EconomyEntrepreneurs / Start-UpTech / DigitalInnovation – Ministers and senior tech stakeholders from the European Union, Germany and the UAE inaugurate the momentous first edition of GITEX EUROPE x Ai Everything.
Berlin, Germany – 21 May 2025: Berlin became the focal point of Europe’s tech momentum and global digital cooperation as GITEX EUROPE x Ai Everything 2025 opened its doors today at Messe Berlin, launching the region’s largest inaugural tech, startup and digital investment event to capacity crowds and the biggest, most international lineup of tech and businesses converging in Europe. The show arrives at an inflection point in Europe’s digital future, sparked by a continent-wide ‘Choose Europe’ movement to anchor the next wave of innovation, research, investment, talent and deep-tech breakthroughs on home ground; alongside a renewed impetus in Germany represented by the formation of a new government and the country’s first digital ministry taking stewardship on digital transformation, AI excellence and data policy.
Born in the UAE with global editions now running in seven countries, GITEX is the world’s largest and best-rated tech and startup event, reflecting the UAE’s wider national commitment to global digital collaboration. With the show’s expansion into Europe, it echoes the UAE’s shared commitment to advance innovation and scientific frontiers, recently strengthened with Abu Dhabi’s MGX investment and Nvidia partnering to develop Europe’s largest AI data center campus (1) alongside the development of a new 5GW AI campus (2), the largest of its kind outside the US to be based in Abu Dhabi.
Welcome addresses led the inauguration ceremony from European and global leaders, including Kai Wegner, Governing Mayor of Berlin; H.E. Alia Al Mazrouei, UAE Minister of State for Entrepreneurship; Clara Chappaz, the Minister of AI and Digital of France; Thomas Jarzombek, Parliamentary State Secretary at the Federal Minister for Digital and State Modernization, Germany; Jan Kavalírek, Deputy Minister of Industry and Trade, Czech Republic; Franziska Giffey, Mayor of Berlin & Senator for Economic Affairs, Energy and Public Enterprises; and Trixie LohMirmand, EVP of Dubai World Trade Centre, the global organiser of GITEX.
With participation from over 100 countries, 1,400 tech companies, startups, and SMEs, more than 600 influential investors, and 500 industry leaders on-stage, the event sparked strategic dialogues on innovation, investment, policy shifts and business transformations, as well as catalysed collaborations at scale – across sectors and geographies. Taking place until 23 May at Messe Berlin, GITEX EUROPE x Ai Everything 2025 is organised in partnership with the Berlin Senate Department for Economics, Energy and Public Enterprises, Germany’s Federal Ministry for Economic Affairs and Climate Action, Berlin Partner for Business and Technology, and the European Innovation Council (EIC).
Kai Wegner, Governing Mayor of Berlin: “The GITEX tech fair – which is taking place in Berlin for the very first time – brings founders from around the world, investors, and established companies together. As Germany’s startup capital, Berlin is the perfect place for GITEX. We want to create the best environment for founders in our city. Networking events and industry fairs like GITEX are part of that effort.”
Her Excellency (H.E.) Alia Al Mazrouei, the UAE Minister of State for Entrepreneurship: “Moving beyond economic diplomacy, the UAE is now championing entrepreneurial diplomacy, guided by our diligent efforts in fostering global partnerships to empower entrepreneurs in the country. GITEX EUROPE’s vision of bringing together SMEs, investors, accelerators, incubators and industry leaders to ignite innovation, foster collaboration, and drive growth aligns with the UAE’s aspirations to strengthen partnerships with Europe in entrepreneurship and digital economy.”
Clara Chappaz, the Minister of AI and Digital of France, commented on the development of AI: “When you were hear about Europe being a continent of regulation, this is the past. Today, Europe is all about innovation. More than ever, we have all the ingredients to succeed as Europeans building these amazing technologies when it comes to AI. The partnerships between France and Germany is extremely determined to accelerate Europe when it comes to innovation, and in particular when it comes to everything we can do on digital innovation.”
Thomas Jarzombek, Parliamentary State Secretary at the Federal Minister for Digital and State Modernization reiterated: “It’s a great opportunity here to connect startups and also for investment opportunities right now here in Berlin. We have to move forward, faster than we did in the past. Easy for you to do business in Germany, easy for every citizen to do everything with an app and to digitalize things you have in our pocket right now.”
Jan Kavalírek, Deputy Minister of Industry and Trade, Czech Republic: “One of our top priorities right now, is to create the best possible environment for AI researchers and to deploy artificial intelligence across all the industrial sector. This is the reason why we invest in AI heavily, both in software and in hardware infrastructure, and this is also the reason why we are glad to part of GITEX EUROPE.”
Franziska Giffey, Mayor of Berlin and Senator for Economic Affairs, Energy and Public Enterprises: “We have more than 5,000 startup enterprises here in Berlin, and of course we want to do more. We want to be the number one innovation place in Europe. Whenever you think about coming to the place of freedom, the place of possibilities, come to Berlin.”
Trixie LohMirmand, global organiser of GITEX: “As the world’s third largest economy, Germany’s market gravity and Europe’s openness create a powerful test-bed where capital, code and talent can cross-pollinate at speed, forging new collaborative forces across geographies and sectors. GITEX EUROPE proves that innovations can scale beyond borders, opening new markets and opportunities for Europe’s most ambitious companies.”
Spanning high impact showcases and talks covering AI, cybersecurity, deep tech, green tech, quantum computing, SMEs, and startup, scaleup and investments, GITEX EUROPE x Ai Everything offers unmatched opportunities to access new markets, breakthrough technologies, industry transformations and business insights.
Across the show floor, global tech enterprises including IBM, AWS, Bosch, Cisco, CrowdStrike, Dell, Fortinet, Lenovo, ManageEngine, NinjaOne, NVIDIA, and SAP, alongside over 750 startups from 60 countries, showcase how infrastructure, intelligence, and investment intersect to propel Europe’s digital future forward. From business leaders to AI architects, quantum researchers to CIOs, green tech innovators to global investors, the opening day’s gathering set the tone for decisive partnerships accelerating the continent’s AI and digital competitiveness.
The opening day conference programme was headlined by Dr. Geoffrey Hinton, Nobel Physics Laureate and ‘Godfather of AI’ with a riveting keynote on ‘AI for Humanity’s Greatest Challenges’. In April 2025, the United Arab Emirates and European Union delivered a joint statement to begin dialogue toward a Comprehensive Economic Partnership Agreement (CEPA) (3) aimed at strengthening bilateral trade and investment ties across key sectors such as AI, advanced manufacturing, healthcare and more.
GITEX EUROPE x Ai Everything leverages a powerful network of established relationships in tech, policy, investment and business spanning four regions and seven countries, with more new international editions in the wings. Currently the GITEX global network of events takes place in Abu Dhabi, Dubai, Germany, Morocco, Nigeria, Singapore, Thailand, and Vietnam.
GITEX EUROPE x Ai Everything 2025, Europe’s most global, collaborative, and cross-industry tech event, taking place from May 21–23, 2025, at Messe Berlin, Germany. Convening over 1,400 exhibiting enterprises, SMEs and startups from 100-plus countries, alongside over 600 investors, and 500 expert speakers across AI, Deep Tech, Quantum, Cybersecurity, Connectivity, Smart Cities, Green Tech, and many more, GITEX EUROPE x Ai Everything is advancing the continent’s digital future in partnership with the world. This inaugural edition features the new SMEDEX, GITEX SCALEX, and GQX, and brings to Germany the world’s largest and best-rated startup and investor event – North Star Europe. GITEX EUROPE x Ai Everything is seamlessly connected with the GITEX network of tech and startup events in Germany, Morocco, Nigeria, Singapore, Thailand, UAE, and Vietnam. For more information, please visit: www.gitex-europe.com
Northland Police are responding to another crash on State Highway 1, south of Whangārei.
The crash has occurred at about 9.15am on northbound lanes near Mata.
It involves a vehicle carrying a horse float, but there are no reports of serious injuries.
One lane is blocked, and traffic is being diverted around the blockage.
Northbound traffic is still being impacted by an earlier crash on State Highway 1 near Oakleigh.
Southbound traffic is flowing, but Police are advising all motorists to take care on the roads and allow additional time to reach your destination this morning.
On May 20, 2025, the Food and Drug Administration announced a new stance on who should receive the COVID-19 vaccine.
The agency said it would approve new versions of the vaccine only for adults 65 years of age and older as well as for people with one or more risk factors for severe COVID-19 outcomes. These risk factors include medical conditions such as asthma, cancer, chronic kidney disease, heart disease and diabetes.
However, healthy younger adults and children who fall outside of these groups may not be eligible to receive the COVID-19 shot this fall. Vaccine manufacturers will have to conduct clinical trials to demonstrate that the vaccine benefits low-risk groups.
The Conversation U.S. asked Libby Richards, a nursing professor involved in public health promotion, to explain why the changes were made and what they mean for the general public.
According to Makary and Prasad, the Food and Drug Administration is moving away from these universal recommendations and instead taking a risk-based approach based on its interpretation of public health trends – specifically, the declining COVID-19 booster uptake, a lack of strong evidence that repeated boosters improve health outcomes for healthy people and the fact that natural immunity from past COVID-19 infections is widespread.
The FDA states it wants to ensure the vaccine is backed by solid clinical trial data, especially for low-risk groups.
Was this a controversial decision or a clear consensus?
The FDA’s decision to adopt a risk-based framework for the COVID-19 vaccine aligns with the expected recommendations from the Advisory Committee on Immunization Practices, an advisory group of vaccine experts offering expert guidance to the Centers for Disease Control and Prevention on vaccine policy, which is scheduled to meet in June 2025. But while this advisory committee was also expected to recommend allowing low-risk people to get annual COVID-19 vaccines if they want to, the FDA’s policy will likely make that difficult.
Although the FDA states that its new policy aims to promote greater transparency and evidenced-based decision-making, the change is controversial – in part because it circumvents the usual process for evaluating vaccine recommendations. The FDA is enacting this policy change by limiting its approval of the vaccine to high-risk groups, and it is doing so without any new data supporting its decision. Usually, however, the FDA broadly approves a vaccine based on whether it is safe and effective, and decisions on who should be eligible to receive it are left to the CDC, which receives research-based guidance from the Advisory Committee on Immunization Practices.
Another question is how health officials’ positions on COVID-19 vaccines affect public perception. Makary and Prasad noted that COVID-19 vaccination campaigns may have actually eroded public trust in vaccination. But some vaccine experts have expressed concerns that limiting COVID-19 vaccine access might further fuel vaccine hesitancy because any barrier to vaccine access can reduce uptake and hinder efforts to achieve widespread immunity.
What conditions count as risk factors?
The New England Journal of Medicine article includes a lengthy list of conditions that increase the risk of severe COVID-19 and notes that about 100 million to 200 million people will fall into this category and will thus be eligible to get the vaccine.
Pregnancy is included. Some items on the list, however, are unclear. For example, the list includes asthma, but the data that asthma is a risk factor for severe COVID-19 is scant.
Also on the list is physical inactivity, which likely applies to a vast swath of Americans and is difficult to define. Studies have found links between regular physical activity and reduced risk of severe COVID-19 infection, but it’s unclear how health care providers will define and measure physical inactivity when assessing a patient’s eligibility for COVID-19 vaccines.
The FDA is moving to risk-based access for COVID-19 vaccines.
The FDA is requiring vaccine manufactures to conduct additional large randomized clinical trials to further evaluate the safety and effectiveness of COVID-19 boosters for healthy adults and children. These trials will primarily test whether the vaccines prevent symptomatic infections, and secondarily whether they prevent hospitalization and death. Such trials are more complex, costly and time-consuming than the more common approach of testing for immunological response.
This requirement will likely delay both the timeliness and the availability of COVID-19 vaccine boosters and slow public health decision-making.
Will low-risk people be able to get a COVID-19 shot?
Not automatically. Under the new FDA framework, healthy adults who wish to receive the fall COVID-19 vaccine will face obstacles. Health care providers can administer vaccines “off-label”, but insurance coverage is widely based on FDA recommendations. The new, narrower FDA approval will likely reduce both access to COVID-19 vaccines for the general public and insurance coverage for COVID-19 vaccines.
The FDA’s focus on individual risks and benefits may overlook broader public health benefits. Communities with higher vaccination rates have fewer opportunities to spread the virus.
What about vaccines for children?
High-risk children age 6 months and older who have conditions that increase the risk of severe COVID-19 are still eligible for the vaccine under the new framework. As of now, healthy children age 6 months and older without underlying medical conditions will not have routine access to COVID-19 vaccines until further clinical trial data is available.
Existing vaccines already on the market will remain available, but it is unclear how long they will stay authorized and how the change will affect childhood vaccination overall.
Libby Richards has received funding from the National Institutes of Health, the American Nurses Foundation, and the Indiana Clinical and Translational Sciences Institute
Source: United States Senator for New Mexico Martin Heinrich
WASHINGTON — U.S. Senator Martin Heinrich (D-N.M.) joined U.S. Senator Peter Welch (D-Vt.) to introduce a resolution calling on the Trump Administration to use all diplomatic tools at its disposal to bring an end to the blockade of food and life-saving humanitarian aid to address the needs of civilians in Gaza. In their resolution, the senators express grave concern about the ongoing humanitarian crisis in Gaza, including the imminent starvation of tens of thousands of children.
On March 2, 2025, the Israeli Government began blocking all food and emergency aid —including food, medicine, infant formula, fuel, and other lifesaving humanitarian supplies — from reaching Palestinian civilians in Gaza. In the same month, all 25 World Food Program (WFP)-supported bakeries in Gaza closed, wheat flour and cooking fuel ran out, and food parcels distributed to families — with two weeks of food rations — were depleted. According to the United Nations, about 10,000 children have been identified as suffering from acute malnutrition since January 2025.
“We must deliver critically needed food and medicine to innocent civilians in Gaza facing extreme hunger, death, disease and widespread destruction. While Israel has the right to defend itself, it must follow U.S. and international humanitarian law. Unfortunately, Israel has been and continues to act in direct violation of the requirements mandated under the Foreign Assistance Act and the Arms Export Control Act,” said Heinrich.
“As we continue to pursue pathways to achieve a two-state solution, which remains crucial both for Palestinians’ sovereignty and self-determination and for Israel’s security in the region, we must work toward a long-term, post-war plan that can achieve lasting peace in the region,” Heinrich continued.
The resolution is led by U.S. Senator Peter Welch (D-Vt.). Alongside Heinrich, the resolution is co-sponsored by U.S. Senators Dick Durbin (D-Ill.), Bernie Sanders (I-Vt.), Michael Bennet (D-Colo.), Cory Booker (D-N.J.), Tammy Duckworth (D-Ill.), Ruben Gallego (D-Ariz.), John Hickenlooper (D-Colo.), Mazie Hirono (D-Hawaii), Tim Kaine (D-Va.), Angus King (I-Maine), Andy Kim (D-N.J.), Amy Klobuchar (D-Minn.), Ed Markey (D-Mass.), Jeff Merkley (D-Ore.), Chris Murphy (D-Conn.), Patty Murray (D-Wash.), Jon Ossoff (D-Ga.), Jack Reed (D-R.I.), Jeanne Shaheen (D-N.H.), Elissa Slotkin (D-Mich.), Brian Schatz (D-Hawaii), Tina Smith (D-Minn.), Chris Van Hollen (D-Md.), Mark Warner (D-Va.), Reverend Raphael Warnock (D-Ga.), Elizabeth Warren (D-Mass.), Sheldon Whitehouse (D-R.I.), and Ron Wyden (D-Ore.).
The senators’ resolution is supported by Anera, the Friends Committee on National Legislation, J Street, and Oxfam America.
The full text of the resolution is here.
Source: United States Senator for South Carolina Lindsey Graham
WASHINGTON – U.S. Senator Lindsey Graham (R-South Carolina) today spoke on the Senate floor about peace through strength and moral clarity during dangerous times.
