Patrick Harvie calls for UK to take action on Israeli aid blockade
More in Peace
Israeli forces must urgently allow aid to reach extremely vulnerable children, says Scottish Greens Co-Leader Patrick Harvie MSP, ahead of a Parliamentary committee hearing from aid agencies working in Gaza and the West Bank.
It comes after warnings yesterday from the United Nations that 14,000 babies could die in Gaza unless extra aid arrived. Israel claims to have ended their 11-week aid blockade of Gaza, but the UN has warned that the aid trucks allowed in so far are just a “drop in the ocean” compared to what Gaza needs.
Scottish Greens have continually called for the UK & Scottish Governments to end complicity in the war crimes being committed by Israel.
The Labour UK Government has provided more arms to Israel in three months than the previous three years under Conservative governments, and the SNP Scottish Government have continued to fund arms manufacturers who produce parts for the F-35 fighter jets which have been used by Israel.
Scottish Greens Co-Leader Patrick Harvie MSP said:
“The situation in Gaza is unprecedented in modern times, with the world allowing Israel to inflict collective punishment on a grotesque scale. Aid blockades and genocide are never acceptable yet governments across the West have overlooked Israel’s war crimes.
“Israeli forces have withheld urgent aid from civilians for over 11 weeks, and despite their claims to be allowing aid into Palestinian territory, we have heard from the front lines that what is being allowed to enter is nowhere near enough.
“Senior Ministers in the Israeli Government are quite explicit about their intention to destroy Palestinian life in Gaza, and their utter contempt for international law.
“The UK Labour Government have blood on their hands, they have continued to enable and support Israel’s war crimes throughout this disgraceful campaign. They must now surely end all trade with Israel, and join with other countries to ensure that urgent aid is provided to meet the immediate needs of the people of Gaza.”
The North Dakota Department of Commerce today announced the appointment of Katie Ralston-Howe as its new deputy commissioner, effective immediately. She will provide comprehensive leadership and strategic direction for the agency, its divisions, and its vital partners, ensuring alignment with the agency’s core values. Her responsibilities will include marshaling critical agency resources, overseeing financial and program management and serving as the primary liaison for Commerce operations and legislative matters, succeeding interim Deputy Commissioner Al Anderson.
With five years of dedicated service to Commerce, Ralston-Howe has a proven track record of transformative leadership, most recently as the Director of the Workforce Division. She will continue with those responsibilities, serving as the Chief Workforce Officer for the state and will lead the comprehensive alignment of the state’s workforce ecosystem.
“Katie’s exceptional leadership and deep understanding of workforce dynamics make her the ideal choice to lead our agency as deputy commissioner,” said Commerce Commissioner Chris Schilken. “Her vision for a cohesive workforce ecosystem and her commitment to fostering strong partnerships will be instrumental in advancing our mission to strengthen the state’s economy and empower its residents.”
During her tenure, Ralston-Howe has been a driving force behind significant advancements in workforce development. She successfully transformed the Workforce Development Division’s portfolio and, through her leadership of the Workforce Development Council, established a robust system for researching workforce issues and developing data-driven recommendations. These efforts have directly influenced successful workforce policies and secured critical appropriations through the last three legislative cycles.
Ralston-Howe’s influence extends beyond North Dakota. She currently serves as the vice chair of the National Association of Liaisons for Workforce Development Partnerships, an affiliate of the National Governors Association, demonstrating her commitment to national best practices in workforce solutions.
A native of Carrington, Ralston-Howe holds a bachelor’s degree in communication from Minnesota State University Moorhead and a master’s degree in communication from North Dakota State University.
For the first time in three years, government has proposed an inflation-linked increase to the general fuel levy.
“For the 2025/26 fiscal year, this is the only new tax proposal that I am announcing. It means from 4 June this year, the general fuel levy will increase by 16 cents per litre for petrol, and by 15 cents per litre for diesel,” Minister of Finance Enoch Godongwana said on Wednesday, in Parliament.
The general fuel levy has remained unchanged for the past three years to provide consumers with relief from high fuel price inflation.
Re-tabling the 2025 Budget Review, Godongwana said unfortunately, this tax measure alone will not close the fiscal gap over the medium term.
“The 2026 Budget will therefore need to propose new tax measures, aimed at raising R20 billion. We have allocated an additional R7.5 billion over the medium-term expenditure framework (MTEF), to increase the effectiveness of the South African Revenue Service (SARS) in collecting more revenue.
“Part of this allocation will be used to increase collections from debts owed to the fiscus. SARS has indicated that this could raise between R20 billion to R50 billion in additional revenue per year,” the Minister said.
Another part of the additional allocation to SARS will be used to improve modernisation.
This will include targeting illicit trade in tobacco and other areas, which should boost revenue over the medium term.
“As SARS utilises this investment to raise additional revenue, which I believe can be at least R35 billion, the R20 billion to close the current revenue gap will not have to be raised through taxes.
“Madam Speaker, let me call on every South African, be they individuals, small business operators or large corporates, to honour their tax obligations and contribute to building a better and more equitable nation,” the Minister said.
He thanked all the taxpayers that continue to pay their taxes while emphasising that government does not take taxpayers for granted.
“As a government, we know that we must earn the taxpayer’s trust every day, by spending public money with care and ensuring that every rand collected is spent on its intended purpose.
“We recognise the urgent need to do more to achieve this goal. We are not deaf to the public’s concern about wasteful and inefficient expenditure.
“Our commitment to collect taxes must be matched by better efficiency in how that money is spent. It must be matched by much stricter oversight that quickly identifies problems and provides timely solutions when things go wrong,” the Minister explained.
Expansion of the zero-rated basket withdrawn
Meanwhile, as a result of the withdrawal of the proposed increases in the VAT rate, the expansion of the zero-rated basket, which was included to cushion poorer households from the VAT rate increase, falls away.
Last month, the Minister requested the Speaker of the National Assembly to maintain the Value-Added Tax (VAT) rate at its current level of 15% , reversing the previously proposed 0.5 percentage point increase presented in the 12 March budget.
“Madam Speaker, compared to the March estimates, tax revenue projections have been revised down by R61.9 billion over the three years. This reflects the reversal of the VAT increase and the much weaker economic outlook.
“In this difficult environment, it remains vital that we still take actions to increase revenue to protect and bolster frontline services, while expanding infrastructure investments to drive economic activity,” the Minister said. –SAnews.gov.za
In an ongoing effort to grow the economy, government will continue to implement growth enhancing structural reforms as part of Operation Vulindlela.
“Madam Speaker, a bigger, faster-growing economy, and the larger fiscal resources that come with it, are the key to building up the fiscal room we need to meet more of our developmental goals,” Minister of Finance, Enoch Godongwana, said on Wednesday during the re-tabling of the 2025 Budget Review, in Parliament.
Through the first phase of Operation Vulindlela, bold and far-reaching reforms were implemented in the network sectors and the visa regime.
“As a result, numerous economic bottlenecks have eased, new investments unlocked, and the growth potential of the economy enabled. Yet the economy still faces constraints,” the Minister said.
Operation Vulindlela is a joint initiative of the Presidency and the National Treasury to accelerate the implementation of structural reforms and support economic recovery.
The unit monitors progress and actively supports implementation. Its aim is to fast-track the implementation of high impact reforms, addressing obstacles or delays to ensure execution on policy commitments.
The first phase of Operation Vulindlela aimed to reduce power cuts, fix the transport system, lower data costs, increase water supply, attract skills and support tourism.
The second phase of Operation Vulindlela, launched by President Cyril Ramaphosa earlier this month, will not only prioritise new areas for implementation but will also deepen the implementation of current reforms.
Upcoming reforms will focus on making it easier to find work and hire people – particularly by addressing spatial inequalities, using cities to drive economic activity and improve municipal service delivery.
The second phase will therefore focus on the following areas:
Seeing-through existing reforms in energy, water, logistics and in the visa regime.
Improving the performance of local government. This includes professionalising utilities, appointing suitably qualified people to senior positions, and reviewing the local government fiscal framework.
Harnessing digital transformation, in order to drive the adoption of digital technologies in government and build digital public infrastructure for use by all South Africans.
Addressing the apartheid legacy of spatial inequality. Reforms will include changes to housing policy and accelerating the release of publicly owned land and buildings. This will also entail clearing the backlog of title deeds for affordable housing, and a comprehensive regulatory review aimed at removing barriers to the development of low-cost housing.
Work is underway to enhance government’s budget process after expenditure reviews identified tens of billions of rands in potential savings from poorly performing or inefficient programmes that can be redirected in future budgets.
“Going forward, underperforming programmes will be closed as the 2026 Medium-Term Expenditure Framework (MTEF) budget process undergoes redesign,” Finance Minister Enoch Godongwana said on Wednesday, during the re-tabling of the 2025 Budget Review in Parliament.
In its Budget Overview, National Treasury said if government achieves significant savings from implementing the recommendations of these reviews, it may mitigate the need for additional tax measures in the 2026 Budget.
Changes to improve the budget process will be implemented over time.
These reforms will be designed to strengthen government and institutional commitment to fiscal sustainability, refine budget prioritisation and the functioning of budget structures, and improve data systems and capital budgeting, monitoring and reporting.
“When an economy underperforms, as ours has over the last decade, it generates less tax revenue, while requiring increased social spending, widening budget deficits and accelerating debt accumulation.
“To be successful, our strategy of maintaining fiscal discipline, while investing in growth, demands that we prioritise high-impact expenditures. These are expenditures that deliver economic returns, while eliminating inefficiencies, wastage and leakage that too often plague government’s spending,” the Minister said.
To tackle this, National Treasury has undertaken expenditure reviews, looking at more than R300 billion in government spending since 2013, with the aim of identifying duplications, waste and inefficiencies.
“We found potential savings of R37.5 billion over time through improved oversight and operational changes through these reviews.
“New reforms will target infrastructure planning and implementation across provinces and municipalities. A data-driven approach to detect payroll irregularities will replace the more costly method of using censuses,” the Minister said.
This initiative will cross-reference administrative datasets to identify ghost workers and other anomalies across government departments.
“Part of the goal of these initiatives is to also remove the regulatory burden on business. To be successful, not just technical solutions are required. Sustained political backing, at the highest levels, is needed to overcome departmental resistance and to protect whistleblowers who expose irregularities and wastage.
“I am happy to say that this political backing has already come from President Cyril Ramaphosa, Deputy President Paul Mashatile, as well as my Cabinet colleagues.
“The President has also undertaken to establish a committee between the Presidency and Treasury to identify wasteful, inefficient and underperforming programmes.
“I call on Ministers, MECs, DGs, HoDs and every official responsible for public funds to embrace these efforts and play their part,” Godongwana said. – SAnews.gov.za
Global economic developments, including raised tariffs and trade wars, have lowered South Africa’s 2025 economic growth prospects from a predicted 1.9% Gross Domestic Product (GDP) growth in March down to a revised 1.4% in May.
This is according to Finance Minister Enoch Godongwana who delivered the Budget Speech in Parliament on Wednesday.
“[Much] has changed since our last appearance in this House. The most troubling changes are the global economic developments which have, in the short space of two months, already had a significant impact on the domestic economic outlook. The global economy is facing heightened trade tensions and elevated policy uncertainty with worrying economic consequences.
“As a small, open economy, South Africa is dependent on global trade and financial inflows. This makes us particularly exposed to the global economic developments that I have just outlined.
“As a result, we now estimate real GDP to grow at 1.4% in 2025. This is lower than the 1.9% we projected in March. Over the next two years, we project real GDP growth to rise moderately to 1.6% in 2026 and 1.8% in 2027,” Godongwana said.
Risks to South Africa’s economic outlook also remain elevated going into the future.
“These include the worsening global outlook, weaker-than-expected growth in the fourth quarter of 2024, the persistence of logistics constraints and higher borrowing costs.
“These developments are a vivid reminder that we must urgently turn the tide on our economic prospects and get our fiscal affairs in order,” he said.
