyone is expected to climb up the housing ladder from renting to owning.
However, deteriorating affordability in recent years has placed home ownership out of reach for many and called into question the ideal of home ownership.
In a recent study, colleagues and I examined access to home ownership for different groups using census data from 1986 to 2021 in five metropolitan areas: Montréal, Toronto, Calgary, Edmonton and Vancouver.
Our findings suggest that, for many, owning a home has become a distant dream.
Stagnant homeownership growth
Based on statistical models that accounted for individual and household characteristics, we found that the probability of an average Canadian household owning a home (with or without a mortgage) improved steadily from 1991 to 2011, then dropped in 2016 and 2021, while the likelihood of owning with a mortgage substantially increased. This means growth in home ownership was primarily driven by mortgage debt.
The federal government stopped funding social housing programs, commercialized the Canada Mortgage and Housing Corporation (CMHC) and expanded its mortgage securitization programs.
In other words, mortgage liberation successfully promoted home ownership for some time until 2011.
All five metropolitan areas saw a decline in the number of renter households until 2011 (2016 for Montréal), when the number began increasing. In addition, outright ownership has become less prevalent over time.
These findings defy the expected sustained growth of home ownership that commodification and financialization were supposed to bring.
The percentage of homes owned outright, with a mortgage or being rented in different Canadian cities. (Author provided)
Filtering mechanism and access to credit
Another tenet of the home ownership narrative is that a free market provides equal opportunities for owning a home through two processes: the filtering process and mortgage liberalization.
The filtering model suggests that homes built for higher-income families slowly deteriorate and depreciate, and can become affordable for lower-income people. This process, coupled with the increased access to mortgages, is expected to eventually grant home ownership opportunities to all.
However, this mechanism is less likely to work for home ownership than for rentals. Owner-occupied homes often take a long time, sometimes decades, to depreciate. By the time they become available and affordable, the unit may require major and costly renovations.
In practice, many owner-occupied units often “filter up” rather than downward, through gentrification or acquisition by financial investors.
The increased access to mortgages does not benefit everyone either. Many low-income people or those without stable jobs do not qualify for mortgages, and racialized people are more likely to be denied access to credit due to discrimination.
Growing inequalities
Substantiating these counter-arguments are growing inter-generational and income inequalities in home ownership. All age cohorts saw improved access to home ownership up until 2021. However, the three age groups under 45 — 15-24, 25-34 and 35-44 — saw steady declines in home ownership rates.
These were mostly millennials and Gen Zers who face disproportionate affordability pressure compared to older generations.
Homeowners over 55 are also reckoning with affordability. We found the share of older homeowners holding a mortgage rose between 1986 and 2021 from 24 to 40 per cent for those 55 to 64, and from 10 to 26 per cent for the 65-74 age group.
In other words, more people are having to rely on larger loans and longer amortization periods to buy and maintain their homes, making it harder to pay back their mortgage before retirement.
The disparities in home ownership opportunities among different incomes have also increased. While the top 20th percentile income group witnessed increased probability of owning a home between 2011 and 2016, other income groups experienced stagnant or decreased chances.
Among owner households, Canadians across all incomes saw increased mortgaged ownership from 1996 to 2016. The lowest income group saw the fastest growth in mortgaged home ownership but were still the least likely to own with a mortgage due to low income or discrimination. Rising house prices coupled with loosening mortgage lending regulations may have pushed them into mortgaged ownership.
Higher social status?
A final compelling narrative is that home ownership affords better well-being and financial security due to higher perceived social status and a stronger sense of autonomy and stability.
The financial security associated with home ownership is supported by the idea of “housing asset-based welfare.” This model conceptualizes home ownership as a means for young people to build assets for financial security in times of need and old age.
However, this approach encourages early-life debt, and may only work if mortgage loans remain affordable until they are paid off. Paradoxically, this asset-building mindset drives speculative investment and house prices, making outright home ownership more difficult and mortgaged ownership less affordable.
The well-being associated with home ownership is debatable as well. My colleagues and I have shown elsewhere that perceived benefits to a person’s well-being are not intrinsic to home ownership. Rather, they are created and normalized by a system that makes home ownership more secure and appealing than alternatives like renting.
In reality, the financial security associated with home ownership has been undermined by rising housing costs, especially for low- and moderate-income homeowners with mortgages.
Mortgaged homeowners with below-median incomes have seen their housing costs increase 25 per cent faster than their income over the study period, compared to five per cent for higher income families at the top 60th percentile.
To say the least, the broken promises of home ownership point to the failures of our current housing system that creates a hierarchy of tenures and two tiers of social class — homeowners and renters.
Policies aimed at creating a fairer housing market are essential. These include improving home ownership affordability by providing more diverse types of housing for ownership and discouraging speculative investment.
Such policies should also include enhancing housing security and asset-building opportunities for renters, and supporting the role of non-profits and social enterprises in meeting the needs of a broad range of income groups.