On moral clarity during dangerous times:
GRAHAM: “Russia is the aggressor. Russia must end this bloodbath. That is my view of [the Russia-Ukraine war]. Let’s look in history and see what happens when you have moral clarity and see what happens when you lose it.” https://youtu.be/7QdErvIuatE?si=V0-X6tkjJE_8De10&t=566
GRAHAM: “Hitler told [the world] what he was going to do, he wrote a book. But [former UK Prime Minister] Chamberlain obviously didn’t read the book and he didn’t have the moral clarity to confront the Nazi regime, and a lot of people died. September 30, 1938 [Chamberlain said] ‘I believe it is peace for our time.’ … Less than a year later, the world was on fire.” https://youtu.be/7QdErvIuatE?si=9GJNnus0en6x_S6R&t=643
GRAHAM: “‘When all are free, then we can look forward to that day when this city will be joined as one and this country and this great continent of Europe in a peaceful and hopeful globe.’ [President John F. Kennedy] was talking about Berlin. Moral clarity to the Soviet Union. He stood up for freedom and stood against the Soviet empire.” https://youtu.be/7QdErvIuatE?si=V0-X6tkjJE_8De10&t=718
GRAHAM: “Ronald Reagan: ‘Mr. Gorbachev, tear down this wall!’ How clear could you be? On the other side of this wall is an evil empire. That moral clarity, over time, brought the Soviet Union down to its knees.” https://youtu.be/7QdErvIuatE?si=V0-X6tkjJE_8De10&t=749
On President Trump’s leadership:
GRAHAM: “When [President Trump] got in office, one of his top priorities was to fix a broken border. Look what’s happened…He’s turned it all off because he was firm and resolved with Mexico and others. His border policies have worked.” https://youtu.be/7QdErvIuatE?si=BaLGLKsqVGj9HRCd&t=363
GRAHAM: “What has [President Trump] said about Iran? ‘You know it’s not a complicated formula. Iran cannot have a nuclear weapon. That’s all there is.’ That’s moral clarity. You can understand that no matter where you’re at on the planet.” https://youtu.be/7QdErvIuatE?si=sOxbu_x3XKBdCBOm&t=436
GRAHAM: “I appreciate President Trump’s earnest effort to bring the parties together to find a solution we can all live with, to keep an independent sovereign Ukraine, and end this war sooner rather than later. It is clear to me that after all these months, the earnest efforts by President Trump are not being equally met. I think Zelensky is ready to make concessions to end this war. Putin seems to be [doing] more talking and less acting.” https://youtu.be/7QdErvIuatE?si=uQ3IQiEdRV2rPWwG&t=948
On the Graham-Blumenthal Russia sanctions bill reaching over 80 cosponsors:
GRAHAM: “It is now time to increase the cost of this war to Putin. The sanctions package we have put together has [over] 80 cosponsors. Do you know how hard it is to get 80 Senators to agree on anything? Eighty of us – and the number is climbing – are ready to impose sanctions on Russia if Putin does not come to the table and earnestly seek peace.” https://youtu.be/7QdErvIuatE?si=kWOZu-UhJqd0ru3M&t=1009
GRAHAM: “These sanctions are geared toward China. There are tariffs in these sanctions on any nation that buys Russian oil and gas from the shadow fleet. Putin’s war machine is propped up by China and India buying Russian oil at a massive discount…” https://youtu.be/7QdErvIuatE?si=QJy_NDKD5DdPFoUY&t=1036
Click here to watch Graham’s entire speech
Source: United States Senator for Nevada Cortez Masto
Washington, D.C. – U.S. Senator Catherine Cortez Masto (D-Nev.) joined Senator Mazie Hirono (D-Hawaii) and Representative Judy Chu (D-Calif.-28) in introducing the Stop Mental Health Stigma in Our Communities Act to increase awareness and access to mental health care throughout the AANHPI community.
“Accessing mental health care continues to be a challenge for Nevadans from all backgrounds,” said Senator Cortez Masto. “I’m focused on improving access critical health care for AAPI Nevadans. Together, we can reduce the stigma around mental illness and keep our kids and families safe.”
According to data collected by the Substance Abuse and Mental Health Services Administration (SAMHSA), members of the AANHPI community have the lowest rates of mental health service utilization of any racial/ethnic group, with only 35 percent of Asian adults with a mental health problem receiving treatment in 2023. In 2023, an estimated 65 percent of the AANHPI community, who met criteria for a mental health problem, did not receive necessary treatment. And, even though suicide is the eleventh leading cause of death in the United States, it is the leading cause of death for AANHPI youth ages 10 to 24, and they are the only racial or ethnic group in this age category whose leading cause of death is suicide.
Specifically, the Stop Mental Health Stigma in Our Communities Act would instruct SAMHSA to:
Establish a national outreach and education mental health and substance misuse strategy for the AANHPI community by partnering with advocacy and behavioral health organizations that have an established record of serving AANHPI communities; and
Conduct research and collect disaggregated data on the state of behavioral health among AANHPI youth and on the shortage of AANHPIs in the behavioral health workforce.
Senator Cortez Masto has been a leader in the Senate on mental health issues. She helped fund and implement the 988 Suicide & Crisis lifeline, and passed bipartisan legislation to expand behavioral health crisis support services. She successfully fought to include $1 billion to support mental health services in schools in the Bipartisan Safer Communities Act.
OAKLAND – California Attorney General Rob Bonta today joined a bipartisan coalition of 39 attorneys general in urging Congress to take immediate action to address the looming budget shortfall for the World Trade Center Health Program (WTCHP). Established by Congress in 2010, WTCHP provides free medical care and monitoring for first responders, survivors, and families impacted by the September 11, 2001 terrorist attacks. Without further congressional intervention, WTCHP is projected to experience a significant funding shortfall as early as Fiscal Year 2026.
“For nearly 15 years, the World Trade Center Health Program has been a lifeline for first responders and survivors impacted by the 9/11 terrorist attacks. As a nation, we cannot turn our backs on them — ever,” said Attorney General Bonta. “I’m proud to be joining a bipartisan coalition of attorneys general in urging Congress to fully fund this critical program.”
WTCHP has been an essential resource for more than 135,000 Americans exposed to toxic dust and debris following the collapse of the Twin Towers. These include firefighters, law enforcement officers, EMTs, construction workers, volunteers, and community members who were present in the aftermath. Many of them are now suffering from chronic respiratory illnesses, cancers, mental health conditions, and other serious ailments directly linked to their exposure. They live in all 50 states, Washington D.C., and in U.S. territories like Puerto Rico.
In the letter, the attorneys general argue that despite being reauthorized in 2015 and 2019 with overwhelming bipartisan support, the program now faces a severe funding shortfall that could result in the denial of care to thousands of current and future enrollees. The program is authorized to run until 2090, but the attorneys general contend that the far-off date is essentially meaningless if the program is not funded during that period.
In sending today’s letter, Attorney General Bonta joins the attorneys general of American Samoa, Colorado, Connecticut, Delaware, District of Columbia, Hawaii, Illinois, Iowa, Louisiana, Maine, Maryland, Massachusetts, Michigan, Minnesota, Nevada, New Hampshire, New Jersey, New Mexico, New York, North Carolina, North Dakota, Northern Mariana Islands, Ohio, Oklahoma, Oregon, Pennsylvania, Rhode Island, South Carolina, South Dakota, Tennessee, Utah, Vermont, U.S. Virgin Islands, Virginia, Washington, West Virginia, Wisconsin, and Wyoming.
Source: United States House of Representatives – Monica De La Cruz (TX-15)
Ahead of Memorial Day, Congresswoman Monica De La Cruz (TX-15) introduced the Sergeant Alfredo “Freddy” Gonzalez Congressional Gold Medal Act to posthumously recognize Edinburg-native Sgt. Gonzalez’s service during the Vietnam War.
“Every Memorial Day, we are reminded that our freedoms are not free. Sgt. Freddy Gonzalez is a South Texas hero who sacrificed his life to protect the soldiers in his platoon. Though we can never repay his sacrifice, the Congressional Gold Medal shows our nation’s appreciation for his heroism and will carry on his legacy for years to come.”– Congresswoman Monica De La Cruz
Background:
The Sgt. Freddy Gonzalez Congressional Gold Medal Act instructs the Secretary of the Treasury to issue a gold medal dedicated to Sgt. Gonzalez to recognize his service and sacrifice during the Vietnam War.
Sgt. Gonzalez displayed extraordinary bravery and leadership as a platoon commander. While under heavy enemy fire, he maneuvered his unit and saved a wounded comrade despite being injured himself. He continued to lead his men and refused medical attention even after being seriously wounded. He continued to lead his platoon up until his death.
His actions led to accolades, including the Medal of Honor, the Purple Heart, the Presidential Unit Citation, the National Defense Service Medal, the Vietnam Service Medal with two bronze stars, the Vietnamese Cross of Gallantry with star, the Vietnamese Cross of Gallantry with palm, the Military Merit Medal, the Republic of Vietnam Campaign Medal, and the namesake of the USS Gonzalez.
Source: United States House of Representatives – Congresswoman Sydney Kamlager California (37th District)
WASHINGTON, DC — In anticipation of Secretary of State Marco Rubio’s first appearance before the House Foreign Affairs Committee, Congresswoman Sydney Kamlager-Dove (D-CA) led 55 lawmakers in a bipartisan letter to Secretary Rubio inquiring about the State Department’s plans to ensure quick and secure visa processing for the expected influx of visitors coming to the U.S. for the 2026 FIFA World Cup, 2028 Olympic Games, and other major international sporting competitions. Reps. Young Kim (R-CA), Darin LaHood (R-IL), and Nikema Williams (D-GA) joined as co-leads.
Currently, six countries–Canada, Colombia, Honduras, India, Turkey, and UAE—have at least one U.S. diplomatic post with visa appointment wait times that extend beyond the start of the first FIFA26 game in the United States.
“The Olympics have the potential to bring up to 15 million visitors to the U.S. and produce an estimated $18 billion in economic impact. Over 5 billion viewers are projected to watch the FIFA World Cup, which could bring millions of visitors to the United States across 11 cities and generate an estimated $3.75 billion in economic revenue,” the lawmakers wrote.
They continued, “However, the success of these games hinges on the State Department’s ability to efficiently process the visa applications of spectators, athletes, and media, including providing adequate visa appointment availability and strategically offering visa interview waiver services where appropriate.
“To meet the moment, the State Department must not take a business-as-usual approach. Accommodating the anticipated surge in international visitation will require innovative solutions in the visa adjudication process that will allow us to maintain security safeguards while reducing unnecessary bureaucratic hurdles. It is critical to begin preparations now to demonstrate our nation’s ability to welcome the world,” the lawmakers concluded.
The letter also encouraged the Administration to update its current visa process to address visa processing challenges, including strategies to:
Develop a visa issuance process that maintains necessary security protocols while expediting processing for accredited individuals and entities participating in the games;
Ensure Consular Affairs is sufficiently resourced to support visa processing offices at overseas posts, disseminate information to Consular Affairs officers regarding games-related visa appointments, and handle the increased demand for visas well ahead of the games;
Establish protocols for visa issuance and entry from countries that are sanctioned or do not have U.S. consular offices, ensuring that all eligible athletes and support staff can participate in the games; and
Consider regulatory adjustments or other measures to reduce visa appointment wait times.
The full letter is HERE.
Reps. Sydney Kamlager-Dove, Young Kim, Darin LaHood, and Nikema Williams were joined by Reps. David Valadao, Bonnie Watson Coleman, Jonathan L. Jackson, Gilbert Ray Cisneros Jr., Sheila Cherfilus-McCormick, Aumua Amata Coleman, María Elvira Salazar, Henry C. “Hank” Johnson Jr., Pramila Jayapal, Jasmine Crockett, Kweisi Mfume, Ken Calvert, Josh Gottheimer, Nanette Diaz Barragán, Ted W. Lieu, Raja Krishnamoorthi, LaMonica McIver, Eric Swalwell, Frederica S. Wilson, Stephen F. Lynch, Nydia M. Velázquez, Emanuel Cleaver, Don Bacon, William R. Keating, Luz M. Rivas, Kevin Mullin, Dina Titus, Greg Stanton, Rick Larsen, Brendan F. Boyle, Tom Cole, Julia Brownley, Suzan K. DelBene, Michael T. McCaul, Michael V. Lawler, Robert Garcia, Mikie Sherrill, Emily Randall, Gabe Amo, Zoe Lofgren, Ami Bera, Suhas Subramanyam, Pete Aguilar, Dan Goldman, Sylvia R. Garcia, Julie Johnson, Nellie Pou, Derrick Van Orden, Kevin Kiley, Laura Friedman, and Jay Obernolte.
Source: People’s Republic of China in Russian – People’s Republic of China in Russian –
Source: People’s Republic of China – State Council News
BEIJING, May 21 (Xinhua) — Experts from China and Germany called for cooperation to overcome global challenges in an unstable world at a seminar on China-Russia-Europe relations held in Beijing on Tuesday.
The current seminar, organized by the Institute of Russian, East European and Central Asian Studies of the Chinese Academy of Social Sciences (IRESCA AASS), took place in the year of the 50th anniversary of the establishment of diplomatic relations between China and the European Union.
In his opening remarks, Sun Zhuangzhi, Director of the IRECA AONK, noted that in the context of profound global changes unseen for a century, humanity once again found itself at a historical crossroads. Against this background, he stressed, academic discussions on relations between China, Russia and Europe have important practical significance.
Noting that China and Europe have many common interests, Sun said it is crucial to find the “biggest common denominator” for cooperation between the two sides, which is of particular significance both for maintaining security and stability on the Eurasian continent and for promoting prosperity and development worldwide.
Nadine Godehardt, Senior Research Fellow at the Asia Department of the Brussels branch of the German Institute for International and Security Affairs, noted that the world is experiencing new profound changes, and the geopolitical landscape in the Eurasian region is becoming increasingly complex.
As a result, N. Godehard continued, the European Union and the European integration process are creating a new momentum for reform, initiating a whole series of policy adjustments. She added that discussions between Chinese and European think tanks on the relations between China, Russia and Europe and on the situation in the Eurasian region are timely and important.
The seminar participants agreed that in the context of an unstable international situation, countries of the world should adhere to the principles of mutual success and common progress, work together to solve key global and regional problems, and jointly write a new chapter in international governance and multilateral cooperation.
The seminar was attended by experts and scholars from the German Institute for International and Security Affairs, the Bertelsmann Foundation, the Ruhr University Bochum, the AONK and the China Institute of Contemporary International Relations. –0–
Source: People’s Republic of China in Russian – People’s Republic of China in Russian –
Source: People’s Republic of China – State Council News
GENEVA, May 21 (Xinhua) — China, along with Malaysia, Nepal, Saudi Arabia and the Seychelles, co-hosted for the first time a side event on traditional medicine on the sidelines of the 78th World Health Assembly in Geneva on May 20.
The event focused on integrating traditional medicine into national health systems, supporting universal health coverage, advancing towards the Sustainable Development Goals and building a community of hygiene and health for all humanity.
The event brought together more than 100 participants, including high-level health officials from many countries, representatives of the World Health Organization (WHO), renowned experts and scientists, and figures from international academia.
The event featured a keynote speech by Yu Yanhong, Director of the National Administration of Traditional Chinese Medicine of the People’s Republic of China. She noted China’s centuries-long commitment to the development of traditional Chinese medicine, emphasizing the country’s unique path in developing traditional medicine with Chinese characteristics and the significant successes achieved along the way.
Yu Yanhong called on countries to develop traditional medicine systems in accordance with their national characteristics and promote the modernization of traditional medical practices. She also reaffirmed China’s commitment to promoting more effective integration of traditional medicine into national health systems around the world.
Seychelles Health Minister Peggy Vido said traditional medicine and herbalism have a long history and deep cultural roots in her country, with their benefits gaining increasing public recognition every day.
She proposed to pay special attention to ensuring the necessary level of education and standard training of practitioners, disseminating evidence-based practices and creating a framework to guarantee the quality, effectiveness and safety of traditional medicine as its role in health systems continues to grow. P. Vido also expressed her country’s interest in further strengthening cooperation with China and other countries in this area.
WHO Regional Director for the Western Pacific, Saiya Mau Piukala, described traditional medicine as a vital pillar of health systems that has made a significant contribution to global health.
He praised China’s achievements in preserving and updating traditional medicine, stressing that these practices should complement modern medicine rather than compete with it.
The WHO regional head called for stronger international cooperation to ensure the safety, quality and accessibility of traditional medicine. S. M. Piukala also noted that the Western Pacific Region is actively working to integrate traditional medicine into universal health coverage systems so that more people can benefit from such treatment. –0–
Source: People’s Republic of China in Russian – People’s Republic of China in Russian –
Source: People’s Republic of China – State Council News
MINSK, May 21 (Xinhua) — The 12th International Exhibition of Arms and Military Equipment MILEX-2025 opened on Wednesday at the Minsk International Exhibition Center “BelExpo”. More than 150 companies from Belarus, Russia, China, Iran, Pakistan, and India are taking part in the event. They are demonstrating samples of weapons and military equipment that reflect the main trends and development prospects of the global arms market.