South Africa’s downward revision is not unique with the global economy also reacting to trade tensions.
“The International Monetary Fund now projects global growth at 2.8% in 2025. This is 0.5 percentage points lower than the January estimate.
“Similarly, global trade is projected at 1.7% in 2025, which is also much lower than the January estimate. At the same time, inflation expectations are now above central bank targets in many advanced and emerging market economies. And new trade barriers may raise inflation and prolong the cycle of higher interest rates,” he noted.
With these challenges arising, government’s vision of fostering faster inclusive growth remains anchored on four pillars:
Maintaining macroeconomic stability,
Implementing structural reforms,
Improving state capability, and
Accelerating infrastructure investment.
“Faster, inclusive growth that creates jobs is the only path towards a more prosperous South Africa.
“Attaining this growth must be our national obsession. We all have a stake and a responsibility to work towards this goal,” Godongawana asserted. – SAnews.gov.za
Finance Minister Enoch Godongwana has told Parliament that addressing spending pressures to restore “critical frontline services and invest in infrastructure” is key to improving access to services such as health and education.
It is for this reason, Godongwana revealed, that over the medium term, government spending, excluding interest, will reach at least R6.69 trillion.
“The provincial education sector baseline over the 2025 MTEF [Medium-Term Expenditure Framework] is R1.04 trillion, and R9.5 billion will be added over the medium term to keep teachers in classrooms and hire more staff. An additional R10 billion has been added to the baseline as announced during the March 12 budget to expand access to early education is kept unchanged.
“This will increase the ECD [early childhood development] subsidy from R17 per child per day to R24. The extra funding will also support increased access to ECD for 700,000 more children, up to the age of five years,” the Minister said on Wednesday.
The budget for the provincial health sector will reach some R845 billion over the medium term to facilitate in part, the employment of hundreds of doctors who have already completed their in-service training.
“This budget will be increased by R20.8 billion over three years to employ 800 post-community service doctors and essential goods and services and reduction of accruals. This increase will also assist the sector in addressing personnel budget pressures,” he said.
Withdrawal of troops
Godongwana said funding for the deployment of South African National Defence Force (SANDF) troops in the Democratic Republic of the Congo will be reconfigured.
This in light of the announcement that the troops – who were there as part of the Southern African Development Community Mission in the Democratic Republic of Congo – will be withdrawing from the East African country.
“[The] R5 billion we had proposed to allocate to the Department of Defence for its participation in the SADC mission in the DRC is reduced. But the allocation for 2025/26 has been increased from R1.8 billion to R3 billion.
“This will cover the immediate costs of an orderly and safe withdrawal of our troops and mission equipment,” he said.
The spending allocations for early retirement, allocations for the Passenger Rail Agency of South Africa (PRASA) and the municipal trading entity reforms announced earlier this year remain “but at a slightly lower level than anticipated in the March 12 budget”.
“The spending choices we are proposing today demonstrate the government’s determination to bolster the state capability needed to deliver quality, reliable and sustainable core services,” Godongwana said. – SAnews.gov.za
Increases to all social grants, barring the Social Relief of Distress (SRD) grant, will not be affected by the re-tabled budget.
This according to National Treasury’s 2025 Budget Overview released on Wednesday.
The number of social grant beneficiaries – excluding those receiving the SRD grant – is expected to rise to 19.3 million people by March 2028.
The grant increases for 2025/26 are as follows:
Old age grant will increase from R2185 to R2315
War veterans grant will increase from R2205 to R2335
Disability grant will go up from R2185 to R2315
Foster care grant rises from R1180 to R1250
Care dependency grant will increase from R2185 to R2315
Child support grant will go up from R530 to R560
The grant-in-aid will increase from R530 to R560
“The increase in the social grants budget of R1.6 billion in 2025/26 remains. The temporary COVID-19 Social Relief of Distress grant will be extended until 31 March 2026, with R35.2 billion allocated to maintain the current R370 per month per beneficiary, including administration costs,” National Treasury said.
While delivering the Budget Speech in Parliament on Wednesday, Finance Minister Enoch Godongwana said government is “actively exploring various options to better integrate” the SRD grant with employment opportunities.
“This includes considering a job-seeker allowance and other measures, as part of the review of Active Labour Market Programmes.
“Our goal is to not only provide immediate relief. It is also to create pathways to employment, empowering our citizens to build better futures for themselves and their families,” Godongwana said. – SAnews.gov.za
Infrastructure investment remains a key component in driving economic growth and government has maintained its R1 trillion allocation for infrastructure investment over the medium term to support this growth.
This according to Finance Minister Enoch Godongwana, who delivered the Budget Speech in Parliament on Wednesday.
“[Quality] infrastructure investment expands the productive capacity of the economy and responds to the diverse needs of the citizens. Infrastructure is also a rich source of jobs in construction, engineering, and related industries across a range of skill levels.
“It is for these reasons that infrastructure is the fourth pillar of the growth strategy, and this budget demonstrates our resolve to change the composition of spending from consumption to investment. Allocations towards capital payments remain the fastest-growing area of spending by economic classification. Public infrastructure spending over three years will exceed the R1 trillion mark,” Godongwana said.
Spending will focus on “maintaining and repairing existing infrastructure, building new infrastructure, and acquiring equipment and machinery” primarily in transport and logistics, energy and water and sanitation.
“Of the R402 billion for transport and logistics, R93.1 billion is for the South African National Roads Agency to keep the 24 000-kilometer national road network in active maintenance and rehabilitation. R53.1 billion is for the maintenance and refurbishment of provincial roads.
“R66.3 billion is allocated to PRASA, out of which R18.2 billion is for the rolling stock fleet renewal programme and R12.3 billion is provisionally allocated for the renewal of the signalling system. The spending will sustain progress in rebuilding the infrastructure to provide affordable commuter rail services. This will enable PRASA to increase passenger trips from 60 million in 2024/25 to 186 million by the end of the MTEF [Medium Term Expenditure Framework] period.
“The energy sector will invest R219.2 billion on strengthening the electricity supply network, from generation to transmission and distribution. The water and sanitation sector will spend R156.3 billion on expanding our water resource and service infrastructure, including dams, bulk infrastructure to service mines, factories and farms,” Godongwana explained.
Reforms for private sector participation
The Minister announced that new regulations for public-private partnerships (PPPs), which were gazetted earlier this year, are expected to take effect next month.
“These will reduce the procedural complexity of undertaking PPPs, increasing the deal flow and allowing government to leverage its limited resources to fast-track infrastructure provision. The National Treasury has developed enabling guidelines and frameworks to support the new regulations.
“Specifically, the unsolicited proposals framework will create clear rules for managing proposals from the private sector. And the framework for fiscal commitments and contingent liabilities will strengthen fiscal risk governance. These guidelines and frameworks will be published in the next few weeks,” he said.
Furthermore, the process of issuing the first infrastructure bonds in 2025/26 remains in place.
“We are also exploring alternative financing instruments to allow pension funds, commercial banks, development banks and international financial institutions to participate in financing our infrastructure plans.
“These reforms are how we plan to leverage infrastructure investment to ease supply side constraints to the economy and improve access to social services the people get,” Godongwana said.
Employment boost
Meanwhile, in the 2025 Budget Overview, National Treasury said additional funding of some R8.8 billion has been allocated to public employment programmes (PEPs).
“Although the number of people employed was 16.8 million in the first quarter of 2025, South Africa’s unemployment rate remained very high at 32.9%.
“Public employment programmes are crucial to address persistently high unemployment,” National Treasury noted.
Key beneficiaries for the additional funding include:
The Department of Basic Education: R5.8 billion for the basic education schools employment initiative.
The Department of Sport, Arts and Culture: R350 000 000 for the creative industry stimulus.
The Department of Trade, Industry and Competition: R1.3 billion for the Social Employment Fund.
“In addition, National Treasury and the Presidency, working with other state institutions, have begun a comprehensive review of active labour market programmes, PEPs and the social support system to improve efficiency and effectiveness.
“With these efforts, government hopes to make significant strides in reducing unemployment,” the overview read. – SAnews.gov.za
President Cyril Ramaphosa’s engagement with United States President Donald Trump is expected to get underway at 5:30pm South African time – starting with a welcome of the visiting President at the Oval Office.
The Oval Office is the official workspace used exclusively by the President of the U.S. in Washington, D.C.
The two leaders aim to rebuild and strengthen their relations amid ongoing tensions, including the recent resettlement of white Afrikaners in America.
According to The Presidency of SA, President Trump is set to welcome South Africa’s Head of State at 5:30pm. This will be followed by President Ramaphosa signing the visitors’ book at 5:35pm.
At 5:45pm, the two leaders will participate in a working lunch, leading to their bilateral meeting scheduled for 6:45pm, which will include an opportunity for media interaction.
President Ramaphosa is expected to depart from the White House at 6:30pm.
Ahead of the meeting this afternoon, the President attended the 2025 Budget Speech virtually.
The South African delegation to Washington D.C. consists of several Cabinet Ministers, notable business figures, and prominent South Africans.
Included in the delegation are Minister of International Relations and Cooperation Ronald Lamola, Minister in the Presidency Khumbudzo Ntshavheni, Minister of Trade, Industry and Competition Ebrahim Patel, and Minister of Agriculture John Steenhuisen.
President Ramaphosa has leveraged President Trump’s passion for golf by inviting South African pro golfers Ernie Els and Retief Goosen to join the trip.
In addition, the President will be accompanied by Johann Rupert, the Founder of Richemont and Chairman of Remgro.
The delegation also includes Vice President of Business Unity South Africa (BUSA) Adrian Gore and President of the Congress of South African Trade Unions (COSATU) Zingiswa Losi.
They are currently in Washington, D.C. to offer strategic support to President Ramaphosa and the South African delegation.
Meanwhile, President Trump will be flanked by several key officials during his event.
These include Vice President JD Vance, Defence Secretary Pete Hegseth, Commerce Secretary Howard Lutnick, Deputy Secretary of State Christopher Landau, Chief of Staff Susie Wiles, Special Government Employee Elon Musk, and Dr Massad Boulos, who serves as a Senior Advisor for Africa as well as on Arab and Middle Eastern Affairs.
SAnews reported this morning that discussions will focus on revitalising bilateral relations, rethinking economic cooperation, and exploring new trade and investment opportunities that align with South Africa’s development goals.
President Ramaphosa arrived in the United States on Monday, landing at Andrews Air Force Base to a warm reception.
A red carpet was laid out, and ceremonial guards held the South African and United States flags as he was escorted to his motorcade, signaling the start of his visit with the honours fitting for a Head of State.
Upon his arrival at the hotel, he was greeted by the South African delegation and members of the media.
Since then, he has been engaging with his Ministers, including Mcebisi Jonas, the Special Envoy to the United States and the official representative of the President and the South African government.
Speaking to the media on Tuesday, the President appeared cheerful and optimistic.
He expressed that he was “ready and hopeful” for productive discussions at the Oval Office.
For the latest coverage on President Ramaphosa’s visit to the United States, follow SAgovnews on X, formerly known as Twitter. – SAnews.gov.za
Minister of Finance, Enoch Godongwana, will this afternoon, return to Parliament to re-table the 2025 Budget Review.
This decision follows the Minister’s recent announcement and subsequent request to the Speaker of the National Assembly to maintain the Value-Added Tax rate at its current level of 15 percent, reversing the previously proposed 0.5 percentage point increase presented in the 12 March budget.
“The revised budget will adhere to all established technical processes and consultations as set out in the Money Bills and Related Matters Act. This includes formal consultations with the Financial and Fiscal Commission, thorough consultations with all political parties within the Government of National Unity as well as Cabinet approval before presentation to Parliament,” National Treasury said.
Godongwana will deliver the 2025 Budget Speech during the National Assembly plenary at the Cape Town International Convention Centre at 2pm.
The National Treasury has worked on a new fiscal framework that will maintain the trajectory toward debt stabilisation, a crucial element in strengthening our public finances.