This research project was funded by the Social Sciences and Humanities Council of Canada (SSHRC) through its Insight Development Grant and Partnership Grant. The project was part of the Community Housing Canada project, co-funded by Canada Mortgage and Housing Corporation (CMHC) and SSHRC.
Noon Briefing by Stéphane Dujarric, Spokesperson for the Secretary-General.
Highlights:
-Occupied Palestinian Territory
-Haiti
-Secretary-General/ECOSOC
-Syria
-Sudan
-Myanmar
-Libya
-International Days
-4th International Conference on Financing for Development
OCCUPIED PALESTINIAN TERRITORY
The Office for the Coordination of Humanitarian Affairs (OCHA) says that yesterday and today, the Israeli authorities granted us access to Kerem Shalom so that our teams could reach additional humanitarian supplies that crossed into the Strip on Monday and Tuesday, crossed from Israel into Kerem Shalom loading areas. Other critical items such as hygiene products or fuel have not been allowed by the Israeli authorities into Kerem Shalom.
So far, and this is as a few minutes ago, but the situation is obviously fluid, none of the supplies have been able to leave the Kerem Shalom loading area. This is because, by yesterday evening, Israeli authorities had only allowed our teams to go through one area that was highly congested, that we felt was insecure and where we felt looting was highly likely to take place, given the prolonged deprivation in Gaza since the blockade by the Israeli authorities for over 11 weeks. The UN hopes that will change very soon. The discussions are ongoing as we speak between our colleagues and the Israeli security authorities.
The UN is continuing to are engage with them to identify the best possible routes out of Kerem Shalom towards Gaza to ensure that the flow of aid is not disrupted or suspended. Partners are in touch with community leaders in Gaza to mitigate the risk of looting and ensure that the supplies entering Gaza reach the people who need them.
However, it is important to underscore that the limited supplies finally being allowed to enter Kerem Shalom are nowhere near enough to meet the needs in Gaza, which are vast, which are tremendous. Much, much more aid needs to get in.
Meanwhile, bombardment and shelling are continuing across the Gaza Strip. Today, the Gaza Ministry of Health reported dozens of people killed in the last 24 hours, and yesterday, it made an urgent call for blood donations for the sick and for those injured.
OCHA is telling us that 80 per cent of the Gaza Strip is now either subject to displacement orders or located in Israeli-militarized zones. These zones require humanitarians to coordinate their movements with the Israeli security authorities.
UN partners says that over the past few days, almost half of the newly displaced people have fled with none of their belongings. The ongoing displacement of Gaza’s population is putting immense pressure on humanitarian teams, especially when there is no food or any basic items being allowed in.
In Gaza City, our partners report an extreme lack of shelter space: Displacement sites and residential buildings are all very much overcrowded. People are settling in abandoned, unfinished, or destroyed or damaged structures. Some are sleeping out in the open.
And as we have been saying over, and over and over again, civilians need be protected, including those fleeing or forced to leave through displacement orders or those who remain despite the displacement orders.
Meanwhile, continued attacks on healthcare facilities are ongoing. Earlier today, Al Awda Hospital, which is the only partially functional hospital in North Gaza governorate, and still treating a dozen patients, was hit. Yesterday, Kamal Adwan Hospital ceased operations.
As of yesterday, UN partners report that about 304,000 daily meals were prepared and delivered through about 70 kitchens. Five kitchens resumed operations, including two in Khan Younis and three that relocated to Gaza City following recent displacement orders from North Gaza. However, five others in Gaza City and Khan Younis were forced to shut down after their supplies were depleted.
UN partners providing water, sanitation and hygiene services say that the water situation is worsening by the day. For example, the largest desalination plant in the north of Gaza is in an area slated for displacement. This has disrupted access to drinking water for about 150,000 people.
In southern Gaza, in Al Mawasi, the water situation is also dire, as the area is not connected to the water network and relies heavily on water trucking. This requires both vehicles and fuel to serve the needy population.
Full Highlights: https://www.un.org/sg/en/content/noon-briefing-highlight?date%5Bvalue%5D%5Bdate%5D=21%20May%202025
Noon Briefing by Stéphane Dujarric, Spokesperson for the Secretary-General.
Highlights:
-Occupied Palestinian Territory
-Haiti
-Secretary-General/ECOSOC
-Syria
-Sudan
-Myanmar
-Libya
-International Days
-4th International Conference on Financing for Development
OCCUPIED PALESTINIAN TERRITORY
The Office for the Coordination of Humanitarian Affairs (OCHA) says that yesterday and today, the Israeli authorities granted us access to Kerem Shalom so that our teams could reach additional humanitarian supplies that crossed into the Strip on Monday and Tuesday, crossed from Israel into Kerem Shalom loading areas. Other critical items such as hygiene products or fuel have not been allowed by the Israeli authorities into Kerem Shalom.