President of Belarus Alexander Lukashenko sent a greeting to the participants and guests of the international exhibition. “In the year of the 80th anniversary of the Victory of the Soviet people in the Great Patriotic War, we are holding this representative forum in honor of our common heroes. The generation of victors bequeathed to us to preserve peace and freedom in our native land, won at an unprecedentedly high price. In the name of this goal, we, the allied countries, are increasing our defense potential and strengthening cooperation in the field of security,” A. Lukashenko’s press service quotes him as saying.
The President of Belarus expressed confidence that the international exhibition of weapons and military equipment will allow a wide range of specialists and experts to become familiar with the most advanced achievements of both Belarusian manufacturers and foreign partners.
MILEX-2025 presents more than 750 samples of weapons, military and special equipment of Belarusian production. Among them are the anti-aircraft missile system “Buk-MB-2K” with the first Belarusian anti-aircraft guided missile, the grenade launcher system “Sapfir”, the armored personnel carrier V-2. The total area of the exhibition exceeds 11.5 thousand square meters.
The 11th International Scientific Conference on the Development of Weapons, Military and Special Equipment and Dual-Use Technologies will be held as part of the scientific and business program of the event. The conference will address current issues of creating systems to counter high-precision weapons, electronic warfare, radio-technical and radar reconnaissance, troop and weapon control, and radio communications. A separate section will be devoted to the topic of unmanned systems for various purposes.
The organizers of the 12th International Exhibition of Arms and Military Equipment MILEX-2025 are the State Military-Industrial Committee and the Ministry of Defense of Belarus, as well as the National Exhibition Center “BelExpo”. The event will last until May 24. –0–
MUNCIE, Ind., May 21, 2025 (GLOBE NEWSWIRE) — First Merchants Corporation (Nasdaq: FRME) has amended the ex-dividend date for its recently declared cash dividend of $0.36 from June 5, 2025, to June 6, 2025. The payment date for the quarterly dividend will remain as June 20, 2025, as previously announced on May 16, 2025.
About First Merchants Corporation:
First Merchants Corporation is a financial holding company headquartered in Muncie, Indiana. The Corporation has one full-service bank charter, First Merchants Bank. The Bank also operates as First Merchants Private Wealth Advisors (as a division of First Merchants Bank).
First Merchants Corporation’s common stock is traded on the NASDAQ Global Select Market System under the symbol FRME. Quotations are carried in daily newspapers and can be found on the company’s Internet web page (http://www.firstmerchants.com).
FIRST MERCHANTS and the Shield Logo are federally registered trademarks of First Merchants Corporation.
For more information, contact: Nicole M. Weaver, First Vice President and Director of Corporate Administration 765-521-7619 http://www.firstmerchants.com
Source: The Conversation (Au and NZ) – By Milad Haghani, Associate Professor & Principal Fellow in Urban Risk & Resilience, The University of Melbourne
Now, SUVs and light commercial vehicles comprise almost 80% of the market. Four in five new vehicles sold in Australia today are an SUV, ute, van or light truck.
As larger vehicles become the new norm, they bring more road wear, urban congestion and demands on infrastructure such as parking.
It’s time to ask: should drivers of larger vehicles pay for the damage and disruption they cause, through higher registration charges? Generally, yes. Bigger cars mean bigger costs for everyone else. It’s only fair those costs are reflected in how we price their use of public roads.
Reasons for going big
There are several reasons for the shift to larger passenger vehicles in Australia. They include perceptions that bigger cars are safer and more prestigious, as well as lifestyle preferences.
A loophole in the luxury car tax also encourages car buyers to go big. The tax was introduced on imports in 2000 and this financial year applies to vehicles worth more than A$80,576.
Many utes and SUVs are exempt because they’re classified as light commercial vehicles. The exemption applies regardless of whether the car is used privately or for business.
Counting the costs on our roads
Larger vehicles – no matter how they are powered – generally impose bigger costs on society than smaller cars.
Large SUVs and utes (if powered by fossil fuels) have a far greater climate impact. On average, a small car emits 2,040 kilograms less carbon dioxide (CO₂) a year than a pickup truck.
But even big electric vehicles can cause climate harm. The substantial resources required to manufacture a large EV creates emissions, which may undermine the climate benefits electrification promises.
Large passenger vehicles also create health system costs. In road crashes, for example, they may better protect their occupants, but pose greater risks to others – especially pedestrians and those in smaller vehicles.
Bigger vehicles also need more space. Standards Australia has proposed making car-parking spaces larger to accommodate the trend to larger cars. Cities such as Paris have introduced higher parking fees for SUVs on these grounds.
In real-world terms, these differences add up. In the United States in 2011, the annual cost of light-duty trucks on congestion and lost productivity was estimated at more than US$2 billion.
Then there’s the cost of road wear. You might think heavier vehicles just wear roads a bit faster than smaller ones. But in reality, the relationship is far more dramatic.
Let’s compare a vehicle with an axle weight of 500 kg and a vehicle with an axle weight of 1,000 kg. The second vehicle doesn’t produce double the road damage – it produces 16 times the damage. This phenomenon is known as the “fourth power rule”.
Vehicle registration offers a way to recoup the societal costs caused by large vehicles.
Part of car registration fees go toward administration, but they also help governments pay for the broader cost of vehicles on public infrastructure and shared spaces.
In Australia, car registration systems vary widely between states. Not all reflect the impact of the vehicles on the road.
In Victoria, fees are based mostly on location – whether the car is registered in a metropolitan, outer-metro or rural area. In the Australian Capital Territory, fees are calculated on a vehicle’s emissions.
Queensland and Tasmania use the number of engine cylinders to set fees – a rough proxy for vehicle size, but not a precise one.
South Australia and the Northern Territory apply different models again, using a combination of settings not directly based on weight.
A fairer system
Larger vehicles take up more road space, contribute more to congestion, and cause exponentially more damage to road surfaces. These are exactly the kinds of impacts a vehicle registration system should help account for.
So, what would a truly equitable registration fee model look like? Based on the evidence, it would not only account for vehicle size and weight, but also how often the vehicle is driven. After all, a heavy car parked in a garage all year causes less impact than one on the road every day.
Several countries, including New Zealand, have adopted distance-based or road-use charging schemes for certain types of vehicles, which uses a combination of vehicle weight and distance travelled.
Milad Haghani does not work for, consult, own shares in or receive funding from any company or organisation that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.
The question now is, can e-biking be accepted and embraced by people and communities where it is currently not happening? Three pilot programmes from around the country have now given us cause for optimism.
Understanding more about the barriers to e-bike access – especially in communities with low cycling levels or where income levels mean bikes are prohibitively expensive – has been one of the main gaps in our knowledge.
But over the past few years, we have been involved in projects designed to examine how e-bikes might work in such places. The three pilots were based in Mangere (South Auckland), Wainuiomata (Lower Hutt) and Sydenham (Christchurch).
These are all areas or communities with lower relative incomes and lower levels of cycling. The majority of individuals involved did not routinely cycle, and some hadn’t been on a bike for decades.
In all three pilots, the results were positive. In some cases, participants reported long-term, life-changing benefits.
What the pilot schemes showed
Each pilot was different. The Mangere programme loaned e-bikes to people for two to three months between 2022 and 2023 through a community bikehub. The Wainuiomata programme involved a longer loan period of one year over 2023, and was run through a health provider at a local marae.
The Christchurch programme, which ran between 2021 and 2024, was a free e-bike share scheme for tenants in a specific social housing complex, organised through a partnership with a shared e-bike provider.
Where needed, participants in all pilots were supported as they gained riding confidence and knowledge of safe cycling routes.
Participants in all the pilot programmes found e-biking acceptable, and they used and enjoyed the bikes. While these pilots were not set up to measure distance travelled, we know from other research that participants in e-bike access schemes ride on average 5km per day, half of which replaces car trips.
Individuals reported practical benefits such as being able to travel to their jobs, mental and physical health improvements, and not having to pay for petrol each week.
In the Wainuiomata pilot there were wider ripple effects, with participants reporting whānau members also started cycling as a result of the loan scheme. In one case, ten members of the wider whānau got involved.
Good cycling infrastructure will encourage e-bike uptake. Getty Images
Combining international evidence and experience with the information from the three local pilot programmes, we see three main policy areas that will increase e-bike uptake and use in New Zealand.
1. Physical infrastructure: this is needed to support cycling in all our cities and larger towns, and would involve a combination of cycle lanes and low-traffic neighbourhoods, alongside expanded bike parking and storage.
2. Targeted access schemes: these help people who can’t afford e-bikes. Without targeting, such schemes tend to be mainly used by the well-off. It’s likely we will need a range of options, such as short-term and long-term low-cost (or free) loans, rent-to-buy schemes or subsidies.
People should be able to access these schemes through a variety of organisations so as to target different motivations: saving money, improving health, commuting for work, ferrying children, environmental concern.
3. Local organisation networks: these support individuals and communities to access bikes, maintain them, provide rider training, run bike libraries, route finding and community events to support and encourage people to ride.
This wider support was a key factor to the success of the all pilots. Local organisations, champions and leaders are essential to help overcome some of the practical and cultural barriers that exist because we have such low levels of cycling.
Change is achievable
What we have outlined constitutes a different way of doing business for the transport sector. But there are already organisations doing a lot of this work, including bike hubs and cycling community organisations.
Others have infrastructure in place that could expand to encompass e-bike programmes, such as marae and community health centres. What is needed is a commitment to support these activities as part of core transport business policy.
We don’t need to wait for more research. The three things required – building infrastructure, increasing access and providing support programmes – are all understood and achievable.
E-bikes can and should play an important role in expanding New Zealand’s transport options and improving the wellbeing of its people.
Caroline Shaw receives funding from the Health Research Council of New Zealand, University of Otago and Waka Kotahi/New Zealand Transport Agency.
Karen Witten receives funding from the Health Research Council of NZ, Ministry of Business Innovation & Employment,
Waka Kotahi/NZTA and Auckland Council.
Simon Kingham receives funding from Ministry of Business Innovation & Employment.
You might have heard of people using tape to literally keep their mouths shut while they sleep. Mouth taping has become a popular trend on social media, with many fans claiming it helps improve sleep and overall health.
The purported benefits of mouth taping during sleep are largely anecdotal, and include claims of better airflow, less snoring, improved asthma symptoms, less of a dry mouth, being less likely to have bad breath, and better sleep quality.
The rationale for mouth taping during sleep is to encourage breathing through the nose rather than through the mouth. When a person’s nasal passages are blocked, breathing switches from the nose to the mouth. Mouth breathing has been linked to conditions such as obstructive sleep apnoea.
But is mouth taping an effective way to address these issues, and is it safe? A new review suggests taping your mouth shut while you sleep offers limited benefits – and could pose risks.
What did the review find?
In a new paper, Canadian researchers reviewed the scientific literature on mouth taping, searching for studies that mentioned terms such as “mouth breathing”, “mouth taping” and “sleep”.
They searched specifically for studies looking at people with known mouth breathing and breathing-related sleeping problems such as obstructive sleep apnoea to understand the potential benefits and harms of mouth taping for this group.
Obstructive sleep apnoea is a condition where your airway is partly or completely blocked at times while you’re asleep. This can cause you to stop breathing for short periods, called “apnoeas”. Apnoeas can happen many times a night, resulting in lowered oxygen levels in the blood as well as sleep disruption.
The researchers found ten eligible studies published between 1999 and 2024, with a total of 213 participants. Eight studies looked at mouth taping, and two studies involved using a chin strap to keep the mouth shut.
Only two studies identified any benefits of mouth taping for mild obstructive sleep apnoea. The observed improvements – to measures such as oxygen levels in the blood and number of apnoeas per hour – were modest.
And although they were statistically significant, they were probably not clinically significant. This means these changes likely wouldn’t make much difference to symptoms or treatment decisions.
The remainder of studies found no evidence mouth taping helps to treat mouth breathing or related conditions.
What’s more, four studies warned about potential serious harms. In particular, covering the mouth could pose a risk of asphyxiation (lack of oxygen that can lead to unconsciousness or death) for people whose mouth breathing is caused by significant blockage of the nasal airways. This kind of nasal obstruction could be a result of conditions such as hay fever, deviated septum, or enlarged tonsils.
In other words, mouth taping is definitely not a good idea if you have a blocked nose, as it’s unsafe to have both the nose and the mouth obstructed at the same time during sleep.
What’s the take-home message?
The authors concluded there are very few benefits and some potential serious risks associated with mouth taping in people who are mouth breathers or have obstructive sleep apnoea.
They did however note we need further high-quality evidence to better understand if mouth taping is safe and works.
This review didn’t focus on any research relating to mouth taping for proposed improvements to mood, skin, digestion, sharper jaw lines and other things, so the researchers could not draw conclusions about the efficacy and safety of mouth taping for those purposes.
If you have concerns about your sleep, the best thing to do is to consult trusted scientific sources or a health-care professional who will be able to guide you to address the underlying causes of your sleep challenges.
Trying social media trends such as mouth taping before you seek expert advice could lead to delays in diagnosing serious conditions for which there are evidence-based treatments available.
It’s possible that in some healthy adults, without respiratory conditions, without significant sleep disorders, and who don’t have tape allergies, that mouth taping could pose little harm and produce some modest benefits. But we don’t have enough evidence yet to know one way or the other.
Moira Junge is CEO of The Sleep Health Foundation. She is also affiliated with the Healthylife Health Advisory Board and is a psychologist and clinic director at Yarraville Health Group.
As Australia’s prime minister, Anthony Albanese, said on election night:
We do not need to beg or borrow or copy from anywhere else. We do not need to seek our inspiration overseas. We find it right here in our values – and in our people.
Those values should guide a principled and evidence-based response to the global refugee crisis. This response should be grounded in fairness, humanity and respect for Australia’s international human rights obligations.
A principled reset
Australia is a signatory to the 1951 Refugee Convention, which defines a refugee as a person who has a well-founded fear of persecution based on:
race
religion
nationality
membership of a particular social group
political opinion.
However, aspects of Australia’s current approach to refugees have drawn criticism from the United Nations High Commissioner for Refugees, Filippo Grandi.
The new Labor government could use its strength in parliament to initiate a principled and evidence-based reset. This could include:
creating a new emergency visa for humanitarian crises to assist people fleeing conflict
making immigration detention an option that could be used at the discretion of the Department of Home Affairs, instead of being mandatory
giving people access to independent review of their detention
improving systems for LGBTQ+ asylum seekers (many of whom face heightened risks, are not always believed about their sexuality, and lack culturally sensitive support).
There are four key areas in particular need of reform.
1. Ending the legal limbo
A crucial priority is resolving the status of some 7,000 people who are part of what’s known as the “legacy caseload”.
These people were refused refugee status under a problematic and now-defunct process known as the “fast track assessment”. They are now on bridging visas and in legal limbo.
A solution is also needed for the roughly 1,000 people who were detained in offshore processing centres in Manus Island and Nauru but are now living in Australia. They are also on bridging visas, also in a state of legal uncertainty.
One option is to allow people in both groups who were previously refused protection to apply for a permanent visa without requiring yet another drawn-out assessment of their protection claims.
Community organisations, legal experts and mental health professionals could help the government develop clear, trauma-informed and evidence-based processes for reviewing their cases.
2. Expanding the numbers
Australia’s main way of accepting refugees is via what’s known as the humanitarian program. But the number of refugees accepted under this program doesn’t currently reflect the scale of global displacement.
Labor has proposed expanding the number of refugees Australia takes.
It has suggested Australia take 27,000 through the core Refugee and Humanitarian Program and an additional 10,000 through two pathways:
It’s also worth noting current policy prohibits asylum seekers registered with the United Nations High Commissioner for Refugees in Indonesia after June 2014 from being resettled to Australia.
The new government could also consider lifting this arbitrary restriction to give these vulnerable refugees access to durable solutions.
3. Strengthening the rights of children and young people
Immigration systems are largely designed around adults. Children and young people are too often overlooked.
Children (including those born in Australia) can’t sponsor their parents via family sponsorship processes. They’re denied a say in decisions that deeply affect their lives.
The Migration Act should be amended to require that all decisions affecting children give primary consideration to the best interests and views of the child. This would be in line with Australia’s obligations under the UN Convention on the Rights of the Child.
Similar principles are already embedded in Australian family law and child protection policy, providing a clear model for reform.
4. Reviewing Australia’s boat turnback policy
Since 2013, Australia has intercepted boats under Operation Sovereign Borders, using turnbacks and takebacks with little independent oversight.
The United Nations High Commissioner for Refugees has raised concerns about this policy.
Sometimes during these interactions Australian officials detain and interview people on boats about their reason for trying to enter Australia, but details about what happens during such encounters are kept largely secret. Most of these encounters end with the boat and people on it being returned to the country from which they came.
A recent document published by the Commonwealth Ombudsman reported on conditions aboard vessels used for maritime detention.