This process included:
Revising economic assumptions using the latest available data.
Generating a updated fiscal projects.
Recalculating revenue projections and tax implications.
Determining appropriate borrowing strategies.
Consolidating these elements into a coherent and sustainable fiscal framework.
Source: United Kingdom – Executive Government & Departments
News story
Waste packaging company director pays high price in data fraud
A Birmingham-based director and his company has been ordered to pay a Proceeds of Crime confiscation order, fines and costs totalling £476,995.
An officer on inspection duty. Please note the photo is an example of EA’s work not directly from this case.
This follows an Environment Agency investigation into fraudulent entry of waste packaging data.
At Birmingham Crown Court on Friday 16 May 2025, Shaobo Qin, a director of EDU Case Ltd, pleaded guilty to fraud by false representation. He was given a 2 year prison sentence suspended for 18 months.
Qin, age 42, of Sutton Coldfield, West Midlands, was also ordered to pay a Proceeds of Crime confiscation order of £255,057. He must pay within 2 months or face 3 years in prison.
He was also disqualified as a director for 4 years and ordered to do 200 hours of unpaid work.
His company, EDU Case Ltd of Portway Road, Rowley Regis, was fined £200,000. The Environment Agency were also awarded £21,995 in investigation costs.
The court was told Qin’s company was a plastics and recycling exports enterprise. The offences were discovered by the Environment Agency towards the end of 2022.
The company, orchestrated by Qin, was deliberately and systematically entering false data on to the Environment Agency’s National Packaging Waste Database (NPWD) for non-existent waste exports.
This resulted in Qin receiving a benefit for himself and his company in the sum of approx. £255,000. He was arrested on Wednesday 10 January 2024 where he was interviewed by Environment Agency officers.
EDU Case were accredited to carry out plastic packaging exports and able to issue “evidence” of that activity in the form of tonnage figures on the database.
This evidence could be bought by businesses who are obliged to account for their plastic packaging waste under the Producer Responsibility Obligations (Packaging Waste) Regulations 2007.
An audit conducted by Environment Agency officers in 2023 and information following that work identified discrepancies between the amount of waste exported and the amount of evidence issued.
The false entries represented nearly two-thirds of the business’ entire trade in 2022 towards the end of that year.
As part of that audit, a legal notice was served on Qin and the company in September 2023.
This notice required the production of their evidence of plastic waste exports. In response, Qin sent a computer memory stick containing his business’ waste export evidence and a letter explaining a large discrepancy, described as an “overclaim.”
The letter stated that the company had carried out 1,239 metric tonnes of plastic waste exports in 2022, only 453.60 metric was genuine and that the majority of his trading, 785.40 metric tonnes was ‘a mistake.’
In sentencing the judge said this was without doubt deliberate offending and pre-planned. There had been a significant undermining of the regulatory regime.
He accepted that there had been a guilty plea entered at first opportunity and that money had been put aside to repay the financial benefit made. The company was also fined to mark the seriousness of the offending.
Sham Singh, Senior Environmental Crime Officer for the Environment Agency, said:
“This case shows that the Environment Agency will pursue individuals and their enterprises who profit illegally.
“This was a fraud on a large scale and undermines legitimate business and the investment and economic growth that go with it.
“We support legitimate businesses and are proactively supporting them by disrupting and stopping the criminal element backed up by the threat of tough enforcement as in this case.
“If anyone suspects that a company is doing something wrong, please contact the Environment Agency on 0800 80 70 60 or report it anonymously to Crimestoppers on 0800 555 111.”
The Charges
Shaobo Qin
Between 1st January 2022 and 31st January 2023 dishonestly and intending thereby to make a gain for himself or another, or to cause loss to another, or to expose another to the risk of loss, made a false representation to the online National Packaging Waste Database which was and which he knew was, or might be, untrue or misleading, namely, that the 785.4 tonnes of plastic waste that he claimed EDU Case UK Ltd had exported over that period, had all actually been exported when it had not, contrary to Sections 1 and 2 of the Fraud Act 2006.
EDU Case UK Limited (Company No. 08888722)
Between 1st January 2022 and 31st January 2023 dishonestly and intending thereby to make a gain for himself or another, or to cause loss to another, or to expose another to the risk of loss, made a false representation to the online National Packaging Waste Database which was and which he knew was, or might be, untrue or misleading, namely, that the 785.4 tonnes of plastic waste that EDU Case UK Ltd had exported over that period, had all actually been exported when it had not, contrary to Sections 1 and 2 of the Fraud Act 2006.
Background Information
The Packaging Producer Responsibility Regulations were introduced to oblige the producers of waste packaging such as plastic, glass and cardboard (e.g. supermarkets) to contribute towards the financial cost of recycling and the disposal of waste. Any large organisation that meets the criteria for this obligation is required to prove they have made such financial contributions by the purchasing of credits known as Packaging Recovery Notes (PRNs) or Packaging Export Recovery Notes (PERNs) from UK waste reprocessors and waste exporters.
This joint cybersecurity advisory (CSA) highlights a Russian state-sponsored cyber campaign targeting Western logistics entities and technology companies. This includes those involved in the coordination, transport, and delivery of foreign assistance to Ukraine. Since 2022, Western logistics entities and IT companies have faced an elevated risk of targeting by the Russian General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (85th GTsSS), military unit 26165—tracked in the cybersecurity community under several names (see “Cybersecurity Industry Tracking”). The actors’ cyber espionage-oriented campaign, targeting technology companies and logistics entities, uses a mix of previously disclosed tactics, techniques, and procedures (TTPs). The authoring agencies expect similar targeting and TTP use to continue.
Executives and network defenders at logistics entities and technology companies should recognize the elevated threat of unit 26165 targeting, increase monitoring and threat hunting for known TTPs and indicators of compromise (IOCs), and posture network defenses with a presumption of targeting.
This cyber espionage-oriented campaign targeting logistics entities and technology companies uses a mix of previously disclosed TTPs and is likely connected to these actors’ wide scale targeting of IP cameras in Ukraine and bordering NATO nations.
The following authors and co-sealers are releasing this CSA:
United States National Security Agency (NSA)
United States Federal Bureau of Investigation (FBI)
United Kingdom National Cyber Security Centre (NCSC-UK)
Germany Federal Intelligence Service (BND) Bundesnachrichtendienst
Germany Federal Office for Information Security (BSI) Bundesamt für Sicherheit in der Informationstechnik
Germany Federal Office for the Protection of the Constitution (BfV) Bundesamt für Verfassungsschutz
Czech Republic Military Intelligence (VZ) Vojenské zpravodajství
Czech Republic National Cyber and Information Security Agency (NÚKIB) Národní úřad pro kybernetickou a informační bezpečnost
Czech Republic Security Information Service (BIS) Bezpečnostní informační služba
Poland Internal Security Agency (ABW) Agencja Bezpieczeństwa Wewnętrznego
Poland Military Counterintelligence Service (SKW) Służba Kontrwywiadu Wojskowego
United States Cybersecurity and Infrastructure Security Agency (CISA)
United States Department of Defense Cyber Crime Center (DC3)
United States Cyber Command (USCYBERCOM)
Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC)
Canadian Centre for Cyber Security (CCCS)
Danish Defence Intelligence Service (DDIS) Forsvarets Efterretningstjeneste
Estonian Foreign Intelligence Service (EFIS) Välisluureamet
Estonian National Cyber Security Centre (NCSC-EE) Küberturvalisuse keskus
French Cybersecurity Agency (ANSSI) Agence nationale de la sécurité des systèmes d’information
Netherlands Defence Intelligence and Security Service (MIVD) Militaire Inlichtingen- en Veiligheidsdienst
For over two years, the Russian GRU 85th GTsSS, military unit 26165—commonly known in the cybersecurity community as APT28, Fancy Bear, Forest Blizzard, BlueDelta, and a variety of other identifiers—has conducted this campaign using a mix of known tactics, techniques, and procedures (TTPs), including reconstituted password spraying capabilities, spearphishing, and modification of Microsoft Exchange mailbox permissions. In late February 2022, multiple Russian state-sponsored cyber actors increased the variety of cyber operations for purposes of espionage, destruction, and influence—with unit 26165 predominately involved in espionage. [1] As Russian military forces failed to meet their military objectives and Western countries provided aid to support Ukraine’s territorial defense, unit 26165 expanded its targeting of logistics entities and technology companies involved in the delivery of aid. These actors have also targeted Internet-connected cameras at Ukrainian border crossings to monitor and track aid shipments. Note: This advisory uses the MITRE ATT&CK® for Enterprise framework, version 17. See Appendix A: MITRE ATT&CK tactics and techniques for a table of the threat actors’ activity mapped to MITRE ATT&CK tactics and techniques. This advisory uses the MITRE D3FEND® framework, version 1.0.
Description of Targets
The GRU unit 26165 cyber campaign against Western logistics providers and technology companies has targeted dozens of entities, including government organizations and private/commercial entities across virtually all transportation modes: air, sea, and rail. These actors have targeted entities associated with the following verticals within NATO member states, Ukraine, and at international organizations:
Defense Industry
Transportation and Transportation Hubs (ports, airports, etc.)
Maritime
Air Traffic Management
IT Services
In the course of the targeting lifecycle, unit 26165 actors identified and conducted follow-on targeting of additional entities in the transportation sector that had business ties to the primary target, exploiting trust relationships to attempt to gain additional access [T1199].
The actors also conducted reconnaissance on at least one entity involved in the production of industrial control system (ICS) components for railway management, though a successful compromise was not confirmed [TA0043].
The countries with targeted entities include the following, as illustrated in Figure 1:
Bulgaria
Czech Republic
France
Germany
Greece
Italy
Moldova
Netherlands
Poland
Romania
Slovakia
Ukraine
United States
Figure 1: Countries with Targeted Entities
Initial Access TTPs
To gain initial access to targeted entities, unit 26165 actors used several techniques to gain initial access to targeted entities, including (but not limited to):
The actors abused vulnerabilities associated with a range of brands and models of small office/home office (SOHO) devices to facilitate covert cyber operations, as well as proxy malicious activity via devices with geolocation in proximity to the target [T1665]. [2]
Credential Guessing/Brute Force
Unit 26165 actors’ credential guessing [T1110.001] operations in this campaign exhibit some similar characteristics to those disclosed in the previous CSA “Russian GRU Conducting Global Brute Force Campaign to Compromise Enterprise and Cloud Environments.” [3] Based on victim network investigations, the current iteration of this TTP employs a similar blend of anonymization infrastructure, including the use of Tor and commercial VPNs [T1090.003]. The actors frequently rotated the IP addresses used to further hamper detection. All observed connections were made via encrypted TLS [T1573].
Spearphishing
GRU unit 26165 actors’ spearphishing emails included links [T1566.002] leading to fake login pages impersonating a variety of government entities and Western cloud email providers’ webpages. These webpages were typically hosted on free third-party services or compromised SOHO devices and often used legitimate documents associated with thematically similar entities as lures. The subjects of spearphishing emails were diverse and ranged from professional topics to adult themes. Phishing emails were frequently sent via compromised accounts or free webmail accounts [T1586.002, T1586.003]. The emails were typically written in the target’s native language and sent to a single targeted recipient.
Some campaigns employed multi-stage redirectors [T1104] verifying IP-geolocation [T1627.001] and browser fingerprints [T1627] to protect credential harvesting infrastructure or provide multifactor authentication (MFA) [T1111] and CAPTCHA relaying capabilities [T1056]. Connecting endpoints failing the location checks were redirected to a benign URL [T1627], such as msn.com. Redirector services used include:
Webhook[.]site
FrgeIO
InfinityFree
Dynu
Mocky
Pipedream
Mockbin[.]org
The actors also used spearphishing to deliver malware (including HEADLACE and MASEPIE) executables [T1204.002] delivered via third-party services and redirectors [T1566.002], scripts in a mix of languages [T1059] (including BAT [T1059.003] and VBScript [T1059.005]) and links to hosted shortcuts [T1204.001].