So far, and this is as a few minutes ago, but the situation is obviously fluid, none of the supplies have been able to leave the Kerem Shalom loading area. This is because, by yesterday evening, Israeli authorities had only allowed our teams to go through one area that was highly congested, that we felt was insecure and where we felt looting was highly likely to take place, given the prolonged deprivation in Gaza since the blockade by the Israeli authorities for over 11 weeks. The UN hopes that will change very soon. The discussions are ongoing as we speak between our colleagues and the Israeli security authorities.
The UN is continuing to are engage with them to identify the best possible routes out of Kerem Shalom towards Gaza to ensure that the flow of aid is not disrupted or suspended. Partners are in touch with community leaders in Gaza to mitigate the risk of looting and ensure that the supplies entering Gaza reach the people who need them.
However, it is important to underscore that the limited supplies finally being allowed to enter Kerem Shalom are nowhere near enough to meet the needs in Gaza, which are vast, which are tremendous. Much, much more aid needs to get in.
Meanwhile, bombardment and shelling are continuing across the Gaza Strip. Today, the Gaza Ministry of Health reported dozens of people killed in the last 24 hours, and yesterday, it made an urgent call for blood donations for the sick and for those injured.
OCHA is telling us that 80 per cent of the Gaza Strip is now either subject to displacement orders or located in Israeli-militarized zones. These zones require humanitarians to coordinate their movements with the Israeli security authorities.
UN partners says that over the past few days, almost half of the newly displaced people have fled with none of their belongings. The ongoing displacement of Gaza’s population is putting immense pressure on humanitarian teams, especially when there is no food or any basic items being allowed in.
In Gaza City, our partners report an extreme lack of shelter space: Displacement sites and residential buildings are all very much overcrowded. People are settling in abandoned, unfinished, or destroyed or damaged structures. Some are sleeping out in the open.
And as we have been saying over, and over and over again, civilians need be protected, including those fleeing or forced to leave through displacement orders or those who remain despite the displacement orders.
Meanwhile, continued attacks on healthcare facilities are ongoing. Earlier today, Al Awda Hospital, which is the only partially functional hospital in North Gaza governorate, and still treating a dozen patients, was hit. Yesterday, Kamal Adwan Hospital ceased operations.
As of yesterday, UN partners report that about 304,000 daily meals were prepared and delivered through about 70 kitchens. Five kitchens resumed operations, including two in Khan Younis and three that relocated to Gaza City following recent displacement orders from North Gaza. However, five others in Gaza City and Khan Younis were forced to shut down after their supplies were depleted.
UN partners providing water, sanitation and hygiene services say that the water situation is worsening by the day. For example, the largest desalination plant in the north of Gaza is in an area slated for displacement. This has disrupted access to drinking water for about 150,000 people.
In southern Gaza, in Al Mawasi, the water situation is also dire, as the area is not connected to the water network and relies heavily on water trucking. This requires both vehicles and fuel to serve the needy population.
Full Highlights: https://www.un.org/sg/en/content/noon-briefing-highlight?date%5Bvalue%5D%5Bdate%5D=21%20May%202025
Source: United States of America – Federal Government Departments (video statements)
How big is space? It’s one of the most mind-bending questions we can ask because the deeper we look, the more the universe keeps going. We’ve measured billions of light-years in every direction and still haven’t reached the edge.
A NASA scientists explains what we know — and don’t know — about the size of the cosmos.
Explore more about the universe: https://science.nasa.gov/exoplanets/what-is-the-universe/
Download this video at: https://images.nasa.gov/details/How%20Big%20is%20Space
Producers: Scott Bednar, Pedro Cota, Jessie Wilde
Editor: Daniel Salazar
Title: Sassy McBrass – Instrumental
Composer: Per-Anders Nilsson
Universal Production Music
The EU has supported the justice sector, transparency mechanisms, the fight against corruption, electoral reforms, strengthening the national human rights protection system (e.g. ProDerechos[1]) and deployed consecutive election observation missions (EOMs). EU humanitarian assistance, focusing on people displaced, disaster preparedness and food insecurity, is channelled through international non-governmental organisations and United Nations agencies implementing projects.
The EU remains ready to support a positive national reform agenda prioritising inclusive and sustainable development. Strengthening governance, rule of law, fighting corruption and protecting human rights are paramount.
The Multi-annual Indicative Programme 2021-2027[2] (EUR 163 million) focuses on three priorities (sustainable management of natural resources and climate change; employment, decent work and sustainable growth; rule of law, democratic governance) and allows to maintain applicable oversight mechanisms to ensure funds are directed towards above-mentioned objectives.
Following the primary elections in March 2025, the EU clearly expressed support for the National Electoral Council, a key institution for the organisation of the general elections on 30 November 2025, and called on all state institutions to support its work as stipulated by the Honduran Constitution[3].
In response to the invitation by Honduras to observe the upcoming elections, the EU will deploy an election exploratory mission six to four months before the elections. This mission will evaluate whether deployment of an EU EOM is advisable, useful and feasible. On that basis, the High Representative/Vice-President will decide on the deployment of an EOM.