It found serious problems, including no private spaces for sensitive interviews and no interpreters on board.
The Department of Home Affairs responded by saying formal interviews use accredited interpreters. However, the report highlights many crucial interactions do not.
There is also no time limit on detention at sea, and no independent monitoring of how protection claims are assessed.
Mary Anne Kenny is a member of the Migration Institute of Australia and the Law Council of Australia and an affiliate of the UNSW Kaldor Centre for International Refugee Law. She was on the Ministerial Council on Asylum Seekers and Detention (an independent advisory body) between 2012 and 2018.
Crime and public safety are usually the domain of state politics. But the Coalition tried to elevate them as key issues for voters in the recent federal election.
Claiming crime had been “allowed to fester” under Labor, the opposition promised a A$750 million Operation Safer Communities plan, which included police strike teams targeting drugs, a national child sex offender register, and more money for Neighbourhood Watch.
A Coalition government would also have given grants to community groups to install public lighting, bollards and CCTV cameras.
But in the end, crime did not appear to be a deciding factor in the election, which was easily won by Labor.
What does that tell us about leveraging public fear – either existing crime fears and general anxieties, or latent concerns that can be triggered – for political gain in Australia? Can it be a successful strategy?
Stoking anxiety
In culturally diverse countries, such as Australia and the United States, law and order rhetoric sometimes calls for supporting aggressive crime policies at the expense of racial and ethnic minorities, many of whom are immigrants.
These policies can be effective in stoking public fear to win votes. US President Donald Trump’s exhortations on immigration and crime were a significant part of his election campaigns in 2016 and 2024.
However, what experts call “protective factors”, such as strong communities and social cohesion, are important. They can reduce the influence of political narratives that try to define crime in narrowly punitive or racialised terms.
Australia is not America
Our peer-reviewed research, which will be published in the Journal of Criminology, investigated how public concerns about crime and safety in Australia and the US were associated with demographic factors that evolved over time. The study drew on data from the World Values Survey and indicated key differences in what makes Australians and Americans feel unsafe.
We have found that in Australia in 2018, supporters of left-leaning parties (Labor/Green) reported feeling significantly safer than other voters. However, this gap disappeared when researchers took into account attitudes that blame crime problems on immigrants. This suggests immigrant-blaming in Australia can drive feelings of community fear and insecurity.
The World Values Survey uncovered a different pattern in the US.
Between 2011 and 2017, Republican voters reported feeling safer than other Americans – the opposite of Australia’s trend. The political divide in the US couldn’t be explained by immigrant-blaming attitudes. Rather, it was attributed to the “self-isolation” of American conservatives in more culturally homogeneous communities.
Our study indicated that while immigration continued to influence safety perceptions in the US, it appeared to operate through different mechanisms than in Australia. Racial and ethnic minorities reported greater fear as the 2010s unfolded.
Social connectedness also plays differently in each country. In Australia, trust in others and confidence in public institutions consistently influences safety perceptions. In the US, these factors have little impact.
Social scientists have observed that in modern societies, responsibility for personal safety has increasingly shifted from the government to individuals. This trend is strong in the US, where market-focused, neoliberal economic and social policies dominate policies.
By contrast, European research suggests stronger social welfare systems can reduce safety concerns by addressing underlying economic anxieties. Australia’s more robust social support appears to foster greater feelings of safety.
Our research indicates social cohesion further helps reduce fear.
Crime fears are not a vote winner
Electoral strategies that seek to leverage public insecurities need to be understood in the context of these fear-mitigating factors. Media diversity can also counter fear-based messaging.
In the 2018 Victorian election, crime became a prominent political issue through racialised commentary targeting “African gangs”. However, it failed to gain decisive political traction.
Research found fear of crime was relatively rare in Victoria. Media reports of crime and comments by political leaders were distant from their own experiences
With more diverse news sources and online platforms, political actors can no longer promote narratives unopposed. Fear-based messaging can backfire, especially when it overreaches.
Outdated strategy
Perceptions of crime are often shaped by a combination of actual crime rates and broader anxieties about social change, cultural difference, and uncertainty. This is frequently expressed as unease about the increasing presence of culturally diverse groups.
While the coalition’s pivot to law-and-order rhetoric represented a familiar strategy, Labor positioned itself as the party of unity. This was underscored by Foreign Minister Penny Wong’s declaration after Labor won the election, in which she acknowledged
[…] the power in our 26 million people from more than 300 ancestries […] from the oldest continuing civilisation on the planet and I acknowledge the traditional owners. Friends, we love this country.
Foreign Minister Penny Wong on election night.
While harnessing fears of crime and cultural diversity was not effective in this election cycle, this is not the end of law and order politics. But the unique characteristics of this election appear to have rendered the formula less potent.
Trump’s threat to democracy and the constitutional rule of law in the US may have fostered a sense of solidarity and social cohesion among Australian voters. Our research suggests this helped to mitigate fears about crime.
The temptation to capitalise on law and order may continue to appeal to politicians. But in Australia, at least, there is no guarantee it will work.
The authors do not work for, consult, own shares in or receive funding from any company or organisation that would benefit from this article, and have disclosed no relevant affiliations beyond their academic appointment.
Source: United States Senator Peter Welch (D-Vermont)
WASHINGTON, D.C. — U.S. Senator Peter Welch, Ranking Member of the Senate Agriculture Subcommittee on Rural Development, Energy, and Credit, this week joined Senator Jeanne Shaheen (D-N.H.) in leading 20 of their colleagues urging the Trump Administration to immediately reverse course on its plan to illegally and unilaterally terminate the ENERGY STAR program. In their letter, the Senators highlight the cost-saving benefits of the program, which is projected to save the average American household $450 on utility bills each year simply by choosing ENERGY STAR certified products.
Since 1992, ENERGY STAR has reduced energy costs for American families and businesses by $500 billion, including $42 billion worth of savings in 2020 alone. For every federal dollar spent on ENERGY STAR, Americans have enjoyed $350 in savings.
“For over three decades, the ENERGY STAR program has lowered Americans’ energy bills by informing consumers about energy efficient products. The program has enjoyed bipartisan support since its creation under authority of Section 103 of the Clean Air Act, most recently receiving $35.7 million in fiscal year 2025 appropriations,” wrote the Senators. “Reporting has indicated, however, that the Environmental Protection Agency (EPA) plans to eliminate ENERGY STAR without Congressional approval. Not only is the program protected under federal statute and thus illegal for the Administration to terminate unilaterally, but this decision also lacks basic economic sense. We write to urge you to immediately reverse course.”
The Senators continued: “ENERGY STAR is the epitome of an effective public-private partnership. As the program’s administrators, EPA and the Department of Energy set qualifying energy efficiency standards for products. EPA also protects the integrity of the ENERGY STAR brand, ensuring it remains well-known, trusted, and indicative of a quality product. Appliance manufacturers then voluntarily display the ENERGY STAR label, notifying consumers that a product will reduce their energy consumption and lower utility bills. The program strengthens consumer choice by sharing critical product information.”
“Eliminating the ENERGY STAR program will not only raise energy costs for American families and businesses, but also inflict far-reaching economic harms, threatening industry jobs and the reliability of the grid at a time of growing demand. We again urge you to immediately reconsider eliminating this popular and effective Congressionally authorized program,” the Senators concluded.
Administered by the EPA and Department of Energy, ENERGY STAR is a voluntary, market-based program that has saved consumers billions of dollars annually. The ENERGY STAR program has cumulatively reduced four billion metric tons of harmful emissions and currently supports more than 790,000 American jobs manufacturing and installing ENERGY STAR products.
ENERGY STAR is strongly supported by a wide array of manufacturers, homebuilders, housing organizations, building owners, small businesses, and other organizations. In April, the U.S. Real Estate Industry sent a letter to the Trump Administration expressing its strong support for the ENERGY STAR program. Additionally, the U.S. Green Buildings Council partnered with the Alliance to Save Energy in leading over 1,000 organizations in urging the Trump Administration to protect the program and maintain full funding and staffing levels.
In addition to Senators Welch and Shaheen, the letter was signed by Senators Bernie Sanders (I-Vt.), John Fetterman (D-Pa.), Mazie Hirono (D-Hawaii), Angus King (I-Maine), Chris Coons (D-Del.), Ed Markey (D-Mass.), Sheldon Whitehouse (D-R.I.), Chris Van Hollen (D-Md.), Dick Durbin (D-Ill.), Tammy Baldwin (D-Wis.), Jeff Merkley (D-Ore.), Amy Klobuchar (D-Minn.), Brian Schatz (D-Hawaii), Lisa Blunt Rochester (D-Del.), Tina Smith (D-Minn.), Ron Wyden (D-Ore.), Martin Heinrich (D-N.M.), Richard Blumenthal (D-Conn.), Michael Bennet (D-Colo.), and Cory Booker (D-N.J.).
Read and download the full letter.
ARCHBOLD, Ohio, May 21, 2025 (GLOBE NEWSWIRE) — F&M Bank (“F&M”), an Archbold, Ohio-based bank owned by Farmers & Merchants Bancorp, Inc. (Nasdaq: FMAO), is proud to announce the promotion of Eric D. Faust to Executive Vice President. Faust has served as the bank’s Chief Risk Officer since 2022, where he has led significant advancements in enterprise risk and regulatory compliance.
In his role, Mr. Faust has successfully built F&M’s comprehensive risk and compliance team, integrated regulatory compliance more deeply into strategic decision-making, and enhanced the bank’s oversight structures. His efforts have helped ensure F&M continues to meet evolving regulatory expectations while maintaining a strong foundation for safe and sound growth.
Prior to joining F&M, Mr. Faust served as First Vice President and Director of Risk Management at Northstar Financial Group in Wyoming, Michigan. He also held the position of Examination Manager for the State of Michigan’s Department of Insurance and Financial Services. He holds an MBA from Davenport University and a Bachelor of Science in Business Administration from Central Michigan University.
“Eric’s promotion to Executive Vice President is a testament to his leadership and deep understanding of risk and compliance in today’s banking environment,” said Lars Eller, President and CEO of F&M. “He has played a vital role in strengthening our risk culture and ensuring we remain responsive and resilient in a highly regulated landscape.”
Mr. Faust resides in Grand Rapids, Michigan, and will continue to lead F&M’s risk and compliance efforts in his expanded role.
About F&M Bank: F&M Bank is a local independent community bank that has been serving its communities since 1897. F&M Bank provides commercial banking, retail banking and other financial services. Our locations are in Butler, Champaign, Fulton, Defiance, Hancock, Henry, Lucas, Shelby, Williams, and Wood counties in Ohio. In Northeast Indiana, we have offices located in Adams, Allen, DeKalb, Jay, Steuben and Wells counties. The Michigan footprint includes Oakland County, and we have Loan Production Offices in Troy, Michigan; Muncie, Indiana; and Perrysburg and Bryan, Ohio.
Safe harbor statement Private Securities Litigation Reform Act of 1995. Statements by F&M, including management’s expectations and comments, may not be based on historical facts and are “forward-looking statements” within the meaning of Section 27A of the Securities Act of 1933, as amended, and Section 21B of the Securities Exchange Act of 1934, as amended. Actual results could vary materially depending on risks and uncertainties inherent in general and local banking conditions, competitive factors specific to markets in which F&M and its subsidiaries operate, future interest rate levels, legislative and regulatory decisions, capital market conditions, or the effects of the COVID-19 pandemic, and its impacts on our credit quality and business operations, as well as its impact on general economic and financial market conditions. F&M assumes no responsibility to update this information. For more details, please refer to F&M’s SEC filing, including its most recent Annual Report on Form 10-K and quarterly reports on Form 10-Q. Such filings can be viewed at the SEC’s website, www.sec.gov or through F&M’s website www.fm.bank.
Company Contact:
Investor and Media Contact:
Lars B. Eller President and Chief Executive Officer Farmers & Merchants Bancorp, Inc. (419) 446-2501 leller@fm.bank
Andrew M. Berger Managing Director SM Berger & Company, Inc. (216) 464-6400 andrew@smberger.com
Home Newsroom AG Labrador Defends Trump Policy Upholding Biological Truth and Protecting Women
BOISE — Attorney General Raúl Labrador led a 26-state coalition, along with Indiana, in filing an amicus brief in the U.S. Court of Appeals for the D.C. Circuit supporting the federal government’s appeal in Doe v. Bondi. The appeal challenges a lower court’s preliminary injunction against a Trump Administration policy that protects the dignity, safety, and privacy of female inmates by requiring federal prison housing assignments based on biological sex. The policy also prohibits the use of taxpayer funds for sex-change procedures in federal prisons. “Truth matters—and it’s under attack in our culture today,” said Attorney General Labrador. “We’re standing up for biological reality, lawful executive authority, and the dignity and safety of women. If government policy or court rulings deny basic truth, it threatens both public trust and the rights of individuals.” In January 2025, President Trump signed Executive Order 14168, Defending Women from Gender Ideology Extremism and Restoring Biological Truth to the Federal Government. Among its provisions, the Order directed the Bureau of Prisons to house inmates according to their biological sex. It also prohibited federal funding for sex reassignment surgeries and related procedures in prisons and immigration detention centers. Shortly after the policy was issued, a lawsuit was filed in federal court seeking to block the housing provisions and the restriction on taxpayer-funded procedures. The plaintiffs aim to compel federal prison officials to place biologically male inmates in female correctional facilities and to provide sex-change operations at public expense. In response, Idaho is leading a multistate amicus brief urging the D.C. Circuit to defer to the Executive Order that directs federal prisons to house inmates according to their biological sex and bars federal funding for sex-change drugs and surgeries. The States argue that prison officials must be free to manage housing and medical decisions because they alone have the expertise to balance competing safety, privacy, and medical risks in a dangerous prison environment, and because placing biological males in women’s units jeopardizes female inmates’ privacy, safety, and dignity. The case, Doe v. Bondi, is currently pending before the U.S. Court of Appeals for the D.C. Circuit. Idaho’s brief supports the federal government’s appeal and the Administration’s authority to enforce policies that prioritize safety and biological reality in federal custody. Read the amicus brief here. Read more from the Daily Wire here.
Source: United States Senator for Delaware Christopher Coons
WASHINGTON – U.S. Senators Chris Coons (D-Del.) and John Cornyn (R-Texas), co-chairs of the bipartisan Senate Law Enforcement Caucus, celebrated the caucus’ new members for the 119th Congress during National Police Week, which started on May 11 and ended May 17.
Senator Coons and Cornyn welcome U.S. Senators Ruben Gallego (D-Ariz.), Jim Justice (R-W.Va.), and Dave McCormick (R-Pa.).
Senator Coons launched the Senate Law Enforcement Caucus over a decade ago with former Senator Roy Blunt (R-Mo.). Since then, the caucus has held briefings on policing issues like recruitment and retention, emerging threats such as generative AI’s impact on children, and best practices shared by law enforcement officials working on the ground.
The caucus is more committed than ever to supporting law enforcement, protecting families, and strengthening communities across the country.
A full member list can be found on the Senate Law Enforcement website and below:
U.S. Senators Chris Coons (D-Del.), John Cornyn (R-Texas), Richard Blumenthal (D-Conn.), John Boozman (R-Ark.), Ted Budd (R-N.C.), Catherine Cortez Masto (D-Nev.), Dick Durbin (D-Ill.), Ruben Gallego (D-Ariz.), Lindsey Graham (R-S.C.), Mazie Hirono (D-Hawaii), John Hoeven (R-N.D.), Cindy Hyde-Smith (R-Miss.), Jim Justice (R-W.Va.), Amy Klobuchar (D-Minn.), Roger Marshall (R-Kan.), Dave McCormick (R-Pa.), Jeff Merkley (D-Ore.), Jerry Moran (R-Kan.), Lisa Murkowski (R-Alaska), Chris Murphy (D-Conn.), Gary Peters (D-Mich.), Mike Rounds (R-S.D.), Chuck Schumer (D-N.Y.), and Thom Tillis (R-N.C.).
• Full year revenues increased 53% year over year to $222.8 million • Full year net income increased $17.1 million year over year to $6.0 million • Generated $6.3 million of operating cash flow in the fourth quarter, helping to further strengthen the balance sheet
Company to host conference call tomorrow, May 22 at 10:00 am ET
AYER, Mass., May 21, 2025 (GLOBE NEWSWIRE) — AMSC (Nasdaq: AMSC), a leading system provider of megawatt-scale power resiliency solutions that orchestrate the rhythm and harmony of power on the grid™ and that protect and expand the capability and resiliency of our Navy’s fleet, today reported financial results for its fourth quarter and fiscal year ended March 31, 2025 (“fiscal 2024”).