CVE Usage
Throughout this campaign, GRU unit 26165 weaponized an Outlook NTLM vulnerability (CVE-2023-23397) to collect NTLM hashes and credentials via specially crafted Outlook calendar appointment invitations [T1187]. [4],[5] These actors also used a series of Roundcube CVEs (CVE-2020-12641, CVE-2020-35730, and CVE-2021-44026) to execute arbitrary shell commands [T1059], gain access to victim email accounts, and retrieve sensitive data from email servers [T1114].
Since at least fall 2023, the actors leveraged a WinRAR vulnerability (CVE-2023-38831) allowing for the execution of arbitrary code embedded in an archive as a means of initial access [T1659]. The actors sent emails with malicious attachments [T1566.001] or embedded hyperlinks [T1566.002] that downloaded a malicious archive prepared using this CVE.
Post-Compromise TTPs
After an initial compromise using one of the above techniques, unit 26165 actors conducted contact information reconnaissance to identify additional targets in key positions [T1589.002]. The actors also conducted reconnaissance of the cybersecurity department [T1591], individuals responsible for coordinating transport [T1591.004], and other companies cooperating with the victim entity [T1591.002].
The actors used native commands and open source tools, such as Impacket and PsExec, to move laterally within the environment [TA0008]. Multiple Impacket scripts were used as .exe files, in addition to the python versions, depending on the victim environment. The actors also moved laterally within the network using Remote Desktop Protocol (RDP) [T1021.001] to access additional hosts and attempt to dump Active Directory NTDS.dit domain databases [T1003.003] using native Active Directory Domain Services commands, such as in Figure 2: Example Active Directory Domain Services command:
C:Windowssystem32ntdsutil.exe "activate instance ntds" ifm "create full C:temp[a-z]{3}" quit quit
Figure 2: Example Active Directory Domain Services command
Additionally, GRU unit 26165 actors used the tools Certipy and ADExplorer.exe to exfiltrate information from the Active Directory. The actors installed python [T1059.006] on infected machines to enable the execution of Certipy. Accessed files were archived in .zip files prior to exfiltration [T1560]. The actors attempted to exfiltrate archived data via a previously dropped OpenSSH binary [T1048].
Incident response investigations revealed that the actors would take steps to locate and exfiltrate lists of Office 365 users and set up sustained email collection. The actors used manipulation of mailbox permissions [T1098.002] to establish sustained email collection at compromised logistics entities, as detailed in a Polish Cybercommand blog. [6]
After initial authentication, unit 26165 actors would change accounts’ folder permissions and enroll compromised accounts in MFA mechanisms to increase the trust-level of compromised accounts and enable sustained access [T1556.006]. The actors leveraged python scripts to retrieve plaintext passwords via Group Policy Preferences [T1552.006] using Get-GPPPassword.py and a modified ldap-dump.py to enumerate the Windows environment [T1087.002] and conduct a brute force password spray [T1110.003] via Lightweight Directory Access Protocol (LDAP). The actors would additionally delete event logs through the wevtutil utility [T1070.001].
After gaining initial access to the network, the actors pursued further access to accounts with access to sensitive information on shipments, such as train schedules and shipping manifests. These accounts contained information on aid shipments to Ukraine, including:
sender,
recipient,
train/plane/ship numbers,
point of departure,
destination,
container registration numbers,
travel route, and
cargo contents.
In at least one instance, the actors attempted to use voice phishing [T1566.004] to gain access to privileged accounts by impersonating IT staff.
Malware
Unit 26165’s use of malware in this campaign ranged from gaining initial access to establishing persistence and exfiltrating data. In some cases, the attack chain resulted in multiple pieces of malware being deployed in succession. The actors used dynamic link library (DLL) search order hijacking [T1574.001] to facilitate malware execution. There were a number of known malware variants tied to this campaign against logistics sector victims, including:
While other malware variants, such as OCEANMAP and STEELHOOK, [8] were not directly observed targeting logistics or IT entities, their deployment against victims in other sectors in Ukraine and other Western countries suggest that they could be deployed against logistics and IT entities should the need arise.
Persistence
In addition to the abovementioned mailbox permissions abuse, unit 26165 actors also used scheduled tasks [T1053.005], run keys [T1547.001], and placed malicious shortcuts [T1547.009] in the startup folder to establish persistence.
Exfiltration
GRU unit 26165 actors used a variety of methods for data exfiltration that varied based on the victim environment, including both malware and living off the land binaries. PowerShell commands [T1059.001] were often used to prepare data for exfiltration; for example, the actors prepared zip archives [T1560.001] for upload to their own infrastructure.
The actors also used server data exchange protocols and Application Programming Interfaces (APIs) such as Exchange Web Services (EWS) and Internet Message Access Protocol (IMAP) [T1114.002] to exfiltrate data from email servers. In multiple instances, the actors used periodic EWS queries [T1119] to collect new emails sent and received since the last data exfiltration [T1029]. The actors typically used infrastructure in close geographic proximity to the victim. Long gaps between exfiltration, the use of trusted and legitimate protocols, and the use of local infrastructure allowed for long-term collection of sensitive data to go undetected.
Connections to Targeting of IP Cameras
In addition to targeting logistics entities, unit 26165 actors likely used access to private cameras at key locations, such as near border crossings, military installations, and rail stations, to track the movement of materials into Ukraine. The actors also used legitimate municipal services, such as traffic cams.
The actors targeted Real Time Streaming Protocol (RTSP) servers hosting IP cameras primarily located in Ukraine as early as March 2022 in a large-scale campaign, which included attempts to enumerate devices [T1592] and gain access to the cameras’ feeds [T1125]. Actor-controlled servers sent RTSP DESCRIBE requests destined for RTSP servers, primarily hosting IP cameras [T1090.002]. The DESCRIBE requests were crafted to obtain access to IP cameras located on logically distinct networks from that of the routers that received the request. The requests included Base64-encoded credentials for the RTSP server, which included publicly documented default credentials and likely generic attempts to brute force access to the devices [T1110]. An example of an RTSP request is shown in Figure 3.
Successful RTSP 200 OK responses contained a snapshot of the IP camera’s image and IP camera metadata such as video codec, resolution, and other properties depending on the IP camera’s configuration.
From a sample available to the authoring agencies of over 10,000 cameras targeted via this effort, the geographic distribution of victims showed a strong focus on cameras in Ukraine and border countries, as shown in Table 1:
Table 1: Geographic distribution of targeted IP cameras
Country
Percentage of Total Attempts
Ukraine
81.0%
Romania
9.9%
Poland
4.0%
Hungary
2.8%
Slovakia
1.7%
Others
0.6%
Mitigation Actions
General Security Mitigations
Architecture and Configuration
Employ appropriate network segmentation [D3-NI] and restrictions to limit access and utilize additional attributes (such as device information, environment, and access path) when making access decisions [D3-AMED].
Consider Zero Trust principles when designing systems. Base product choices on how those products can solve specific risks identified as part of the end-to-end design. [9]
Ensure that host firewalls and network security appliances (e.g., firewalls) are configured to only allow legitimately needed data flows between devices and servers to prevent lateral movement [D3-ITF]. Alert on attempts to connect laterally between host devices or other unusual data flows.
Use automated tools to audit access logs for security concerns and identify anomalous access requests [D3-RAPA].
For organizations using on-premises authentication and email services, block and alert on NTLM/SMB requests to external infrastructure [D3-OTF].
Utilize endpoint, detection, and response (EDR) and other cybersecurity solutions on all systems, prioritizing high value systems with large amounts of sensitive data such as mail servers and domain controllers [D3-PM] first.
Perform threat and attack modeling to understand how sensitive systems may be compromised within an organization’s specific architecture and security controls. Use this to develop a monitoring strategy to detect compromise attempts and select appropriate products to enact this strategy.
Collect and monitor Windows logs for certain events, especially for events that indicate that a log was cleared unexpectedly [D3-SFA].
Enable optional security features in Windows to harden endpoints and mitigate initial access techniques [D3-AH]:
Enable attack surface reduction rules to prevent executable content from email [D3-ABPI].
Enable attack surface reduction rules to prevent execution of files from globally writeable directories, such as Downloads or %APPDATA% [D3-EAL].
Unless users are involved in the development of scripts, limit the local execution of scripts (such as batch scripts, VBScript, JScript/JavaScript, and PowerShell [10]) to known scripts [D3-EI], and audit execution attempts.
Disable Windows Host Scripting functionality and configure PowerShell to run in Constrained mode [D3-ACH].
Where feasible, implement allowlisting for applications and scripts to limit execution to only those needed for authorized activities, blocking all others by default [D3-EAL].
Consider using open source SIGMA rules as a baseline for detecting and alerting on suspicious file execution or command parameters [D3-PSA].
Use services that provide enhanced browsing services and safe link checking [D3-URA]. Significant reductions in successful spearphishing attempts were noted when email providers began offering link checking and automatic file detonation to block malicious content.
Where possible, block logins from public VPNs, including exit nodes in the same country as target systems, or, if they need to be allowed, alert on them for further investigation. Most organizations should not need to allow incoming traffic, especially logins to systems, from VPN services [D3-NAM].
Educate users to only use approved corporate systems for relevant government and military business and avoid the use of personal accounts on cloud email providers to conduct official business. Network administrators should also audit both email and web request logs to detect such activity.
Many organizations may not need to allow outgoing traffic to hosting and API mocking services, which are frequently used by GRU unit 26165. Organizations should consider alerting on or blocking the following services, with exceptions allowlisted for legitimate activity [D3-DNSDL].
*.000[.]pe
*.1cooldns[.]com
*.42web[.]io
*.4cloud[.]click
*.accesscan[.]org
*.bumbleshrimp[.]com
*.camdvr[.]org
*.casacam[.]net
*.ddnsfree[.]com
*.ddnsgeek[.]com
*.ddnsguru[.]com
*.dynuddns[.]com
*.dynuddns[.]net
*.free[.]nf
*.freeddns[.]org
*.frge[.]io
*.glize[.]com
*.great-site[.]net
*.infinityfreeapp[.]com
*.kesug[.]com
*.loseyourip[.]com
*.lovestoblog[.]com
*.mockbin[.]io
*.mockbin[.]org
*.mocky[.]io
*.mybiolink[.]io
*.mysynology[.]net
*.mywire[.]org
*.ngrok[.]io
*.ooguy[.]com
*.pipedream[.]net
*.rf[.]gd
*.urlbae[.]com
*.webhook[.]site
*.webhookapp[.]com
*.webredirect[.]org
*.wuaze[.]com
Heuristic detections for web requests to new subdomains, including of the above providers, may uncover malicious phishing activity [D3-DNRA]. Logging the requests for each sub-domain requested by users on a network, such as in DNS or firewall logs, may enable system administrators to identify new targeting and victims.
Identity and Access Management
Organizations should take measures to ensure strong access controls and mitigate against common credential theft techniques:
Use MFA with strong factors, such as passkeys or PKI smartcards, and require regular re-authentication [D3-MFA]. [11], [12] Strong authentication factors are not guessable using dictionary techniques, so they resist brute force attempts.
Implement other mitigations for privileged accounts: including limiting the number of admin accounts, considering using hardware MFA tokens, and regularly reviewing all privileged user accounts [D3-JFAPA].
Separate privileged accounts by role and alert on misuse of privileged accounts [D3-UAP]. For example, email administrator accounts should be different from domain administrator accounts.
Reduce reliance on passwords; instead, consider using services like single sign-on [D3-TBA].
For organizations using on-premises authentication and email services, plan to disable NTLM entirely and migrate to more robust authentication processes such as PKI certificate authentication.
Do not store passwords in Group Policy Preferences (GPP). Remove all passwords previously included in GPP and change all passwords on the corresponding accounts [D3-CH]. [13]
Use account throttling or account lockout [D3-ANET]:
Throttling is preferred to lockout. Throttling progressively increases time delay between successive login attempts.
Account lockout can leave legitimate users unable to access their accounts and requires access to an account recovery process.
Account lockout can provide a malicious actor with an easy way to launch a Denial of Service (DoS).
If using lockout, then allowing 5 to 10 attempts before lockout is recommended.
Use a service to check for compromised passwords before using them [D3-SPP]. For example, “Have I Been Pwned” can be used to check whether a password has been previously compromised without disclosing the potential password.
Change all default credentials [D3-CRO] and disable protocols that use weak authentication (e.g., clear-text passwords or outdated and vulnerable authentication or encryption protocols) or do not support multi-factor authentication [D3-ACH] [D3-ET]. Always configure access controls carefully to ensure that only well-maintained and well-authenticated accounts have access. [13]
IP Camera Mitigations
The following mitigation techniques for IP cameras can be used to defend against this type of malicious activity:
Ensure IP cameras are currently supported. Replace devices that are out of support.
Apply security patches and firmware updates to all IP cameras [D3-SU].
Disable remote access to the IP camera, if unnecessary [D3-ITF].
Ensure cameras are protected by a security appliance, if possible, such as by using a firewall to prevent communication with the camera from IP addresses not on an allowlist [D3-NAM].
If remote access to IP camera feeds is required, ensure authentication is enabled [D3-AA] and use a VPN to connect remotely [D3-ET]. Use MFA for management accounts if supported [D3-MFA].
Disable Universal Plug and Play (UPnP), Peer-to-Peer (P2P), and Anonymous Visit features on IP cameras and routers [D3-NI].
Turn off other ports/services not in use (e.g., FTP, web interface, etc.) [D3-ACH].
If supported, enable authenticated RTSP access only [D3-AA].
Review all authentication activity for remote access to make sure it is valid and expected [D3-UBA]. Investigate any unexpected or unusual activity.
Audit IP camera user accounts to ensure they are an accurate reflection of your organization and that they are being used as expected [D3-UAP].
Configure, tune, and monitor logging—if available—on the IP camera.
Indicators of Compromise (IOCs)
Note: Specific IoCs may no longer be actor controlled, may themselves be compromised infrastructure or email accounts, or may be shared infrastructure such as public VPN or Tor exit nodes. Care should be taken when basing triaging logs or developing detection rules on these indicators. GRU unit 26165 almost certainly uses extensive further infrastructure and TTPs not specifically listed in this report.
Utilities and scripts
Legitimate utilities
Unauthorized or unusual use of the following legitimate utilities can be an indication of a potential compromise:
ntdsutil – A legitimate Windows executable used by threat actors to export contents of Active Directory
wevtutil – A legitimate Windows executable used by threat actors to delete event logs
vssadmin – A legitimate Windows executable possibly used by threat actors to make a copy of the server’s C: drive
ADexplorer – A legitimate window executable to view, edit, and backup Active Directory Certificate Services
OpenSSH – The Windows version of a legitimate open source SSH client
schtasks – A legitimate Windows executable used to create persistence using scheduled tasks
whoami – A legitimate Windows executable used to retrieve the name of the current user
tasklist – A legitimate Windows executable used to retrieve the list of running processes
hostname – A legitimate Windows executable used to retrieve the device name
arp – A legitimate Windows executable used to retrieve the ARP table for mapping the network environment
systeminfo – A legitimate Windows executable used to retrieve a comprehensive summary of device and operating system information
net – A legitimate Windows executable used to retrieve detailed user information
wmic – A legitimate Windows executable used to interact with Windows Management Instrumentation (WMI), such as to retrieve letters assigned to logical partitions on storage drives
cacls – A legitimate Windows executable used to modify permissions on files
icacls – A legitimate Windows executable used to modify permissions to files and handle integrity levels and ownership
ssh – A legitimate Windows executable used to establish network shell connections
reg – A legitimate Windows executable used to add to or modify the system registry
Note: Additional heuristics are needed for effective hunting for these and other living off the land (LOTL) binaries to avoid being overwhelmed by false positives if these legitimate management tools are used regularly. See the joint guide, Identifying and Mitigating Living Off the Land Techniques, for guidance on developing a multifaceted cybersecurity strategy that enables behavior analytics, anomaly detection, and proactive hunting, which are part of a comprehensive approach to mitigating cyber threats that employ LOTL techniques.
Malicious scripts
Certipy – An open source python tool for enumerating and abusing Active Directory Certificate Services
Get-GPPPassword.py – An open source python script for finding insecure passwords stored in Group Policy Preferences
ldap-dump.py – A script for enumerating user accounts and other information in Active Directory
Hikvision backdoor string: “YWRtaW46MTEK”
Suspicious command lines
While the following utilities are legitimate, and using them with the command lines shown may also be legitimate, these command lines are often used during malicious activities and could be an indication of a compromise:
edge.exe “-headless-new -disable-gpu”
ntdsutil.exe “activate instance ntds” ifm “create full C:temp[a-z]{3}” quit quit
Disclaimer: These IP addresses date June 2024 through August 2024. The authoring agencies recommend organizations investigate or vet these IP addresses prior to taking action, such as blocking.
June 2024
July 2024
August 2024
192[.]162[.]174[.]94
207[.]244[.]71[.]84
31[.]135[.]199[.]145
79[.]184[.]25[.]198
91[.]149[.]253[.]204
103[.]97[.]203[.]29
162[.]210[.]194[.]2
31[.]42[.]4[.]138
79[.]185[.]5[.]142
91[.]149[.]254[.]75
209[.]14[.]71[.]127
46[.]112[.]70[.]252
83[.]10[.]46[.]174
91[.]149[.]255[.]122
109[.]95[.]151[.]207
46[.]248[.]185[.]236
83[.]168[.]66[.]145
91[.]149[.]255[.]19
64[.]176[.]67[.]117
83[.]168[.]78[.]27
91[.]149[.]255[.]195
64[.]176[.]69[.]196
83[.]168[.]78[.]31
91[.]221[.]88[.]76
64[.]176[.]70[.]18
83[.]168[.]78[.]55
93[.]105[.]185[.]139
64[.]176[.]70[.]238
83[.]23[.]130[.]49
95[.]215[.]76[.]209
64[.]176[.]71[.]201
83[.]29[.]138[.]115
138[.]199[.]59[.]43
70[.]34[.]242[.]220
89[.]64[.]70[.]69
147[.]135[.]209[.]245
70[.]34[.]243[.]226
90[.]156[.]4[.]204
178[.]235[.]191[.]182
70[.]34[.]244[.]100
91[.]149[.]202[.]215
178[.]37[.]97[.]243
70[.]34[.]245[.]215
91[.]149[.]203[.]73
185[.]234[.]235[.]69
70[.]34[.]252[.]168
91[.]149[.]219[.]158
192[.]162[.]174[.]67
70[.]34[.]252[.]186
91[.]149[.]219[.]23
194[.]187[.]180[.]20
70[.]34[.]252[.]222
91[.]149[.]223[.]130
212[.]127[.]78[.]170
70[.]34[.]253[.]13
91[.]149[.]253[.]118
213[.]134[.]184[.]167
70[.]34[.]253[.]247
91[.]149[.]253[.]198
70[.]34[.]254[.]245
91[.]149[.]253[.]20
Detections
Customized NTLM listener
rule APT28_NTLM_LISTENER {
meta:
description = "Detects NTLM listeners including APT28's custom one"
( any of ($sysinternals_*) and any of ($psexec_*) )
or
( 2 of ($network_*) and 2 of ($psexec_*))
)
}
The cybersecurity industry provides overlapping cyber threat intelligence, IOCs, and mitigation recommendations related to GRU unit 26165 cyber actors. While not all encompassing, the following are the most notable threat group names related under MITRE ATT&CK G0007 and commonly used within the cybersecurity community:
Note: Cybersecurity companies have different methods of tracking and attributing cyber actors, and this may not be a 1:1 correlation to the U.S. government’s understanding for all activity related to these groupings.
Further Reference
To search for the presence of malicious email messages targeting CVE-2023-23397, network defenders may consider using the script published by Microsoft: https://aka.ms/CVE-2023-23397ScriptDoc.
The information and opinions contained in this document are provided "as is" and without any warranties or guarantees. Reference herein to any specific commercial products, process, or service by trade name, trademark, manufacturer, or otherwise, does not constitute or imply its endorsement, recommendation, or favoring by the United States Government, and this guidance shall not be used for advertising or product endorsement purposes.
Purpose
This document was developed in furtherance of the authoring agencies’ cybersecurity missions, including their responsibilities to identify and disseminate threats and to develop and issue cybersecurity specifications and mitigations. This information may be shared broadly to reach all appropriate stakeholders.
Contact
United States organizations
National Security Agency (NSA)
Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI)
U.S. organizations are encouraged to reporting suspicious or criminal activity related to information in this advisory to CISA via the agency’s Incident Reporting System, its 24/7 Operations Center (report@cisa.gov or 888-282-0870), or your local FBI field office. When available, please include the following information regarding the incident: date, time, and location of the incident; type of activity; number of people affected; type of equipment user for the activity; the name of the submitting company or organization; and a designated point of contact.
Department of Defense Cyber Crime Center (DC3)
United Kingdom organizations
Germany organizations
Czech Republic organizations
Poland organizations
Australian organizations
Visit cyber.gov.au or call 1300 292 371 (1300 CYBER 1) to report cybersecurity incidents and access alerts and advisories.
Canadian organizations
Estonia organizations
French organizations
French organizations are encouraged to report suspicious activity or incident related to information found in this advisory by contacting ANSSI/CERT-FR by email at cert-fr@ssi.gouv.fr or by phone at: 3218 or +33 9 70 83 32 18.
See Table 2 through Table 14 for all the threat actor tactics and techniques referenced in this advisory.
Conducted follow-on targeting of additional entities in the transportation sector that had business ties to the primary target, exploiting trust relationships to attempt to gain additional access.
Sent requests with Base64-encoded credentials for the RTSP server, which included publicly documented default credentials, and likely were generic attempts to brute force access to the devices.
Abused SOHO devices to facilitate covert cyber operations, as well as proxy malicious activity, via devices with geolocation in proximity to the target.
External actors could send specially crafted emails that cause a connection from the victim to an untrusted location of the actor’s control, leaking the Net-NTLMv2 hash of the victim that the actor could then relay to another service to authenticate as the victim.
An XSS issue was discovered in Roundcube Webmail before 1.2.13, 1.3.x before 1.3.16 and 1.4.x before 1.4.10, where a plaintext email message with JavaScript in a link reference element is mishandled by linkref_addindex in rcube_string_replacer.php.
Roundcube Webmail before 1.4.4 allows arbitrary code execution via shell metacharacters in a configuration setting for im_convert_path or im_identify_path in rcube_image.php.
Appendix C: MITRE D3FEND Countermeasures
Table 16: MITRE D3FEND countermeasures
Countermeasure Title
ID
Details
Network Isolation
Employ appropriate network segmentation. Disable Universal Plug and Play (UPnP), Peer-to-Peer (P2P), and Anonymous Visit features on IP cameras and routers.
Access Mediation
Limit access and utilize additional attributes (such as device information, environment, and access path) when making access decisions. Configure access controls carefully to ensure that only well-maintained and well-authenticated accounts have access.
Inbound Traffic Filtering
Implement host firewall rules to block connections from other devices on the network, other than from authorized management devices and servers, to prevent lateral movement.
Resource Access Pattern Analysis
Use automated tools to audit access logs for security concerns and identify anomalous access requests.
Outbound Traffic Filtering
Block NTLM/SMB requests to external infrastructure.
Platform Monitoring
Install EDR/logging/cybersecurity solutions onto high value systems with large amounts of sensitive data such as mail servers and domain controllers.
System File Analysis
Collect and monitor Windows logs for certain events, especially for events that indicate that a log was cleared unexpectedly.
Application Hardening
Enable optional security features in Windows to harden endpoints and mitigate initial access techniques.
Application-based Process Isolation
Enable attack surface reduction rules to prevent executable content from email.