Revenues for the fourth quarter of fiscal 2024 were $66.7 million compared with $42.0 million for the same period of fiscal 2023. The year-over-year increase was driven by organic growth in New Energy Power Systems revenues along with the contributions from the acquisition of NWL, Inc.
AMSC’s net income for the fourth quarter of fiscal 2024 was $1.2 million, or $0.03 per share, compared to net loss of $1.6 million, or $0.05 per share, for the same period of fiscal 2023. The Company’s non-GAAP net income for the fourth quarter of fiscal 2024 was $4.8 million, or $0.13 per share, compared with a non-GAAP net income of $1.9 million, or $0.06 per share, in the same period of fiscal 2023. Please refer to the financial table below for a reconciliation of GAAP to non-GAAP results.
Revenues for fiscal 2024 were $222.8 million as compared to $145.6 million in fiscal 2023. The year-over-year increase was driven by higher D-VAR and NEPSI revenues than in the prior year period along with the contribution from the acquisition of NWL, Inc.
AMSC reported net income for fiscal 2024 of $6.0 million, or $0.16 per share, compared to a net loss of $11.1 million, or $0.37 per share in fiscal 2023. The Company’s non-GAAP net income for fiscal 2024 was $24.0 million, or $0.65 per share, compared with non-GAAP net income of $0.6 million, or $0.02 per share, for fiscal 2023. Please refer to the financial table below for a reconciliation of GAAP to non-GAAP results.
Cash, cash equivalents and restricted cash on March 31, 2025 totaled $85.4 million.
“AMSC reported its strongest quarterly and annual performance in years,” said Daniel P. McGahn, Chairman, President and CEO of AMSC. “Fiscal fourth quarter revenue grew sequentially to over $66 million, up nearly 60% year-over-year. Net income surpassed $1.2 million, making our third consecutive quarter of profitability, and seventh consecutive quarter of positive operating cash flow. We secured $75 million in new orders, bringing total year-end orders to a recent record of nearly $320 million. Our fiscal 2024 results reflect improved financial performance, a resilient and diversified order pipeline, and solid operational execution—positioning AMSC for long-term success. With expanding end markets, we’re focused on broadening our offerings, entering new sectors, and strengthening customer relationships. We enter fiscal 2025 with strong momentum and confidence in our ability to continue building a more resilient and profitable company.”
Business Outlook
For the first quarter ending June 30, 2025, AMSC expects that its revenues will be in the range of $64.0 million to $68.0 million. The Company’s net income for the first quarter of fiscal 2025 is expected to exceed $1.0 million, or $0.03 per share. The Company’s non-GAAP net income (as defined below) is expected to exceed $4.0 million, or $0.10 per share.
Conference Call Reminder In conjunction with this announcement, AMSC management will participate in a conference call with investors beginning at 10:00 a.m. Eastern Time on Thursday, May 22, 2025, to discuss the Company’s financial results and business outlook. Those who wish to listen to the live or archived conference call webcast should visit the “Investors” section of the Company’s website at https://ir.amsc.com. The live call can be accessed by dialing 1-844-481-2802 or 1-412-317-0675 and asking to join the AMSC call. A replay of the call may be accessed 2 hours following the call by dialing 1-877-344-7529 and using conference passcode 4917468.
About AMSC (Nasdaq: AMSC) AMSC generates the ideas, technologies and solutions that meet the world’s demand for smarter, cleaner … better energy™. Through its Gridtec™ Solutions, AMSC provides the engineering planning services and advanced grid systems that optimize network reliability, efficiency and performance. Through its Marinetec™ Solutions, AMSC provides ship protection and is developing propulsion and power management solutions designed to help fleets increase system efficiencies, enhance power quality and boost operational safety. Through its Windtec™ Solutions, AMSC provides wind turbine electronic controls and systems, designs and engineering services that reduce the cost of wind energy. The Company’s solutions are enhancing the performance and reliability of power networks, increasing the operational safety of navy fleets, and powering gigawatts of renewable energy globally. Founded in 1987, AMSC is headquartered near Boston, Massachusetts with operations in Asia, Australia, Europe and North America. For more information, please visit www.amsc.com.
AMSC, American Superconductor, D-VAR, D-VAR VVO, Gridtec, Marintec, Windtec, Neeltran, NEPSI, NWL, Smarter, Cleaner … Better Energy and Orchestrate the Rhythm and Harmony of Power on the Grid are trademarks or registered trademarks of American Superconductor Corporation. All other brand names, product names, trademarks or service marks belong to their respective holders.
Forward-Looking Statements
This press release contains forward-looking statements within the meaning of Section 21E of the Securities Exchange Act of 1934, as amended (the “Exchange Act”). Any statements in this release regarding our goals and strategies; business diversification; order pipeline; long-term success, including through expanding end markets, broadening offerings, entering new sectors; strengthening customer relationships; strong momentum; building a more resilient and profitable company; our expected GAAP and non-GAAP financial results for the quarter ending June 30, 2025;and other statements containing the words “believes,” “anticipates,” “plans,” “expects,” “will” and similar expressions, constitute forward-looking statements within the meaning of the Private Securities Litigation Reform Act of 1995. Such forward-looking statements represent management’s current expectations and are inherently uncertain. There are a number of important factors that could materially impact the value of our common stock or cause actual results to differ materially from those indicated by such forward-looking statements. These important factors include, but are not limited to: We have not been historically profitable, which may recur in the future. Our operating results may fluctuate significantly from quarter to quarter and may fall below expectations in any particular fiscal quarter; While we generated positive operating cash flow in fiscal 2024 and the prior year, we have a history of negative operating cash flows, and we may require additional financing in the future, which may not be available to us; Our technology and products could infringe intellectual property rights of others, which may require costly litigation and, if we are not successful, could cause us to pay substantial damages and disrupt our business; Changes in exchange rates could adversely affect our results of operations; If we fail to maintain proper and effective internal control over financial reporting, our ability to produce accurate and timely financial statements could be impaired and may lead investors and other users to lose confidence in our financial data; We may be required to issue performance bonds, which restricts our ability to access any cash used as collateral for the bonds; We may not realize all of the sales expected from our backlog of orders and contracts; If we fail to implement our business strategy successfully, our financial performance could be harmed; We rely upon third-party suppliers for the components and subassemblies of many of our Grid and Wind products, making us vulnerable to supply shortages and price fluctuations, which could harm our business; Our contracts with the U.S. government are subject to audit, modification or termination by the U.S. government and include certain other provisions in favor of the government. The continued funding of such contracts remains subject to annual congressional appropriation, which, if not approved, could reduce our revenue and lower or eliminate our profit; Changes in U.S. government defense spending could negatively impact our financial position, results of operations, liquidity and overall business; Our business and operations may be materially adversely impacted in the event of a failure or security breach of our or any critical third parties’ IT Systems or Confidential Information; Failure to comply with evolving data privacy and data protection laws and regulations or to otherwise protect personal data, may adversely impact our business and financial results; Our success is dependent upon attracting and retaining qualified personnel and our inability to do so could significantly damage our business and prospects; A significant portion of our Wind segment revenues are derived from a single customer. If this customer’s business is negatively affected, it could adversely impact our business; Our success in addressing the wind energy market is dependent on the manufacturers that license our designs; We may acquire additional complementary businesses or technologies, which may require us to incur substantial costs for which we may never realize the anticipated benefits; Many of our revenue opportunities are dependent upon subcontractors and other business collaborators; Problems with product quality or product performance may cause us to incur warranty expenses and may damage our market reputation and prevent us from achieving increased sales and market share; Many of our customers outside of the United States may be either directly or indirectly related to governmental entities, and we could be adversely affected by violations of the United States Foreign Corrupt Practices Act and similar worldwide anti-bribery laws outside the United States; We or third parties on whom we depend may be adversely affected by natural disasters, including events resulting from climate change, and our business continuity and disaster recovery plans may not adequately protect us or our value chain from such events; Pandemics, epidemics, or other public health crises may adversely impact our business, financial condition and results of operations; Adverse changes in domestic and global economic conditions could adversely affect our operating results; Our international operations are subject to risks that we do not face in the United States, which could have an adverse effect on our operating results; Our products face competition, which could limit our ability to acquire or retain customers; We have operations in, and depend on sales in, emerging markets, including India, and global conditions could negatively affect our operating results or limit our ability to expand our operations outside of these markets. Changes in India’s political, social, regulatory and economic environment may affect our financial performance; Industry consolidation could result in more powerful competitors and fewer customers; Our success could depend upon the commercial adoption of the REG system, which is currently limited, and a widespread commercial market for our REG products may not develop; Increasing focus and scrutiny on environmental sustainability and social initiatives could adversely impact our business and financial results; Growth of the wind energy market depends largely on the availability and size of government subsidies, economic incentives and legislative programs designed to support the growth of wind energy; Lower prices for other energy sources may reduce the demand for wind energy development, which could have a material adverse effect on our ability to grow our Wind business; We may be unable to adequately prevent disclosure of trade secrets and other proprietary information; Our patents may not provide meaningful or long-term protection for our technology, which could result in us losing some or all of our market position; Third parties have or may acquire patents that cover the materials, processes and technologies we use or may use in the future to manufacture our Amperium products, and our success depends on our ability to license such patents or other proprietary rights; Our common stock has experienced, and may continue to experience, market price and volume fluctuations, which may prevent our stockholders from selling our common stock at a profit and could lead to costly litigation against us that could divert our management’s attention; Unfavorable results of legal proceedings could have a material adverse effect on our business, operating results and financial condition;and the other important factors discussed under the caption “Risk Factors” in Part 1. Item 1A of our Form 10-K for the fiscal year ended March 31, 2025, and our other reports filed with the SEC. These important factors, among others, could cause actual results to differ materially from those indicated by forward-looking statements made herein and presented elsewhere by management from time to time. Any such forward-looking statements represent management’s estimates as of the date of this press release. While we may elect to update such forward-looking statements at some point in the future, we disclaim any obligation to do so, even if subsequent events cause our views to change. These forward-looking statements should not be relied upon as representing our views as of any date subsequent to the date of this press release.
UNAUDITED CONSOLIDATED STATEMENTS OF OPERATIONS
(In thousands, except per share data)
Three Months Ended
Twelve Months Ended
March 31,
March 31,
2025
2024
2025
2024
Revenues
Grid
$
55,592
$
34,211
$
187,170
$
122,065
Wind
11,063
7,817
35,648
23,574
Total revenues
66,655
42,028
222,818
145,639
Cost of revenues
48,964
31,598
160,964
110,356
Gross margin
17,691
10,430
61,854
35,283
Operating expenses:
Research and development
3,493
2,298
11,425
7,991
Selling, general and administrative
12,101
7,953
43,091
31,600
Amortization of acquisition related intangibles
444
538
1,733
2,152
Change in fair value of contingent consideration
—
1,870
6,682
4,922
Restructuring
—
—
—
(14
)
Total operating expenses
16,038
12,659
62,931
46,651
Operating income (loss)
1,653
(2,229
)
(1,077
)
(11,368
)
Interest income, net
807
784
3,708
1,302
Other expense, net
(49
)
(117
)
(265
)
(736
)
Income (loss) before income tax (benefit) expense
2,411
(1,562
)
2,366
(10,802
)
Income tax (benefit) expense
1,204
17
(3,667
)
309
Net income (loss)
$
1,207
$
(1,579
)
$
6,033
$
(11,111
)
Net income (loss) per common share
Basic
$
0.03
$
(0.05
)
$
0.16
$
(0.37
)
Diluted
$
0.03
$
(0.05
)
$
0.16
$
(0.37
)
Weighted average number of common shares outstanding
Basic
37,672
33,139
36,990
29,825
Diluted
38,516
33,139
37,718
29,825
CONSOLIDATED BALANCE SHEET
(In thousands, except per share data)
March 31,
March 31,
2025
2024
ASSETS
Current assets:
Cash and cash equivalents
$
79,494
$
90,522
Accounts receivable, net
46,186
26,325
Inventory, net
71,169
41,857
Prepaid expenses and other current assets
8,055
7,295
Restricted cash
1,613
468
Total current assets
206,517
166,467
Property, plant and equipment, net
38,572
10,861
Intangibles, net
5,916
6,369
Right-of-use assets
3,829
2,557
Goodwill
48,164
43,471
Restricted cash
4,274
1,290
Deferred tax assets
1,178
1,119
Equity-method Investments
1,113
—
Other assets
958
637
Total assets
$
310,521
$
232,771
LIABILITIES AND STOCKHOLDERS’ EQUITY
Current liabilities:
Accounts payable and accrued expenses
$
32,282
$
24,235
Lease liability, current portion
685
716
Debt, current portion
—
25
Contingent consideration
—
3,100
Deferred revenue, current portion
66,797
50,732
Total current liabilities
99,764
78,808
Deferred revenue, long term portion
9,336
7,097
Lease liability, long term portion
2,684
1,968
Deferred tax liabilities
1,595
300
Other liabilities
28
27
Total liabilities
113,407
88,200
Stockholders’ equity:
Common stock, $0.01 par value, 75,000,000 shares authorized; 39,887,536 and 37,343,812 shares issued and 39,484,185 and 36,946,181 shares outstanding at March 31, 2025 and 2024, respectively
399
373
Additional paid-in capital
1,259,540
1,212,913
Treasury stock, at cost, 403,351 and 397,631 at March 31, 2025 and 2024, respectively
(3,765
)
(3,639
)
Accumulated other comprehensive income
1,565
1,582
Accumulated deficit
(1,060,625
)
(1,066,658
)
Total stockholders’ equity
197,114
144,571
Total liabilities and stockholders’ equity
$
310,521
$
232,771
CONSOLIDATED STATEMENTS OF CASH FLOWS
(In thousands)
Year Ended March 31,
2025
2024
Cash flows from operating activities:
Net income (loss)
$
6,033
$
(11,111
)
Adjustments to reconcile net income (loss) to net cash provided by operations:
Depreciation and amortization
5,560
4,494
Stock-based compensation expense
7,794
4,652
Provision for excess and obsolete inventory
1,532
1,970
Amortization of operating lease right-of-use assets
976
321
Deferred income taxes
(4,304
)
65
Earnings from equity method investments
132
—
Change in fair value of contingent consideration
6,682
4,922
Other non-cash items
(587
)
44
Unrealized foreign exchange gain on cash and cash equivalents
(41
)
(2
)
Changes in operating asset and liability accounts:
Accounts receivable
(3,213
)
4,340
Inventory
(7,707
)
(6,841
)
Prepaid expenses and other current assets
543
5,992
Operating leases
(1,563
)
(327
)
Accounts payable and accrued expenses
3,209
(13,498
)
Deferred revenue
13,239
7,117
Net cash provided by operating activities
28,285
2,138
Cash flows from investing activities:
Purchases of property, plant and equipment
(2,415
)
(934
)
Cash paid to settle NWL contingent consideration liability
(3,278
)
—
Cash paid for NWL Acquisition, net of cash acquired
(29,577
)
—
Change in other assets
64
(27
)
Net cash used in investing activities
(35,206
)
(961
)
Cash flows from financing activities:
Repurchase of treasury stock
(126
)
—
Repayment of debt
(25
)
(65
)
Cash paid related to registration of common stock shares
(148
)
—
Proceeds from public equity offering, net
—
65,227
Proceeds from exercise of employee stock options and ESPP
307
279
Net cash provided by financing activities
8
65,441
Effect of exchange rate changes on cash, cash equivalents and restricted cash
14
(13
)
Net (decrease) increase in cash, cash equivalents and restricted cash
(6,899
)
66,605
Cash, cash equivalents and restricted cash at beginning of year
92,280
25,675
Cash, cash equivalents and restricted cash at end of year
$
85,381
$
92,280
RECONCILIATION OF GAAP NET INCOME (LOSS) TO NON-GAAP NET INCOME
(In thousands, except per share data)
Three Months Ended March 31,
Year Ended March 31,
2025
2024
2025
2024
Net income (loss)
$
1,206
$
(1,579
)
$
6,033
$
(11,111
)
Stock-based compensation
2,855
1,044
7,794
4,652
Amortization of acquisition-related intangibles
706
538
2,433
2,158
Change in fair value of contingent consideration
—
1,870
6,682
4,922
Acquisition costs
—
—
1,095
—
Non-GAAP net income
4,767
1,873
24,037
621
Non-GAAP net income per share – basic
$
0.13
$
0.06
$
0.65
$
0.02
Non-GAAP net income per share – diluted
$
0.12
$
0.05
$
0.64
$
0.02
Weighted average shares outstanding – basic
37,672
33,139
36,990
29,825
Weighted average shares outstanding – diluted
38,516
34,447
37,718
30,909
Reconciliation of Forecast GAAP Net Income to Non-GAAP Net Income
(In millions, except per share data)
Three months ending
June 30, 2025
Net income
$
1.0
Stock-based compensation
2.6
Amortization of acquisition-related intangibles
0.4
Non-GAAP net income
$
4.0
Non-GAAP net income per share
$
0.10
Shares outstanding
38.7
Note: Non-GAAP net income (loss) is defined by the Company as net income (loss) before; stock-based compensation; amortization of acquisition-related intangibles; changes in fair value of contingent consideration; acquisition costs; other non-cash or unusual charges, and the tax effect of adjustments calculated at the relevant rate for our non-GAAP metric. The Company believes non-GAAP net income (loss) and non-GAAP net income (loss) per share assist management and investors in comparing the Company’s performance across reporting periods on a consistent basis by excluding these non-cash, non-recurring or other charges that it does not believe are indicative of its core operating performance. Actual GAAP and non-GAAP net income (loss) and net income (loss) per share for the fiscal quarter ending June 30, 2025, including the above adjustments, may differ materially from those forecasted in the table above, including as a result of changes in the fair value of contingent consideration.