Executable Allowlisting
Enable attack surface reduction rules to prevent execution of files from globally writeable directories, such as Downloads or %APPDATA%.
Execution Isolation
Unless users are involved in the development of scripts, limit the execution of scripts (such as batch, JavaScript, and PowerShell) to known scripts.
Application Configuration Hardening
Disable Windows Host Scripting functionality and configure PowerShell to run in Constrained mode. Disable protocols that use weak authentication (e.g., clear-text passwords, or outdated and vulnerable authentication or encryption protocols) or do not support multi-factor authentication. Turn off other ports/services not in use (e.g., FTP, web interface, etc.).
Process Spawn Analysis
Use open source SIGMA rules as a baseline for detecting and alerting on suspicious file execution or command parameters.
URL Reputation Analysis
Use services that provide enhanced browsing services and safe link checking.
Network Access Mediation
Do not allow incoming traffic, especially logins to systems, from public VPN services. Where possible, logins from public VPNs, including exit nodes in the same country as target systems, should be blocked or, if allowed, alerted on for further investigation. Ensure cameras and other Internet of Things devices are protected by a security appliance, if possible.
Do not allow outgoing traffic to hosting and API mocking services frequently used by malicious actors.
Domain Name Reputation Analysis
Heuristic detections for web requests to new subdomains may uncover malicious phishing activity. Logging the requests for each sub-domain requested by users on a network, such as in DNS or firewall logs, may enable system administrators to identify new targeting and victims.
Multi-factor Authentication
Use MFA with strong factors and require regular re-authentication, especially for management accounts.
Implement other mitigations for privileged accounts: including limiting the number of admin accounts, considering using hardware MFA tokens, and regularly reviewing all privileged user accounts.
User Account Permissions
Separate privileged accounts by role and alert on misuse of privileged accounts. Audit user accounts on all devices to ensure they are an accurate reflection of your organization and that they are being used as expected.
Token-based Authentication
Reduce reliance on passwords; instead, consider using services like single sign-on.
Credential Hardening
Do not store passwords in Group Policy Preferences (GPP). Remove all passwords previously included in GPP and change all passwords on the corresponding accounts.
Authentication Event Threshholding
Use account throttling or account lockout. Throttling progressively increases time delay between successive login attempts. If using account lockout, allow between 5 to 10 attempts before lockout.
Strong Password Policy
Use a service to check for compromised passwords before using them.
Credential Rotation
Change all default credentials.
Encrypted Tunnels
Disable protocols that use weak authentication (e.g., clear-text passwords, or outdated and vulnerable authentication or encryption protocols). Use a VPN for remote connections to devices.
Software Update
Apply security patches and firmware updates to all devices. Ensure devices are currently supported. Replace devices that are end-of-life.
Agent Authentication
Ensure authentication is enabled for remote access to devices. If supported on IP cameras, enable authenticated RTSP access only.
User Behavior Analysis
Review all authentication activity for remote access to make sure it is valid and expected. Investigate any unexpected or unusual activity.
WASHINGTON, May 21, 2025 (GLOBE NEWSWIRE) — Rhizome, the leading climate resilience planning platform for the power grid, today announced the close of a $6.5 million oversubscribed Seed funding round led by Base10 Partners. The company will use the funding to scale their AI platform and team as they continue to help utilities protect their grid and customers from the impacts of extreme weather events. Rhizome will focus on building out its existing platform, new product research and development, and expanding its geographic footprint domestically and internationally.
Rhizome, launched in 2023, supports utilities by helping them model the impacts of increasingly severe extreme weather events against their systems. By leveraging AI against climate risk data and digital representations of the physical grid, Rhizome’s platform identifies vulnerabilities and prioritizes resilience investments and upgrades. This fundraise will further fuel Rhizome’s mission to integrate climate intelligence into utility planning workflows at a time when grid resilience has never been more crucial.
Extreme weather events are rapidly increasing in frequency, intensity, and cost. In 2024 alone, the U.S. faced 27 billion-dollar climate and weather disasters, totaling over $182 billion in damages. For electric utilities, the stakes are particularly high. A McKinsey analysis found that major storms have cost individual utilities an average of $1.4 billion over a 20-year period, underscoring the urgent need for smarter, more resilient infrastructure planning in the face of growing climate volatility.
At the same time, electric utility capital expenditures hit a record $179 billion, with projections rising to $194 billion in 2025. In an environment where every dollar counts, utilities need advanced planning tools that can simulate a range of climate scenarios — removing the guesswork from resilience planning and helping every dollar go further.
“We set out to partner with investors who deeply understand the power sector and share our commitment to solving pressing climate resilience challenges,” said Mishal Thadani, Co-founder and CEO of Rhizome. “This funding allows us to scale our work and continue refining a suite of products that help utilities prepare the grid for an increasingly uncertain future.”
“Resilience is unquestionably one of the most important factors in ensuring a safe, reliable power grid,” said Rexhi Dollaku, General Partner at Base10 Partners. “Mish, Rahul, and the team bring the right mix of vision, urgency, and technical depth to solve this challenge, and we’re proud to support them.”
In just under two years, Rhizome has developed and commercialized a suite of mission-specific products used by electric utilities in diverse geographical regions. Its flagship product, gridADAPT, supports long-term infrastructure planning by helping utilities prioritize investments that improve reliability and resilience. This was followed by the launch of gridFIRM, a first-of-its-kind platform for wildfire risk mitigation, and most recently, gridCAVA –– an affordable climate vulnerability assessment tool designed specifically for municipal and cooperative utilities. Built on Rhizome’s scalable, cloud-based Aspen platform, these tools round out a powerful portfolio of climate resilience planning tools designed to model current and future climate risk against utility infrastructure, available to utilities across Rhizome’s expanding geographical footprint.
Rhizome is expanding its platform, growing its team, and partnering with more utilities to strengthen resilience in the face of climate-driven threats. Contact Rhizome or visit here to learn more about the company’s expanding portfolio of climate risk solutions.
About Rhizome Rhizome is an AI-powered software platform that helps utilities identify vulnerabilities from climate threats, quantify risk at high resolutions, and measure the economic and social benefits of grid-enhancing investments. Rhizome provides the highest standard of equitable climate risk mitigation to ensure that communities and businesses are protected against intensifying extreme weather events.
About Base10 Partners Founded by Adeyemi Ajao and TJ Nahigian, Base10 is a San Francisco-based venture capital fund investing in founders who believe purpose is key to profits and companies that are automating sectors of the Real Economy, including transportation, retail, logistics, and construction. Through its program, The Advancement Initiative, Base10 aims to donate 50% of profits to underfunded colleges and universities to support financial aid and other key initiatives. Portfolio companies include Notion, Figma, Nubank, Stripe, Motive, Chili Piper, and Popmenu. Connect via base10.vc.
SINGAPORE, May 21, 2025 (GLOBE NEWSWIRE) — Bitcoin has officially shattered the long-anticipated $100,000 barrier, marking a historic milestone for the crypto market. As shown in the latest TradingView chart, BTC continues to push higher, riding the upper edge of the Bollinger Bands with no signs of slowing down.
While the bull run creates exciting opportunities, traders are now facing a critical question: Which platform is best positioned to help them capitalize on this volatility?
Introducing BexBack — A Streamlined Futures Trading Platform Built for This Moment
In a sea of exchanges that are often overloaded, overcomplicated, or overregulated, BexBack stands out with its fast, frictionless, and fully non-KYC approach to crypto derivatives trading.
Whether you’re a seasoned leverage trader or just getting started, BexBack delivers a powerful yet simple experience, offering:
No KYC Required — Trade anonymously with just an email
100% Deposit Bonus+ $100 Trading Bonus — Double your capital and get a head start
Up to 100x Leverage — Maximize your position in times of volatility
Free Demo Account — Practice with 10 BTC and 1,000,000 USDT risk-free
50+ Perpetual Contracts — Including BTC, ETH, XRP, ADA, SOL and more
Zero Spread, No Slippage — What you see is what you get
Security and Speed in One Package
BexBack isn’t just fast — it’s secure. With cold wallet fund storage, multi-signature withdrawal approvals, and real-time risk monitoring, the platform ensures your assets and trades are well protected.
Global Access, Real Freedom
BexBack proudly serves a global user base. With no mandatory KYC, even traders from regions with limited access to traditional exchanges can participate freely and instantly.
About BexBack?
BexBack is a leading cryptocurrency derivatives platform offering up to 100x leverage on futures contracts for BTC, ETH, ADA, SOL, XRP, and over 50 other digital assets. Headquartered in Singapore, the platform also operates offices in Hong Kong, Japan, the United States, the United Kingdom, and Argentina. Like many top-tier exchanges, BexBack holds a U.S. MSB (Money Services Business) license and is trusted by more than 500,000 traders worldwide. The platform accepts users from the United States, Canada, and Europe, with zero deposit fees and 24/7 multilingual customer support, delivering a secure, efficient, and user-friendly trading experience.
As Bitcoin Enters Price Discovery, Don’t Get Left Behind
Markets like this don’t come around often. Whether you’re aiming to ride short-term price swings or position for long-term growth, BexBack provides the tools, leverage, and freedom you need to trade your way.
Create your account, claim your bonuses, and trade with confidence — all on BexBack.
Disclaimer: This content is provided by BexBackThe statements, views, and opinions expressed in this content are solely those of the content provider and do not necessarily reflect the views of this media platform or its publisher. We do not endorse, verify, or guarantee the accuracy, completeness, or reliability of any information presented. We do not guarantee any claims, statements, or promises made in this article. This content is for informational purposes only and should not be considered financial, investment, or trading advice. Investing in crypto and mining-related opportunities involves significant risks, including the potential loss of capital. It is possible to lose all your capital. These products may not be suitable for everyone, and you should ensure that you understand the risks involved. Seek independent advice if necessary. Speculate only with funds that you can afford to lose. Readers are strongly encouraged to conduct their own research and consult with a qualified financial advisor before making any investment decisions. However, due to the inherently speculative nature of the blockchain sector—including cryptocurrency, NFTs, and mining—complete accuracy cannot always be guaranteed. Neither the media platform nor the publisher shall be held responsible for any fraudulent activities, misrepresentations, or financial losses arising from the content of this press release. In the event of any legal claims or charges against this article, we accept no liability or responsibility. Globenewswire does not endorse any content on this page.
Legal Disclaimer: This media platform provides the content of this article on an “as-is” basis, without any warranties or representations of any kind, express or implied. We assume no responsibility for any inaccuracies, errors, or omissions. We do not assume any responsibility or liability for the accuracy, content, images, videos, licenses, completeness, legality, or reliability of the information presented herein. Any concerns, complaints, or copyright issues related to this article should be directed to the content provider mentioned above.
Photos accompanying this announcement are available at
VICTORIA, Seychelles, May 21, 2025 (GLOBE NEWSWIRE) — MEXC, a leading global cryptocurrency exchange, today announced an industry-disrupting partnership with The Open Network (TON) that introduces a $1 million reward pool campaign and fundamentally challenges established exchange revenue models. Launching today and running through June 20, the “TON Triumph” campaign eliminates all trading fees on TON pairs while offering staking returns that dwarf typical yields by up to 100 times.
In an unprecedented move that signals a significant shift in exchange competition strategies, MEXC will offer new users access to staking opportunities with up to 400% APR on TON tokens—creating what analysts describe as the most aggressive user acquisition campaign in the cryptocurrency exchange sector this year.
“This partnership represents a strategic inflection point for both the TON ecosystem and the broader exchange landscape,” said Tracy Jin, COO of MEXC. “By eliminating all typical entry costs into TON trading for a full month while simultaneously offering returns that outpace all competitors, we’re not simply running a promotion—we’re fundamentally changing how users engage with emerging Layer-1 ecosystems.”
Campaign Transforms Market Access and Investment Returns
The 30-day campaign introduces multiple disruptive elements that directly challenge other exchanges’ TON market dominance:
Zero-Fee Trading Structure: Complete elimination of fees on TON/USDT, TON/USDC, and TON/EUR spot pairs, TONUSDT futures, and all TON/USDE network withdrawals—removing traditional revenue mechanisms that have defined exchange business models.
Industry-Leading APR: New users can stake TON tokens to earn up to 400% APR, positioning the offering at 100 times higher than typical cryptocurrency staking returns and several hundred times above traditional banking products.
Democratized Trading Access: Zero-fee structure gives retail traders access to the same economics previously available only to professional and institutional traders, significantly leveling the playing field.
Limited-Time, First-Come Allocation: High-yield staking pools operate on a first-come, first-served basis with participants limited to 250 TON tokens per user, creating immediate urgency for early participation.
The campaign also includes passive rewards of up to 8% daily APR for USDE holders, spot trading rewards from a pool of 32,500 TON, and a futures trading competition with 100,000 USDT in bonuses.
TON Ecosystem Expansion and Infrastructure Advancement
This partnership is pivotal for The Open Network, which continues to gain momentum through its connection to Telegram’s 900+ million users and growing developer ecosystem.
The collaboration represents a significant leap forward in TON’s accessibility and adoption curve. By drastically reducing barriers to entry while providing exceptional incentives, the campaign accelerates the integration of new participants into the TON ecosystem, coinciding precisely with the network’s rapidly expanding technical capabilities and use cases.
The campaign also showcases MEXC’s platform capabilities, demonstrating advanced infrastructure that can handle zero-fee trading across multiple markets simultaneously while managing high-volume staking operations with variable APR structures.
Time-Sensitive Opportunity with Global Access
The $1 million in rewards is available exclusively during the 30-day window, with certain high-value components like the 400% APR staking pool starting on May 21th and operating on a capped allocation basis. MEXC has created a streamlined onboarding process that allows new users to complete registration and KYC verification in minutes, with the campaign accessible to eligible participants globally through both web and mobile interfaces.
About MEXC Founded in 2018, MEXC is committed to being “Your Easiest Way to Crypto.” Serving over 40 million users across 170+ countries, MEXC is known for its broad selection of trending tokens, everyday airdrop opportunities, and low trading fees. Our user-friendly platform is designed to support both new traders and experienced investors, offering secure and efficient access to digital assets. MEXC prioritizes simplicity and innovation, making crypto trading more accessible and rewarding. MEXC Official Website| X | Telegram |How to Sign Up on MEXC
About TON The Open Network (TON) is a fully decentralized layer-1 blockchain designed for mass adoption. Originally conceived by Telegram and now developed by the open TON Community, the network offers exceptional scalability, accessibility, and ease of use.
Risk Disclaimer: The information provided in this article regarding cryptocurrencies does not constitute investment advice. Given the highly volatile nature of the cryptocurrency market, investors are encouraged to carefully assess market fluctuations, the fundamentals of projects, and potential financial risks before making any trading decisions.
Disclaimer: This is a paid post and is provided by MEXC. The statements, views, and opinions expressed in this content are solely those of the content provider and do not necessarily reflect the views of this media platform or its publisher. We do not endorse, verify, or guarantee the accuracy, completeness, or reliability of any information presented. We do not guarantee any claims, statements, or promises made in this article. This content is for informational purposes only and should not be considered financial, investment, or trading advice. Investing in crypto and mining-related opportunities involves significant risks, including the potential loss of capital. It is possible to lose all your capital. These products may not be suitable for everyone, and you should ensure that you understand the risks involved. Seek independent advice if necessary. Speculate only with funds that you can afford to lose. Readers are strongly encouraged to conduct their own research and consult with a qualified financial advisor before making any investment decisions. However, due to the inherently speculative nature of the blockchain sector—including cryptocurrency, NFTs, and mining—complete accuracy cannot always be guaranteed. Neither the media platform nor the publisher shall be held responsible for any fraudulent activities, misrepresentations, or financial losses arising from the content of this press release. In the event of any legal claims or charges against this article, we accept no liability or responsibility. Globenewswire does not endorse any content on this page.
Legal Disclaimer: This media platform provides the content of this article on an “as-is” basis, without any warranties or representations of any kind, express or implied. We assume no responsibility for any inaccuracies, errors, or omissions. We do not assume any responsibility or liability for the accuracy, content, images, videos, licenses, completeness, legality, or reliability of the information presented herein. Any concerns, complaints, or copyright issues related to this article should be directed to the content provider mentioned above.
KUALA LUMPUR, MALAYSIA, May 21, 2025 (GLOBE NEWSWIRE) — TMD Energy Limited (the “Company” or “TMDEL”) (NYSE American: TMDE), together with its subsidiaries is a Malaysia and Singapore based services provider engaged in integrated bunkering services which involves ship-to-ship transfer of marine fuels, ship management services and vessel chartering services, today announced a strategic expansion into oil waste collection, marking a significant enhancement of its Environmental, Social, and Governance (ESG) commitments. This initiative aims to collect sludge oil and used cooking oil and sell to third-party partners for processing into biodiesel, which also helps diversify the Company’s revenue streams.
Following a successful Initial Public Offering, the Company is poised to leverage its extensive logistics network and industry expertise to meet the increasing demand for sustainable waste disposal. It plans to collect residual oils from maritime operators and the food industry, facilitating their conversion into cleaner biodiesel. This circular economy approach not only mitigates greenhouse gas emissions but also supports Malaysia’s national commitment to renewable energy adoption.
Leadership in Sustainable Innovation
The biodiesel market in Malaysia, supported by government incentives, presents substantial growth opportunities. TMDEL’s entry into this sector aligns with evolving regulatory frameworks and the corporate demand for eco-conscious partnerships. “Our expansion signifies a strategic shift toward long-term environmental stewardship,” stated Dato’ Sri Kam Choy Ho, Chairman and CEO of the Company. “By collaborating with businesses, agencies and environmental organizations, we aim to redefine waste as a valuable resource—transforming sustainability commitments into actionable and scalable solutions.”
“This initiative reinforces TMDEL’s dual commitment to operational excellence and ecological responsibility. The Company’s established infrastructure ensures efficient collection, and we target to engage in processing and distribution of biodiesel in the near future, so as to position the Company as a key player in Southeast Asia’s green energy transition.”
“Furthermore, this milestone underscores our vision to lead the bio-green industry while upholding our commitment to exceptional service standards,” added Dato’ Sri Kam Choy Ho. “Every step forward is a step toward a future where economic growth and environmental responsibility coexist.”
About TMD Energy Limited
TMD Energy Limited and its subsidiaries (“TMDEL Group”) are principally involved in marine fuel bunkering services specializing in the supply and marketing of marine gas oil and marine fuel oil of which include high sulfur fuel oil, low sulfur fuel oil and very low sulfur fuel oil, to ships and vessels at sea. TMDEL Group is also involved in the provision of ship management services for in-house and external vessels, as well as vessel chartering. As of today, TMDEL Group operates in 19 ports across Malaysia with a fleet of 15 bunkering vessels. For more information, please visit the Company’s website at: www.tmdel.com.
Forward-Looking Statements
Certain statements in this announcement are forward-looking statements, including but not limited to, the Company’s Offering. These forward-looking statements involve known and unknown risks and uncertainties and are based on the Company’s current expectations and projections about future events that the Company believes may affect its financial condition, results of operations, business strategy and financial needs. Investors can identify these forward-looking statements by words or phrases such as “may”, “could”, “will”, “should”, “would”, “expect”, “plan”, “intend”, “anticipate”, “believe”, “estimate”, “predict”, “potential”, “project” or “continue” or the negative of these terms or other comparable terminology. The Company undertakes no obligation to update or revise publicly any forward-looking statements to reflect subsequent occurring events or circumstances, or changes in its expectations, except as may be required by law. Although the Company believes that the expectations expressed in these forward-looking statements are reasonable, it cannot assure you that such expectations will turn out to be correct, and the Company cautions investors that actual results may differ materially from the anticipated results and encourages investors to review other factors that may affect its future results in the Company’s financial results filings with the SEC.
For investor and media inquiries, please contact: TMD ENERGY LIMITED e-Mail : corporate@tmdel.com
The Basel Committee continues to prioritise the full and consistent implementation of Basel III.
Progresses work to strengthen supervisory effectiveness based on the lessons learned from the 2023 banking turmoil.
Aims to finalise principles for the sound management of third-party risk in the banking sector by the end of 2025.
The Basel Committee on Banking Supervision met in Stockholm on 20 and 21 May 2025 to discuss a range of initiatives.
Financial stability outlook
Committee members exchanged views on recent market developments and the financial stability outlook for the global banking system. A heightened level of uncertainty and increased market volatility requires ongoing vigilance by banks and supervisors to ensure that the global banking system continues to maintain its resilience.
2023 banking turmoil
The Committee took stock of its work to develop a suite of practical tools to support supervisors in their day-to-day work as part of its efforts to strengthen supervisory effectiveness in the light of the lessons learned from the 2023 banking turmoil. The initial work covered the supervision of liquidity risk and interest rate risk in the banking book, the assessment of the sustainability of banks’ business models and the importance of effective supervisory judgment. The tools do not change or replace existing standards or guidelines and were designed to strengthen supervisory practices and effectiveness worldwide. The Committee will publish an update on the outcome of this work by the end of the year.
Following the meeting of the Group of Central Bank Governors and Heads of Supervision (GHOS) earlier this month, the Committee continues to prioritise the implementation of Basel III framework in full, consistently and as soon as possible. The Committee also discussed its analytical work to assess whether specific features of the Basel Framework performed as intended during the 2023 banking turmoil, such as liquidity risk and interest rate risk in the banking book.
Digitalisation of finance
The Committee reviewed the comments received on its consultation on supervisory principles for the sound management of third-party risk in the banking sector. It also discussed an analysis on the risks and benefits from banks’ reliance on third-party service providers.
Building on the comments received and its own analysis, the Committee will publish a final version of the principles by the end of the year.
Members also exchanged views on recent developments related to artificial intelligence and digital fraud. The Committee will continue to monitor developments in these areas.
The Committee also discussed how best to use technological innovation for its Pillar 3 disclosure framework. The disclosure framework enables market participants to access key information about a bank’s risk profile. Making these data more easily accessible by publishing them in a machine-readable format would provide an important public good. The Committee will consult on such a proposal by the end of the year.
Financial risks of extreme weather events
At the GHOS meeting earlier this month, the Committee was tasked with prioritising its work to analyse the impact of extreme weather events on financial risks. The Committee will continue to work on operationalising this work over the coming months. The GHOS also tasked the Committee with publishing a voluntary disclosure framework for climate-related financial risks for jurisdictions to consider; the framework will be published in June.
Note to editors:
The Basel Committee is the primary global standard setter for the prudential regulation of banks and provides a forum for cooperation on banking supervisory matters. Its mandate is to strengthen the regulation, supervision and practices of banks worldwide with the purpose of enhancing financial stability. The Committee reports to the Group of Central Bank Governors and Heads of Supervision and seeks its endorsement for major decisions. The Committee has no formal supranational authority, and its decisions have no legal force. Rather, the Committee relies on its members’ commitments to achieve its mandate. The Group of Central Bank Governors and Heads of Supervision is chaired by Tiff Macklem, Governor of the Bank of Canada. The Basel Committee is chaired by Erik Thedéen, Governor of Sveriges Riksbank.
More information about the Basel Committee is availablehere.
The rising tensions with North Korea, coupled with China’s increasing assertiveness, have necessitated South Korea to bolster its military capabilities and readiness. These strategic enhancements include investments in advanced weapons systems, military preparedness, and fortification of cybersecurity infrastructure. In light of these developments, the country has allocated $222 billion for the period from 2021 to 2025, according to GlobalData, a leading data and analytics company.
Akash Pratim Debbarma, Aerospace & Defense Analyst at GlobalData, comments: “Over the years, South Korea has successfully diminished its reliance on imports and enhanced the capabilities of its armed forces through the indigenous development of several advanced military systems. The country’s allocation of funds toward acquisition and research, development, testing, and evaluation (RDT&E) underscores its commitment to addressing the evolving security challenges within the region.”