Generally, a non-GAAP financial measure is a numerical measure of a company’s performance, financial position or cash flow that either excludes or includes amounts that are not normally excluded or included in the most directly comparable measure calculated and presented in accordance with GAAP. The non-GAAP measures included in this release, however, should be considered in addition to, and not as a substitute for or superior to, operating income or other measures of financial performance prepared in accordance with GAAP. A reconciliation of GAAP to non-GAAP net income (loss) is set forth in the table above. Non-GAAP net income (loss) per share is defined as non-GAAP net income (loss) divided by shares outstanding.
CHEYENNE, Wyo. – On May 10, 2025, the State of Wyoming paid tribute to its Veterans in a series of ceremonies as part of the annual Veterans Welcome Home Day.
Gov. Mark Gordon, U.S. Senator John Barrasso and U.S. Representative Harriet Hageman joined leaders from the Wyoming Military Department and the Wyoming Veterans Commission, traveled across the state to thank those who served—especially Veterans from the Korean and Vietnam Wars who were never properly welcomed home.
The daylong journey began at sunrise in Cheyenne and included four official ceremonies in Afton, Riverton, Sheridan and concluded in Wheatland. At each stop, the Governor, First Lady Jennie Gordon, Maj. Gen. Greg Porter, Adjutant General of Wyoming, and other dignitaries met with Veterans and their families, delivering remarks and expressing gratitude for their service.
Speaking to a room filled with Veterans and their loved ones, Porter reflected on the significance of the moment by connecting it to the broader legacy of American service. He reminded attendees that just weeks earlier, on April 19, the nation had observed the 250th anniversary of the “shot heard ‘round the world” at Lexington and Concord—an event that began a long lineage of Americans willing to fight for freedom.
“Over that time, America’s done a pretty good job of bringing its [servicemembers] home—with two exceptions: the Korean War and the Vietnam War,” Porter said. “Our Vietnam Veterans faced a far different return. They probably wished for an apathetic return. They faced derision, sarcasm, and hate in some cases—certainly disrespect. The purpose of these Welcome Home ceremonies is to take a moment to pause and recommit that we will never let that happen again as a nation.”
Gordon echoed that message, “This day is about saying, ‘Thank you for your service—welcome home.’ That gratitude extends to the families, too. Our Veterans carry a legacy that began with citizens who marched barefoot through snow because they believed in what this country stood for. In the military, we never leave anyone behind. As a nation, we should never leave a Veteran behind.”
As part of the ceremony, the official proclamation was read declaring March 30, 2025, as Wyoming Veterans Welcome Home Day, recognizing the moment in history when U.S. troops completed their withdrawal from Vietnam in 1973. The proclamation recounts how many Veterans returned to a country divided by politics and conflict, and how they were met not with honor—but with silence, scorn or worse.
“Members of the United States armed forces who served bravely and faithfully for the United States were caught in the crossfire of public debate about the involvement of the United States in the Vietnam War, and many were met with such disrespect that military leaders recommended Soldiers not wear their military uniforms as they returned home.”
The proclamation goes on to honor all Veterans, particularly those from the Korean and Vietnam Wars, and urges citizens to recognize their service “not just today but every day.”
After the speeches concluded, Governor Gordon took time to greet each Veteran in attendance, shaking hands and presenting a personalized challenge coin as a token of thanks.
Also present were Wyoming Veterans Commission Chairman Command Sgt. Maj. (Ret.) Ken Persson, Sr., and Director Col. (Ret.) Tim Sheppard, both of whom played key roles in organizing the day’s events and honoring those who once returned home without recognition.
As the day came to a close, the message that echoed from community to community was simple but profound: Wyoming remembers. Wyoming is grateful. And Wyoming will never forget.
For more information on Veterans Welcome Home Day or to learn about available resources for Veterans, contact the Wyoming Veterans Commission at (307) 777-8152.
News In Brief – Source: US Computer Emergency Readiness Team
Executive Summary
This joint cybersecurity advisory (CSA) highlights a Russian state-sponsored cyber campaign targeting Western logistics entities and technology companies. This includes those involved in the coordination, transport, and delivery of foreign assistance to Ukraine. Since 2022, Western logistics entities and IT companies have faced an elevated risk of targeting by the Russian General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (85th GTsSS), military unit 26165—tracked in the cybersecurity community under several names (see “Cybersecurity Industry Tracking”). The actors’ cyber espionage-oriented campaign, targeting technology companies and logistics entities, uses a mix of previously disclosed tactics, techniques, and procedures (TTPs). The authoring agencies expect similar targeting and TTP use to continue.
Executives and network defenders at logistics entities and technology companies should recognize the elevated threat of unit 26165 targeting, increase monitoring and threat hunting for known TTPs and indicators of compromise (IOCs), and posture network defenses with a presumption of targeting.
This cyber espionage-oriented campaign targeting logistics entities and technology companies uses a mix of previously disclosed TTPs and is likely connected to these actors’ wide scale targeting of IP cameras in Ukraine and bordering NATO nations.
The following authors and co-sealers are releasing this CSA:
United States National Security Agency (NSA)
United States Federal Bureau of Investigation (FBI)
United Kingdom National Cyber Security Centre (NCSC-UK)
Germany Federal Intelligence Service (BND) Bundesnachrichtendienst
Germany Federal Office for Information Security (BSI) Bundesamt für Sicherheit in der Informationstechnik
Germany Federal Office for the Protection of the Constitution (BfV) Bundesamt für Verfassungsschutz
Czech Republic Military Intelligence (VZ) Vojenské zpravodajství
Czech Republic National Cyber and Information Security Agency (NÚKIB) Národní úřad pro kybernetickou a informační bezpečnost
Czech Republic Security Information Service (BIS) Bezpečnostní informační služba
Poland Internal Security Agency (ABW) Agencja Bezpieczeństwa Wewnętrznego
Poland Military Counterintelligence Service (SKW) Służba Kontrwywiadu Wojskowego
United States Cybersecurity and Infrastructure Security Agency (CISA)
United States Department of Defense Cyber Crime Center (DC3)
United States Cyber Command (USCYBERCOM)
Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC)
Canadian Centre for Cyber Security (CCCS)
Danish Defence Intelligence Service (DDIS) Forsvarets Efterretningstjeneste
Estonian Foreign Intelligence Service (EFIS) Välisluureamet
Estonian National Cyber Security Centre (NCSC-EE) Küberturvalisuse keskus
French Cybersecurity Agency (ANSSI) Agence nationale de la sécurité des systèmes d’information
Netherlands Defence Intelligence and Security Service (MIVD) Militaire Inlichtingen- en Veiligheidsdienst
Download the PDF version of this report:
Russian GRU Targeting Western Logistics Entities and Technology Companies (PDF, 1,081KB)
For a downloadable list of IOCs, visit:
Introduction
For over two years, the Russian GRU 85th GTsSS, military unit 26165—commonly known in the cybersecurity community as APT28, Fancy Bear, Forest Blizzard, BlueDelta, and a variety of other identifiers—has conducted this campaign using a mix of known tactics, techniques, and procedures (TTPs), including reconstituted password spraying capabilities, spearphishing, and modification of Microsoft Exchange mailbox permissions. In late February 2022, multiple Russian state-sponsored cyber actors increased the variety of cyber operations for purposes of espionage, destruction, and influence—with unit 26165 predominately involved in espionage. [1] As Russian military forces failed to meet their military objectives and Western countries provided aid to support Ukraine’s territorial defense, unit 26165 expanded its targeting of logistics entities and technology companies involved in the delivery of aid. These actors have also targeted Internet-connected cameras at Ukrainian border crossings to monitor and track aid shipments. Note: This advisory uses the MITRE ATT&CK® for Enterprise framework, version 17. See Appendix A: MITRE ATT&CK tactics and techniques for a table of the threat actors’ activity mapped to MITRE ATT&CK tactics and techniques. This advisory uses the MITRE D3FEND® framework, version 1.0.
Description of Targets
The GRU unit 26165 cyber campaign against Western logistics providers and technology companies has targeted dozens of entities, including government organizations and private/commercial entities across virtually all transportation modes: air, sea, and rail. These actors have targeted entities associated with the following verticals within NATO member states, Ukraine, and at international organizations:
Defense Industry
Transportation and Transportation Hubs (ports, airports, etc.)
Maritime
Air Traffic Management
IT Services
In the course of the targeting lifecycle, unit 26165 actors identified and conducted follow-on targeting of additional entities in the transportation sector that had business ties to the primary target, exploiting trust relationships to attempt to gain additional access [T1199].
The actors also conducted reconnaissance on at least one entity involved in the production of industrial control system (ICS) components for railway management, though a successful compromise was not confirmed [TA0043].
The countries with targeted entities include the following, as illustrated in Figure 1:
Bulgaria
Czech Republic
France
Germany
Greece
Italy
Moldova
Netherlands
Poland
Romania
Slovakia
Ukraine
United States
Figure 1: Countries with Targeted Entities
Initial Access TTPs
To gain initial access to targeted entities, unit 26165 actors used several techniques to gain initial access to targeted entities, including (but not limited to):
The actors abused vulnerabilities associated with a range of brands and models of small office/home office (SOHO) devices to facilitate covert cyber operations, as well as proxy malicious activity via devices with geolocation in proximity to the target [T1665]. [2]
Credential Guessing/Brute Force
Unit 26165 actors’ credential guessing [T1110.001] operations in this campaign exhibit some similar characteristics to those disclosed in the previous CSA “Russian GRU Conducting Global Brute Force Campaign to Compromise Enterprise and Cloud Environments.” [3] Based on victim network investigations, the current iteration of this TTP employs a similar blend of anonymization infrastructure, including the use of Tor and commercial VPNs [T1090.003]. The actors frequently rotated the IP addresses used to further hamper detection. All observed connections were made via encrypted TLS [T1573].
Spearphishing
GRU unit 26165 actors’ spearphishing emails included links [T1566.002] leading to fake login pages impersonating a variety of government entities and Western cloud email providers’ webpages. These webpages were typically hosted on free third-party services or compromised SOHO devices and often used legitimate documents associated with thematically similar entities as lures. The subjects of spearphishing emails were diverse and ranged from professional topics to adult themes. Phishing emails were frequently sent via compromised accounts or free webmail accounts [T1586.002, T1586.003]. The emails were typically written in the target’s native language and sent to a single targeted recipient.
Some campaigns employed multi-stage redirectors [T1104] verifying IP-geolocation [T1627.001] and browser fingerprints [T1627] to protect credential harvesting infrastructure or provide multifactor authentication (MFA) [T1111] and CAPTCHA relaying capabilities [T1056]. Connecting endpoints failing the location checks were redirected to a benign URL [T1627], such as msn.com. Redirector services used include:
Webhook[.]site
FrgeIO
InfinityFree
Dynu
Mocky
Pipedream
Mockbin[.]org
The actors also used spearphishing to deliver malware (including HEADLACE and MASEPIE) executables [T1204.002] delivered via third-party services and redirectors [T1566.002], scripts in a mix of languages [T1059] (including BAT [T1059.003] and VBScript [T1059.005]) and links to hosted shortcuts [T1204.001].
CVE Usage
Throughout this campaign, GRU unit 26165 weaponized an Outlook NTLM vulnerability (CVE-2023-23397) to collect NTLM hashes and credentials via specially crafted Outlook calendar appointment invitations [T1187]. [4],[5] These actors also used a series of Roundcube CVEs (CVE-2020-12641, CVE-2020-35730, and CVE-2021-44026) to execute arbitrary shell commands [T1059], gain access to victim email accounts, and retrieve sensitive data from email servers [T1114].
Since at least fall 2023, the actors leveraged a WinRAR vulnerability (CVE-2023-38831) allowing for the execution of arbitrary code embedded in an archive as a means of initial access [T1659]. The actors sent emails with malicious attachments [T1566.001] or embedded hyperlinks [T1566.002] that downloaded a malicious archive prepared using this CVE.
Post-Compromise TTPs
After an initial compromise using one of the above techniques, unit 26165 actors conducted contact information reconnaissance to identify additional targets in key positions [T1589.002]. The actors also conducted reconnaissance of the cybersecurity department [T1591], individuals responsible for coordinating transport [T1591.004], and other companies cooperating with the victim entity [T1591.002].
The actors used native commands and open source tools, such as Impacket and PsExec, to move laterally within the environment [TA0008]. Multiple Impacket scripts were used as .exe files, in addition to the python versions, depending on the victim environment. The actors also moved laterally within the network using Remote Desktop Protocol (RDP) [T1021.001] to access additional hosts and attempt to dump Active Directory NTDS.dit domain databases [T1003.003] using native Active Directory Domain Services commands, such as in Figure 2: Example Active Directory Domain Services command:
C:Windowssystem32ntdsutil.exe "activate instance ntds" ifm "create full C:temp[a-z]{3}" quit quit
Figure 2: Example Active Directory Domain Services command
Additionally, GRU unit 26165 actors used the tools Certipy and ADExplorer.exe to exfiltrate information from the Active Directory. The actors installed python [T1059.006] on infected machines to enable the execution of Certipy. Accessed files were archived in .zip files prior to exfiltration [T1560]. The actors attempted to exfiltrate archived data via a previously dropped OpenSSH binary [T1048].
Incident response investigations revealed that the actors would take steps to locate and exfiltrate lists of Office 365 users and set up sustained email collection. The actors used manipulation of mailbox permissions [T1098.002] to establish sustained email collection at compromised logistics entities, as detailed in a Polish Cybercommand blog. [6]
After initial authentication, unit 26165 actors would change accounts’ folder permissions and enroll compromised accounts in MFA mechanisms to increase the trust-level of compromised accounts and enable sustained access [T1556.006]. The actors leveraged python scripts to retrieve plaintext passwords via Group Policy Preferences [T1552.006] using Get-GPPPassword.py and a modified ldap-dump.py to enumerate the Windows environment [T1087.002] and conduct a brute force password spray [T1110.003] via Lightweight Directory Access Protocol (LDAP). The actors would additionally delete event logs through the wevtutil utility [T1070.001].
After gaining initial access to the network, the actors pursued further access to accounts with access to sensitive information on shipments, such as train schedules and shipping manifests. These accounts contained information on aid shipments to Ukraine, including:
sender,
recipient,
train/plane/ship numbers,
point of departure,
destination,
container registration numbers,
travel route, and
cargo contents.
In at least one instance, the actors attempted to use voice phishing [T1566.004] to gain access to privileged accounts by impersonating IT staff.
Malware
Unit 26165’s use of malware in this campaign ranged from gaining initial access to establishing persistence and exfiltrating data. In some cases, the attack chain resulted in multiple pieces of malware being deployed in succession. The actors used dynamic link library (DLL) search order hijacking [T1574.001] to facilitate malware execution. There were a number of known malware variants tied to this campaign against logistics sector victims, including:
HEADLACE [7]
MASEPIE [8]
While other malware variants, such as OCEANMAP and STEELHOOK, [8] were not directly observed targeting logistics or IT entities, their deployment against victims in other sectors in Ukraine and other Western countries suggest that they could be deployed against logistics and IT entities should the need arise.
Persistence
In addition to the abovementioned mailbox permissions abuse, unit 26165 actors also used scheduled tasks [T1053.005], run keys [T1547.001], and placed malicious shortcuts [T1547.009] in the startup folder to establish persistence.
Exfiltration
GRU unit 26165 actors used a variety of methods for data exfiltration that varied based on the victim environment, including both malware and living off the land binaries. PowerShell commands [T1059.001] were often used to prepare data for exfiltration; for example, the actors prepared zip archives [T1560.001] for upload to their own infrastructure.
The actors also used server data exchange protocols and Application Programming Interfaces (APIs) such as Exchange Web Services (EWS) and Internet Message Access Protocol (IMAP) [T1114.002] to exfiltrate data from email servers. In multiple instances, the actors used periodic EWS queries [T1119] to collect new emails sent and received since the last data exfiltration [T1029]. The actors typically used infrastructure in close geographic proximity to the victim. Long gaps between exfiltration, the use of trusted and legitimate protocols, and the use of local infrastructure allowed for long-term collection of sensitive data to go undetected.
Connections to Targeting of IP Cameras
In addition to targeting logistics entities, unit 26165 actors likely used access to private cameras at key locations, such as near border crossings, military installations, and rail stations, to track the movement of materials into Ukraine. The actors also used legitimate municipal services, such as traffic cams.
The actors targeted Real Time Streaming Protocol (RTSP) servers hosting IP cameras primarily located in Ukraine as early as March 2022 in a large-scale campaign, which included attempts to enumerate devices [T1592] and gain access to the cameras’ feeds [T1125]. Actor-controlled servers sent RTSP DESCRIBE requests destined for RTSP servers, primarily hosting IP cameras [T1090.002]. The DESCRIBE requests were crafted to obtain access to IP cameras located on logically distinct networks from that of the routers that received the request. The requests included Base64-encoded credentials for the RTSP server, which included publicly documented default credentials and likely generic attempts to brute force access to the devices [T1110]. An example of an RTSP request is shown in Figure 3.
Successful RTSP 200 OK responses contained a snapshot of the IP camera’s image and IP camera metadata such as video codec, resolution, and other properties depending on the IP camera’s configuration.
From a sample available to the authoring agencies of over 10,000 cameras targeted via this effort, the geographic distribution of victims showed a strong focus on cameras in Ukraine and border countries, as shown in Table 1:
Table 1: Geographic distribution of targeted IP cameras
Country
Percentage of Total Attempts
Ukraine
81.0%
Romania
9.9%
Poland
4.0%
Hungary
2.8%
Slovakia
1.7%
Others
0.6%
Mitigation Actions
General Security Mitigations
Architecture and Configuration
Employ appropriate network segmentation [D3-NI] and restrictions to limit access and utilize additional attributes (such as device information, environment, and access path) when making access decisions [D3-AMED].
Consider Zero Trust principles when designing systems. Base product choices on how those products can solve specific risks identified as part of the end-to-end design. [9]
Ensure that host firewalls and network security appliances (e.g., firewalls) are configured to only allow legitimately needed data flows between devices and servers to prevent lateral movement [D3-ITF]. Alert on attempts to connect laterally between host devices or other unusual data flows.
Use automated tools to audit access logs for security concerns and identify anomalous access requests [D3-RAPA].
For organizations using on-premises authentication and email services, block and alert on NTLM/SMB requests to external infrastructure [D3-OTF].
Utilize endpoint, detection, and response (EDR) and other cybersecurity solutions on all systems, prioritizing high value systems with large amounts of sensitive data such as mail servers and domain controllers [D3-PM] first.
Perform threat and attack modeling to understand how sensitive systems may be compromised within an organization’s specific architecture and security controls. Use this to develop a monitoring strategy to detect compromise attempts and select appropriate products to enact this strategy.
Collect and monitor Windows logs for certain events, especially for events that indicate that a log was cleared unexpectedly [D3-SFA].
Enable optional security features in Windows to harden endpoints and mitigate initial access techniques [D3-AH]:
Enable attack surface reduction rules to prevent executable content from email [D3-ABPI].
Enable attack surface reduction rules to prevent execution of files from globally writeable directories, such as Downloads or %APPDATA% [D3-EAL].
Unless users are involved in the development of scripts, limit the local execution of scripts (such as batch scripts, VBScript, JScript/JavaScript, and PowerShell [10]) to known scripts [D3-EI], and audit execution attempts.
Disable Windows Host Scripting functionality and configure PowerShell to run in Constrained mode [D3-ACH].
Where feasible, implement allowlisting for applications and scripts to limit execution to only those needed for authorized activities, blocking all others by default [D3-EAL].
Consider using open source SIGMA rules as a baseline for detecting and alerting on suspicious file execution or command parameters [D3-PSA].
Use services that provide enhanced browsing services and safe link checking [D3-URA]. Significant reductions in successful spearphishing attempts were noted when email providers began offering link checking and automatic file detonation to block malicious content.
Where possible, block logins from public VPNs, including exit nodes in the same country as target systems, or, if they need to be allowed, alert on them for further investigation. Most organizations should not need to allow incoming traffic, especially logins to systems, from VPN services [D3-NAM].
Educate users to only use approved corporate systems for relevant government and military business and avoid the use of personal accounts on cloud email providers to conduct official business. Network administrators should also audit both email and web request logs to detect such activity.
Many organizations may not need to allow outgoing traffic to hosting and API mocking services, which are frequently used by GRU unit 26165. Organizations should consider alerting on or blocking the following services, with exceptions allowlisted for legitimate activity [D3-DNSDL].
*.000[.]pe
*.1cooldns[.]com
*.42web[.]io
*.4cloud[.]click
*.accesscan[.]org
*.bumbleshrimp[.]com
*.camdvr[.]org
*.casacam[.]net
*.ddnsfree[.]com
*.ddnsgeek[.]com
*.ddnsguru[.]com
*.dynuddns[.]com
*.dynuddns[.]net
*.free[.]nf
*.freeddns[.]org
*.frge[.]io
*.glize[.]com
*.great-site[.]net
*.infinityfreeapp[.]com
*.kesug[.]com
*.loseyourip[.]com
*.lovestoblog[.]com
*.mockbin[.]io
*.mockbin[.]org
*.mocky[.]io
*.mybiolink[.]io
*.mysynology[.]net
*.mywire[.]org
*.ngrok[.]io
*.ooguy[.]com
*.pipedream[.]net
*.rf[.]gd
*.urlbae[.]com
*.webhook[.]site
*.webhookapp[.]com
*.webredirect[.]org
*.wuaze[.]com
Heuristic detections for web requests to new subdomains, including of the above providers, may uncover malicious phishing activity [D3-DNRA]. Logging the requests for each sub-domain requested by users on a network, such as in DNS or firewall logs, may enable system administrators to identify new targeting and victims.
Identity and Access Management
Organizations should take measures to ensure strong access controls and mitigate against common credential theft techniques:
Use MFA with strong factors, such as passkeys or PKI smartcards, and require regular re-authentication [D3-MFA]. [11], [12] Strong authentication factors are not guessable using dictionary techniques, so they resist brute force attempts.
Implement other mitigations for privileged accounts: including limiting the number of admin accounts, considering using hardware MFA tokens, and regularly reviewing all privileged user accounts [D3-JFAPA].
Separate privileged accounts by role and alert on misuse of privileged accounts [D3-UAP]. For example, email administrator accounts should be different from domain administrator accounts.
Reduce reliance on passwords; instead, consider using services like single sign-on [D3-TBA].
For organizations using on-premises authentication and email services, plan to disable NTLM entirely and migrate to more robust authentication processes such as PKI certificate authentication.
Do not store passwords in Group Policy Preferences (GPP). Remove all passwords previously included in GPP and change all passwords on the corresponding accounts [D3-CH]. [13]
Use account throttling or account lockout [D3-ANET]:
Throttling is preferred to lockout. Throttling progressively increases time delay between successive login attempts.
Account lockout can leave legitimate users unable to access their accounts and requires access to an account recovery process.
Account lockout can provide a malicious actor with an easy way to launch a Denial of Service (DoS).
If using lockout, then allowing 5 to 10 attempts before lockout is recommended.
Use a service to check for compromised passwords before using them [D3-SPP]. For example, “Have I Been Pwned” can be used to check whether a password has been previously compromised without disclosing the potential password.
Change all default credentials [D3-CRO] and disable protocols that use weak authentication (e.g., clear-text passwords or outdated and vulnerable authentication or encryption protocols) or do not support multi-factor authentication [D3-ACH] [D3-ET]. Always configure access controls carefully to ensure that only well-maintained and well-authenticated accounts have access. [13]
IP Camera Mitigations
The following mitigation techniques for IP cameras can be used to defend against this type of malicious activity:
Ensure IP cameras are currently supported. Replace devices that are out of support.
Apply security patches and firmware updates to all IP cameras [D3-SU].
Disable remote access to the IP camera, if unnecessary [D3-ITF].
Ensure cameras are protected by a security appliance, if possible, such as by using a firewall to prevent communication with the camera from IP addresses not on an allowlist [D3-NAM].
If remote access to IP camera feeds is required, ensure authentication is enabled [D3-AA] and use a VPN to connect remotely [D3-ET]. Use MFA for management accounts if supported [D3-MFA].
Disable Universal Plug and Play (UPnP), Peer-to-Peer (P2P), and Anonymous Visit features on IP cameras and routers [D3-NI].
Turn off other ports/services not in use (e.g., FTP, web interface, etc.) [D3-ACH].
If supported, enable authenticated RTSP access only [D3-AA].
Review all authentication activity for remote access to make sure it is valid and expected [D3-UBA]. Investigate any unexpected or unusual activity.
Audit IP camera user accounts to ensure they are an accurate reflection of your organization and that they are being used as expected [D3-UAP].
Configure, tune, and monitor logging—if available—on the IP camera.
Indicators of Compromise (IOCs)
Note: Specific IoCs may no longer be actor controlled, may themselves be compromised infrastructure or email accounts, or may be shared infrastructure such as public VPN or Tor exit nodes. Care should be taken when basing triaging logs or developing detection rules on these indicators. GRU unit 26165 almost certainly uses extensive further infrastructure and TTPs not specifically listed in this report.
Utilities and scripts
Legitimate utilities
Unauthorized or unusual use of the following legitimate utilities can be an indication of a potential compromise:
ntdsutil – A legitimate Windows executable used by threat actors to export contents of Active Directory
wevtutil – A legitimate Windows executable used by threat actors to delete event logs
vssadmin – A legitimate Windows executable possibly used by threat actors to make a copy of the server’s C: drive
ADexplorer – A legitimate window executable to view, edit, and backup Active Directory Certificate Services
OpenSSH – The Windows version of a legitimate open source SSH client
schtasks – A legitimate Windows executable used to create persistence using scheduled tasks
whoami – A legitimate Windows executable used to retrieve the name of the current user
tasklist – A legitimate Windows executable used to retrieve the list of running processes
hostname – A legitimate Windows executable used to retrieve the device name
arp – A legitimate Windows executable used to retrieve the ARP table for mapping the network environment
systeminfo – A legitimate Windows executable used to retrieve a comprehensive summary of device and operating system information
net – A legitimate Windows executable used to retrieve detailed user information
wmic – A legitimate Windows executable used to interact with Windows Management Instrumentation (WMI), such as to retrieve letters assigned to logical partitions on storage drives
cacls – A legitimate Windows executable used to modify permissions on files
icacls – A legitimate Windows executable used to modify permissions to files and handle integrity levels and ownership
ssh – A legitimate Windows executable used to establish network shell connections
reg – A legitimate Windows executable used to add to or modify the system registry
Note: Additional heuristics are needed for effective hunting for these and other living off the land (LOTL) binaries to avoid being overwhelmed by false positives if these legitimate management tools are used regularly. See the joint guide, Identifying and Mitigating Living Off the Land Techniques, for guidance on developing a multifaceted cybersecurity strategy that enables behavior analytics, anomaly detection, and proactive hunting, which are part of a comprehensive approach to mitigating cyber threats that employ LOTL techniques.
Malicious scripts
Certipy – An open source python tool for enumerating and abusing Active Directory Certificate Services
Get-GPPPassword.py – An open source python script for finding insecure passwords stored in Group Policy Preferences
ldap-dump.py – A script for enumerating user accounts and other information in Active Directory
Hikvision backdoor string: “YWRtaW46MTEK”
Suspicious command lines
While the following utilities are legitimate, and using them with the command lines shown may also be legitimate, these command lines are often used during malicious activities and could be an indication of a compromise:
edge.exe “-headless-new -disable-gpu”
ntdsutil.exe “activate instance ntds” ifm “create full C:temp[a-z]{3}” quit quit
Disclaimer: These IP addresses date June 2024 through August 2024. The authoring agencies recommend organizations investigate or vet these IP addresses prior to taking action, such as blocking.
June 2024
July 2024
August 2024
192[.]162[.]174[.]94
207[.]244[.]71[.]84
31[.]135[.]199[.]145
79[.]184[.]25[.]198
91[.]149[.]253[.]204
103[.]97[.]203[.]29
162[.]210[.]194[.]2
31[.]42[.]4[.]138
79[.]185[.]5[.]142
91[.]149[.]254[.]75
209[.]14[.]71[.]127
46[.]112[.]70[.]252
83[.]10[.]46[.]174
91[.]149[.]255[.]122
109[.]95[.]151[.]207
46[.]248[.]185[.]236
83[.]168[.]66[.]145
91[.]149[.]255[.]19
64[.]176[.]67[.]117
83[.]168[.]78[.]27
91[.]149[.]255[.]195
64[.]176[.]69[.]196
83[.]168[.]78[.]31
91[.]221[.]88[.]76
64[.]176[.]70[.]18
83[.]168[.]78[.]55
93[.]105[.]185[.]139
64[.]176[.]70[.]238
83[.]23[.]130[.]49
95[.]215[.]76[.]209
64[.]176[.]71[.]201
83[.]29[.]138[.]115
138[.]199[.]59[.]43
70[.]34[.]242[.]220
89[.]64[.]70[.]69
147[.]135[.]209[.]245
70[.]34[.]243[.]226
90[.]156[.]4[.]204
178[.]235[.]191[.]182
70[.]34[.]244[.]100
91[.]149[.]202[.]215
178[.]37[.]97[.]243
70[.]34[.]245[.]215
91[.]149[.]203[.]73
185[.]234[.]235[.]69
70[.]34[.]252[.]168
91[.]149[.]219[.]158
192[.]162[.]174[.]67
70[.]34[.]252[.]186
91[.]149[.]219[.]23
194[.]187[.]180[.]20
70[.]34[.]252[.]222
91[.]149[.]223[.]130
212[.]127[.]78[.]170
70[.]34[.]253[.]13
91[.]149[.]253[.]118
213[.]134[.]184[.]167
70[.]34[.]253[.]247
91[.]149[.]253[.]198
70[.]34[.]254[.]245
91[.]149[.]253[.]20
Detections
Customized NTLM listener
rule APT28_NTLM_LISTENER {
meta:
description = "Detects NTLM listeners including APT28's custom one"
( any of ($sysinternals_*) and any of ($psexec_*) )
or
( 2 of ($network_*) and 2 of ($psexec_*))
)
}
The cybersecurity industry provides overlapping cyber threat intelligence, IOCs, and mitigation recommendations related to GRU unit 26165 cyber actors. While not all encompassing, the following are the most notable threat group names related under MITRE ATT&CK G0007 and commonly used within the cybersecurity community:
APT28 [14]
Fancy Bear [14]
Forest Blizzard [14]
Blue Delta [15]
Note: Cybersecurity companies have different methods of tracking and attributing cyber actors, and this may not be a 1:1 correlation to the U.S. government’s understanding for all activity related to these groupings.
Further Reference
To search for the presence of malicious email messages targeting CVE-2023-23397, network defenders may consider using the script published by Microsoft: https://aka.ms/CVE-2023-23397ScriptDoc.
For the Impacket TTP, network defenders may consider using the following publicly available Impacket YARA detection rule: https://github.com/Neo23x0/signature-base/blob/master/yara/gen_impacket_tools.yar
Works Cited
[1] Microsoft. Defending Ukraine: Early Lessons from the Cyber War. 2022. https://blogs.microsoft.com/on-the-issues/2022/06/22/defending-ukraine-early-lessons-from-the-cyber-war/ [2] FBI et al. Russian Cyber Actors Use Compromised Routers to Facilitate Cyber Operations. 2024. https://media.defense.gov/2024/Feb/27/2003400753/-1/-1/0/CSA-Russian-Actors-Use-Routers-Facilitate-Cyber_Operations.PDF [3] NSA et al. Russian GRU Conducting Global Brute Force Campaign to Compromise Enterprise and Cloud Environments. 2021. https://media.defense.gov/2021/Jul/01/2002753896/-1/-1/0/CSA_GRU_GLOBAL_BRUTE_FORCE_CAMPAIGN_UOO158036-21.PDF [4] ANSSI. Campagnes d'attaques du mode opératoire APT28 depuis 2021. 2023. https://cert.ssi.gouv.fr/cti/CERTFR-2023-CTI-009/ [5] ANSSI. Targeting and compromise of french entities using the APT28 intrusion set. 2025. https://cert.ssi.gouv.fr/cti/CERTFR-2025-CTI-007/ [6] Polish Cyber Command. Detecting Malicious Activity Against Microsoft Exchange Servers. 2023. https://www.wojsko-polskie.pl/woc/articles/aktualnosci-w/detecting-malicious-activity-against-microsoft-exchange-servers/ [7] IBM. Israel-Hamas Conflict Lures to Deliver Headlace Malware. 2023. https://securityintelligence.com/x-force/itg05-ops-leverage-israel-hamas-conflict-lures-to-deliver-headlace-malware/ [8] CERT-UA. APT28: From Initial Attack to Creating Domain Controller Threats in an Hour. 2023. https://cert.gov.ua/article/6276894 [9] NSA. Embracing a Zero Trust Security Model. 2021. https://media.defense.gov/2021/Feb/25/2002588479/-1/-1/0/CSI_EMBRACING_ZT_SECURITY_MODEL_UOO115131-21.PDF [10] NSA et al. Keeping PowerShell: Security Measures to Use and Embrace. 2022. https://media.defense.gov/2022/Jun/22/2003021689/-1/-1/0/CSI_KEEPING_POWERSHELL_SECURITY_MEASURES_TO_USE_AND_EMBRACE_20220622.PDF [11] National Institute of Standards and Technology (NIST). Special Publication 800-63B: Digital Identity Guidelines – Authentication and Lifecycle Management. 2020. https://pages.nist.gov/800-63-3/sp800-63b.html [12] NSA. Selecting Secure Multi-factor Authentication Solutions. October 16, 2020. https://media.defense.gov/2024/Jul/31/2003515137/-1/-1/0/MULTIFACTOR_AUTHENTICATION_SOLUTIONS_UOO17091520.PDF [13] NSA and CSA. NSA and CISA Red and Blue Teams Share Top Ten Cybersecurity Misconfigurations. 2023. https://media.defense.gov/2023/Oct/05/2003314578/-1/-1/0/JOINT_CSA_TOP_TEN_MISCONFIGURATIONS_TLP-CLEAR.PDF
[14] Department of Justice. Justice Department Conducts Court-Authorized Disruption of Botnet Controlled by the Russian Federation’s Main Intelligence Directorate of the General Staff (GRU). 2024. https://www.justice.gov/archives/opa/pr/justice-department-conducts-court-authorized-disruption-botnet-controlled-russian [15] Recorded Future. GRU’s BlueDelta Targets Key Networks in Europe with Multi-Phase Espionage Campaigns. 2024. https://go.recordedfuture.com/hubfs/reports/CTA-RU-2024-0530.pdf
Disclaimer of endorsement
The information and opinions contained in this document are provided "as is" and without any warranties or guarantees. Reference herein to any specific commercial products, process, or service by trade name, trademark, manufacturer, or otherwise, does not constitute or imply its endorsement, recommendation, or favoring by the United States Government, and this guidance shall not be used for advertising or product endorsement purposes.
Purpose
This document was developed in furtherance of the authoring agencies’ cybersecurity missions, including their responsibilities to identify and disseminate threats and to develop and issue cybersecurity specifications and mitigations. This information may be shared broadly to reach all appropriate stakeholders.
Contact
United States organizations
National Security Agency (NSA)
Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI)
U.S. organizations are encouraged to reporting suspicious or criminal activity related to information in this advisory to CISA via the agency’s Incident Reporting System, its 24/7 Operations Center (report@cisa.gov or 888-282-0870), or your local FBI field office. When available, please include the following information regarding the incident: date, time, and location of the incident; type of activity; number of people affected; type of equipment user for the activity; the name of the submitting company or organization; and a designated point of contact.
Department of Defense Cyber Crime Center (DC3)
United Kingdom organizations
Germany organizations
Czech Republic organizations
Poland organizations
Australian organizations
Visit cyber.gov.au or call 1300 292 371 (1300 CYBER 1) to report cybersecurity incidents and access alerts and advisories.
Canadian organizations
Estonia organizations
French organizations
French organizations are encouraged to report suspicious activity or incident related to information found in this advisory by contacting ANSSI/CERT-FR by email at cert-fr@ssi.gouv.fr or by phone at: 3218 or +33 9 70 83 32 18.
See Table 2 through Table 14 for all the threat actor tactics and techniques referenced in this advisory.
Table 2: Reconnaissance
Tactic/Technique Title
ID
Use
Reconnaissance
TA0043
Conducted reconnaissance on at least one entity involved in the production of ICS components for railway management.
Conducted contact information reconnaissance to identify additional targets in key positions.
Gather Victim Org Information
T1591
Conducted reconnaissance of the cybersecurity department.
Gather Victim Org Information: Identify Roles
T1591.004
Conducted reconnaissance of individuals responsible for coordinating transport.
Gather Victim Org Information: Business Relationships
T1591.002
Conducted reconnaissance of other companies cooperating with the victim entity.
Gather Victim Host Information
T1592
Attempted to enumerate Real Time Streaming Protocol (RTSP) servers hosting IP cameras.
Table 3: Resource development
Tactic/Technique Title
ID
Use
Compromise Accounts: Email Accounts
T1586.002
Sent phishing emails using compromised accounts.
Compromise Accounts: Cloud Accounts
T1586.003
Sent phishing emails using compromised accounts.
Table 4: Initial Access
Tactic/Technique Title
ID
Use
Trusted Relationship
T1199
Conducted follow-on targeting of additional entities in the transportation sector that had business ties to the primary target, exploiting trust relationships to attempt to gain additional access.
Phishing
T1566
Used spearphishing for credentials and delivering malware to gain initial access to targeted entities.
Phishing: Spearphishing Attachment
T1566.001
Sent emails with malicious attachments.
Phishing: Spearphishing Link
T1566.002
Used spearphishing with included links to fake login pages. Sent emails with embedded hyperlinks that downloaded a malicious archive.
Phishing: Spearphishing Voice
T1566.004
Attempted to use voice phishing to gain access to privileged accounts by impersonating IT staff.
External Remote Services
T1133
Exploited Internet-facing infrastructure, including corporate VPNs, to gain initial access to targeted entities.
Exploit Public-Facing Application
T1190
Exploited public vulnerabilities and SQL injection to gain initial access to targeted entities.
Content Injection
T1659
Leveraged a WinRAR vulnerability allowing for the execution of arbitrary code embedded in an archive.
Table 5: Execution
Tactic/Technique Title
ID
Use
User Execution: Malicious Link
T1204.001
Used malicious links to hosted shortcuts in spearphishing.
User Execution: Malicious File
T1204.002
Delivered malware executables via spearphishing.
Scheduled Task/Job: Scheduled Task
T1053.005
Used scheduled tasks to establish persistence.
Command and Scripting Interpreter
T1059
Delivered scripts in spearphishing. Executed arbitrary shell commands.
Command and Scripting Interpreter: PowerShell
T1059.001
PowerShell commands were often used to prepare data for exfiltration.
Command and Scripting Interpreter: Windows Command Shell
T1059.003
Used BAT script in spearphishing.
Command and Scripting Interpreter: Visual Basic
T1059.005
Used VBScript in spearphishing.
Command and Scripting Interpreter: Python
T1059.006
Installed python on infected machines to enable the execution of Certipy.
Enrolled compromised accounts in MFA mechanisms to increase the trust-level of compromised accounts and enable sustained access.
Hijack Execution Flow: DLL Search Order Hijacking
T1574.001
Used DLL search order hijacking to facilitate malware execution.
Boot or Logon Autostart Execution: Registry Run Keys / Startup Folder
T1547.001
Used run keys to establish persistence.
Boot or Logon Autostart Execution: Shortcut Modification
T1547.009
Placed malicious shortcuts in the startup folder to establish persistence.
Table 7: Defense Evasion
Tactic/Technique Title
ID
Use
Indicator Removal: Clear Windows Event Logs
T1070.001
Deleted event logs through the wevtutil utility.
Table 8: Credential access
Tactic/Technique Title
ID
Use
Brute Force
Sent requests with Base64-encoded credentials for the RTSP server, which included publicly documented default credentials, and likely were generic attempts to brute force access to the devices.
Brute Force: Password Guessing
T1110.001
Used credential guessing to gain initial access to targeted entities.
Brute Force: Password Spraying
T1110.003
Used brute force to gain initial access to targeted entities. Conducted a brute force password spray via LDAP.
Multi-Factor Authentication Interception
Used multi-stage redirectors to provide MFA relaying capabilities in some campaigns.
Input Capture
Used multi-stage redirectors to provide CAPTCHA relaying capabilities in some campaigns.
Forced Authentication
Used an Outlook NTLM vulnerability to collect NTLM hashes and credentials via specially crafted Outlook calendar appointment invitations.
OS Credential Dumping: NTDS
T1003.003
Attempted to dump Active Directory NTDS.dit domain databases.
Unsecured Credentials: Group Policy Preferences
T1552.006
Retrieved plaintext passwords via Group Policy Preferences using Get-GPPPassword.py.
Table 9: Discovery
Tactic/Technique Title
ID
Use
Account Discovery: Domain Account
T1087.002
Used a modified ldap-dump.py to enumerate the Windows environment.
Table 10: Command and Control
Tactic/Technique Title
ID
Use
Hide Infrastructure
T1665
Abused SOHO devices to facilitate covert cyber operations, as well as proxy malicious activity, via devices with geolocation in proximity to the target.
Proxy: External Proxy
T1090.002
Actor-controlled servers sent RTSP DESCRIBE requests destined for RTSP servers.
Proxy: Multi-hop Proxy
T1090.003
Used Tor and commercial VPNs as part of their anonymization infrastructure
Encrypted Channel
T1573
Connected to victim infrastructure using encrypted TLS.
Multi-Stage Channels
T1104
Used multi-stage redirectors for campaigns.
Table 11: Defense evasion (mobile framework)
Tactic/Technique Title
ID
Use
Execution Guardrails
Used multi-stage redirectors to verify browser fingerprints in some campaigns.
Execution Guardrails: Geofencing
T1627.001
Used multi-stage redirectors to verify IP-geolocation in some campaigns.
Table 12: Lateral movement
Tactic/Technique Title
ID
Use
Lateral Movement
Used native commands and open source tools, such as Impacket and PsExec, to move laterally within the environment.
Remote Services: Remote Desktop Protocol
T1021.001
Moved laterally within the network using RDP.
Table 13: Collection
Tactic/Technique Title
ID
Use
Email Collection
Retrieved sensitive data from email servers.
Email Collection: Remote Email Collection
T1114.002
Used server data exchange protocols and APIs such as Exchange Web Services (EWS) and IMAP to exfiltrate data from email servers.
Automated Collection
Used periodic EWS queries to collect new emails.
Video Capture
Attempted to gain access to the cameras’ feeds.
Archive Collected Data
Accessed files were archived in .zip files prior to exfiltration.
Archive Collected Data: Archive via Utility
T1560.001
Prepared zip archives for upload to the actors’ infrastructure.
Table 14: Exfiltration
Tactic/Technique Title
ID
Use
Exfiltration Over Alternative Protocol
Attempted to exfiltrate archived data via a previously dropped OpenSSH binary.
Scheduled Transfer
Used periodic EWS queries to collect new emails sent and received since the last data exfiltration.
Appendix B: CVEs exploited
Table 15: Exploited CVE information
CVE
Vendor/Product
Details
CVE-2023-38831
RARLAB WinRAR
Allows execution of arbitrary code when a user attempts to view a benign file within a ZIP archive.
CVE-2023-23397
Microsoft Outlook
External actors could send specially crafted emails that cause a connection from the victim to an untrusted location of the actor’s control, leaking the Net-NTLMv2 hash of the victim that the actor could then relay to another service to authenticate as the victim.
CVE-2021-44026
Roundcube Webmail
Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to a potential SQL injection via search or search params.
CVE-2020-35730
Roundcube Webmail
An XSS issue was discovered in Roundcube Webmail before 1.2.13, 1.3.x before 1.3.16 and 1.4.x before 1.4.10, where a plaintext email message with JavaScript in a link reference element is mishandled by linkref_addindex in rcube_string_replacer.php.
CVE-2020-12641
Roundcube Webmail
Roundcube Webmail before 1.4.4 allows arbitrary code execution via shell metacharacters in a configuration setting for im_convert_path or im_identify_path in rcube_image.php.
Appendix C: MITRE D3FEND Countermeasures
Table 16: MITRE D3FEND countermeasures
Countermeasure Title
ID
Details
Network Isolation
Employ appropriate network segmentation. Disable Universal Plug and Play (UPnP), Peer-to-Peer (P2P), and Anonymous Visit features on IP cameras and routers.
Access Mediation
Limit access and utilize additional attributes (such as device information, environment, and access path) when making access decisions. Configure access controls carefully to ensure that only well-maintained and well-authenticated accounts have access.
Inbound Traffic Filtering
Implement host firewall rules to block connections from other devices on the network, other than from authorized management devices and servers, to prevent lateral movement.
Resource Access Pattern Analysis
Use automated tools to audit access logs for security concerns and identify anomalous access requests.
Outbound Traffic Filtering
Block NTLM/SMB requests to external infrastructure.
Platform Monitoring
Install EDR/logging/cybersecurity solutions onto high value systems with large amounts of sensitive data such as mail servers and domain controllers.
System File Analysis
Collect and monitor Windows logs for certain events, especially for events that indicate that a log was cleared unexpectedly.
Application Hardening
Enable optional security features in Windows to harden endpoints and mitigate initial access techniques.
Application-based Process Isolation
Enable attack surface reduction rules to prevent executable content from email.
Executable Allowlisting
Enable attack surface reduction rules to prevent execution of files from globally writeable directories, such as Downloads or %APPDATA%.
Execution Isolation
Unless users are involved in the development of scripts, limit the execution of scripts (such as batch, JavaScript, and PowerShell) to known scripts.
Application Configuration Hardening
Disable Windows Host Scripting functionality and configure PowerShell to run in Constrained mode. Disable protocols that use weak authentication (e.g., clear-text passwords, or outdated and vulnerable authentication or encryption protocols) or do not support multi-factor authentication. Turn off other ports/services not in use (e.g., FTP, web interface, etc.).
Process Spawn Analysis
Use open source SIGMA rules as a baseline for detecting and alerting on suspicious file execution or command parameters.
URL Reputation Analysis
Use services that provide enhanced browsing services and safe link checking.
Network Access Mediation
Do not allow incoming traffic, especially logins to systems, from public VPN services. Where possible, logins from public VPNs, including exit nodes in the same country as target systems, should be blocked or, if allowed, alerted on for further investigation. Ensure cameras and other Internet of Things devices are protected by a security appliance, if possible.
DNS Denylisting
D3-DNSDL
Do not allow outgoing traffic to hosting and API mocking services frequently used by malicious actors.
Domain Name Reputation Analysis
Heuristic detections for web requests to new subdomains may uncover malicious phishing activity. Logging the requests for each sub-domain requested by users on a network, such as in DNS or firewall logs, may enable system administrators to identify new targeting and victims.
Multi-factor Authentication
Use MFA with strong factors and require regular re-authentication, especially for management accounts.
Job Function Access Pattern Analysis
D3-JFAPA
Implement other mitigations for privileged accounts: including limiting the number of admin accounts, considering using hardware MFA tokens, and regularly reviewing all privileged user accounts.
User Account Permissions
Separate privileged accounts by role and alert on misuse of privileged accounts. Audit user accounts on all devices to ensure they are an accurate reflection of your organization and that they are being used as expected.
Token-based Authentication
Reduce reliance on passwords; instead, consider using services like single sign-on.
Credential Hardening
Do not store passwords in Group Policy Preferences (GPP). Remove all passwords previously included in GPP and change all passwords on the corresponding accounts.
Authentication Event Threshholding
Use account throttling or account lockout. Throttling progressively increases time delay between successive login attempts. If using account lockout, allow between 5 to 10 attempts before lockout.
Strong Password Policy
Use a service to check for compromised passwords before using them.
Credential Rotation
Change all default credentials.
Encrypted Tunnels
Disable protocols that use weak authentication (e.g., clear-text passwords, or outdated and vulnerable authentication or encryption protocols). Use a VPN for remote connections to devices.
Software Update
Apply security patches and firmware updates to all devices. Ensure devices are currently supported. Replace devices that are end-of-life.
Agent Authentication
Ensure authentication is enabled for remote access to devices. If supported on IP cameras, enable authenticated RTSP access only.
User Behavior Analysis
Review all authentication activity for remote access to make sure it is valid and expected. Investigate any unexpected or unusual activity.
.jpg){kind=link}