The successful flight of the KF-21 prototype by Korea Aerospace Industries (KAI) in 2022 marks a significant stride toward self-reliance in combat aircraft production. While the induction of the KF-21 is slated for 2028, it is expected to considerably enhance South Korea’s aerial combat capabilities with advanced onboard avionics and near-stealth performance.
Debbarma concludes: “As North Korea continues its nuclear-capable missile tests, South Korea remains steadfast in enhancing its deterrence strategies, bolstering its air, naval, and missile defense capabilities. However, South Korea is still mainly dependent on the 28,500 US troops to maintain a credible deterrence against potential hostilities from North Korea.
“With looming uncertainties about the continuance of its reliance on US support following Trump’s return to office, South Korea will likely redirect most of its defense budgets into indigenization efforts. While supporting its armed forces, South Korea will also try to achieve economy of scale to keep the cost down for its domestic defense systems by exporting them to its allies worldwide.
The overall deal activity (comprising mergers & acquisitions (M&A), private equity, and venture financing deals) in the Asia-Pacific (APAC) region has experienced a slight contraction in early 2025. Primarily driven by a downturn in venture financing activities, the total number of deals announced in the APAC region fell by 2.6% during January-April 2025 compared to the same period in the previous year, according to GlobalData, a leading data and analytics company.
An analysis of GlobalData’s Deals Database revealed that the total number of venture capital (VC) deals announced in the APAC region registered a year-on-year (YoY) decline of 8.2% in the first four months of 2025.
Conversely, M&A and private equity transactions have remained stable. The number of M&A deals in the region increased by 2.4% during January-April 2025 compared to January-April 2024, whereas private equity deals volume was also up by around 2% YoY during the same period.
Aurojyoti Bose, Lead Analyst at GlobalData, comments: “The APAC deal landscape is showcasing a mixed trend characterized by a blend of resilience in M&A and private equity, juxtaposed with a fall in VC funding activity. This mixed trend reflects the intricate economic dynamics at play across the region, with varying performances across key markets.”
The performance of key markets within the APAC region reveals significant disparities. China, the top APAC market in deal-making, has experienced a decline in deal volume of more than 15% during January-April 2025 compared to the first four months of 2024. In contrast, India and Japan have seen an uptick in deal activity, with a YoY growth rate of around 13% and 25%, respectively. Meanwhile, other key APAC markets, including Australia, South Korea and Singapore, also showcased signs of contraction in deal activity.
Note: Historic data may change in case some deals get added to previous months because of a delay in disclosure of information in the public domain
The UK’s most powerful hub for the creative industries united for two days of engaged networking, passionate debate and exceptional insights into AI, the creator economy, production craft and more – helping attendees stay ahead-of-the-curve for the year ahead.
London, United Kingdom, 21 May 2025 – After two exceptional days of conversation, collaboration and community, the biggest and buzziest MPTS yet welcomed a record 13,000 attendees from 50 countries, uniting the UK’s media and entertainment industry together in the heart of London, like never before. The exhibition is organized by Media Business Insight (MBI) Ltd, a GlobalData company.
Hosted at London’s Olympia on 14-15 May, the red-hot editorially driven program delivered 100+ free-to-attend sessions across eight theatres, showcasing the insight and passion of more than 350 expert speakers and guest keynotes. The bustling show floor was packed with more than 300 exhibitors and sponsors, showcasing imagination, determination and standout talent of the UK’s creative and technical communities – at a time of both global challenge and immense opportunity.
Setting the agenda for MPTS, a State of the Nation Production keynote outlined a media and entertainment landscape in which storytellers had to embrace screens, formats and creators of all kinds.
Kate Beal, CEO, Woodcut Media, asserted: “TV doesn’t exist anymore in the way we knew it.”
Derren Lawford, CEO, Dare Pictures, said: “We are in the middle of a decade of profound transition, and we are past the tipping point. TV is part of a wider, connected series of industries around the creation and distribution and funding of content.”
Headliners at MPTS include:
Producer and presenter Ross Kemp, who took us on an exhilarating tour of investigative documentaries on the front lines of conflict, drug cartels and organised crime gangs. “They will know in a second if you are not telling the truth,” he said. “I specialize in telling the truth, it is as simple as that.”
Georgie Holt, whose company Flight Story produces the world’s second biggest podcast ‘Diary of a CEO’, declared: “We are in the era of the Founder Creator — creators who are now in charge of media content and able to monetise spectacularly outside of traditional gatekeepers.”
NFL professional turned American Football broadcaster Jason Bell explained how sports coverage was evolving into the F1 Drive To Survive model, in which athlete personalities and back stories were the keys to growing audiences.
Blockbuster editor Eddie Hamilton gave a masterclass about the precision involved in making Top Gun: Maverick and five Mission: Impossible movies with Tom Cruise. He said: “Every nuance is refined hundreds of times. Sometimes we watch a 10-minute scene 40 times in a day, checking to see where your eye is moving in the frame.”
Diverse representation is a vital sign of the industry’s health and MPTS is proud to set the benchmark to secure equal representation and attendance from the next generation, not only across the program, but also something clearly witnessed across the show floor amongst exhibitors and attendees.
MPTS also prioritizes the crucial importance of sustainability and, in continuing association with BAFTA albert brought this conversation to the fore with experts including Peter Okell, Sky Studios Elstree; Luke Seraphin, Sky Studios and Claire O’Neill, A Greener Future speaking in the Sustainability Series.
Sam Street, Marketing Officer, BAFTA Albert commented: “MPTS is a really key moment in our calendar. It is always so great to connect with suppliers, companies, studios and creatives who share our common passion for sustainability within screen industries. It has also been really valuable to curate our sustainability series of panels across this year’s show, we’ve had some really insightful discussions and emphasised the importance of environmental focus throughout the screen industries.”
We did not need a machine to predict the high demand for news and information about AI. The brand-new ticketed AI Training program and the expanded AI Media Zone drew exceptional attendance, with exhibitors such as Dot Group, Moments Lab and Software. Conversations in these packed-out sessions revolved around the impact of AI from ideation to VFX, featuring real-world insights and discussions on bridging the gap between theory and practice from speakers including Pete Archer, BBC; Jon Roberts, ITN and Damien Viel, Banijay Entertainment.
With a record number of exhibitors already rebooking for 2026, MPTS continues to prove its value as the UK’s number one event for media and production professionals, where brands, creatives and decision-makers come together to connect, collaborate and grow.
Jane Shepard, Senior Channel Marketing Manager, Sandisk, said: “MPTS 2025 was a spectacular showcase of innovation, bringing together the brightest minds and cutting-edge technology in the industry. An unforgettable experience for all attendees.”
Tom Rundle, Application Engineer, Yamaha Music, said: “It has been very busy for us. We have seen a huge mix of customers from the broadcast sector here, but also customers from the other industries which we serve, whether that’s live or theatre who have deliberately come to the show to seek us out to speak to us. Will we be back next year? Yes, absolutely, this is the first year for us, so it was always a bit of a toe in the water, but it’s been vastly more successful than we thought it was going to be.”
Peter Alderson, Business Manager, Nikon, said: “This is our second year at MPTS, we’ve gone a little bit bigger on our stands, almost doubling it, and I think it’s definitely been worthwhile doing. We’ve partnered with RED, who we recently purchased, and MRMC so it’s making a lovely statement about where we are in the market, and I think we’re in the right place to make that statement here at MPTS.”
Jennifer Hudson, Marketing Executive, Videndum, said: “This show is really important in our calendar – we attend nearly every year and find so much value in it. We get to meet with so many different professionals within the industry, and this year has been really, really positive for us. We’ve walked away with quite a few leads and made new relationships. It’s a fantastic show, and we would thoroughly recommend anyone thinking about coming and having a stand here to definitely do it – you won’t regret it.”
Will Pitt, Head of Sales Solutions, Techex, said: “My impression of the show is that it’s been incredibly busy and very positive. Techex particularly specialise in solving some of the headaches that a lot of the broadcast industry is grappling with at the moment, namely, how they transition into an IP-led architecture from a legacy architecture and what that journey looks like. As such, our standards have been packed pretty much throughout the show to come and look at products, but also to come and talk about ideas and lean into what that journey looks like specifically for them. So not a generic journey, but specific to their drivers and their wants and needs in the short and medium term. We particularly like MPTS because it’s London based and many of the engineers that we speak to and collaborate with are based here and therefore it’s an easy journey for them to take half a day, a day out to come and investigate what we have to offer, but also to have those conversations. And so for organisations like WBD or Sky, the BBC, ITV, etc. They can come here quite easily and engage with us, spend some time talking in real life and not over teams or Zoom.”
Charlotte Wheeler, Event Director, MPTS said: “Without doubt, 2025 was the most stimulating, ahead-of-the-curve MPTS yet. At a time when we are seeing the industry under real pressure from budget cuts to talent shortages and perpetual change, the conversations and connections on the show floor were positive and demonstrated infectious community spirit. The level of attendance and the quality of attendees from across all sectors of the industry was incredible – not just stakeholders in technology but representatives from production and commissioning, the creator economy, those new to the industry and freelancers were all brought together by MPTS under one roof.
“A huge amount of work goes into making sure that there is equal representation across our extensive conference programme. I am proud that MPTS is one of – if not the – most diverse shows both in terms of attendees and panellists.
“Thank you to everyone for exhibiting, sponsoring, speaking, attending and engaging with the show to make MPTS such a thrilling success. We are already planning for 2026, which marks MPTS’ 10th edition, so look forward to a landmark celebration!”
Save the date for MPTS 2026 when we return to Olympia Grand Hall, London on 13 – 14 May 2026.
The conversation does not stop when the doors close. MPTS is more than just two days a year – it is a connected, year-round community for the broadcast and media industry. From on-demand content to exclusive events, there’s still so much to explore. Stay connected with us: https://www.mediaproductionshow.com/register-interest
The venture capital (VC) landscape in the US has demonstrated remarkable resilience and growth in funding value in early 2025, despite a slight decline in deal volume. Between January and April 2025, the US recorded a modest decrease of around 4% in VC deal volume compared to the same period in 2024. Despite the fall in volume, the total funding value of these deals more than doubled to reach $89 billion during January-April 2025, according to GlobalData, a leading data and analytics company.
An analysis of GlobalData’s Deals Database revealed that the total VC funding value in the US was up by a massive year-on-year (YoY) growth of 151% during January-April 2025.
Aurojyoti Bose, Lead Analyst at GlobalData, comments: “Despite the dip in deal volume, the surge in deal value indicates a strong appetite for larger investments in the US market. And this trend is likely to continue as investors seek to capitalize on high-potential startups.”
The US continues to account for a significant share of global VC funding, maintaining its position as the top market in terms of both deal volume and value. However, the dominance in terms of value has now become even more pronounced with the massive surge in funding value.
The US accounted for around 30% of the total number of VC deals announced globally during January-April 2025, while its share of the corresponding value stood much higher at around 70% compared to around 45% during January-April 2024.
In contrast, other major markets such as China and the UK experienced double-digit declines in deal volume. Moreover, China saw its VC funding value also register a staggering drop of around 50% YoY during January-April 2025. This trend highlights the US’ unique position as a resilient market, attracting big investments even as some other key markets face challenges.
The US continues to attract big-ticket investments, particularly in the technology sector. Start-ups focusing on technology-driven solutions, particularly in areas such as artificial intelligence (AI), are gaining significant investor traction.
Some of the notable VC funding deals announced in the US during the first four months of 2025 include $40 billion secured by OpenAI, $3.5 billion raised by Anthropic, and $3 billion raised by Infinite Reality, among others.
Note: Historic data may change in case some deals get added to previous months because of a delay in disclosure of information in the public domain
All national deposit guarantee schemes (DGS) in the European Union (EU) have reached the envisaged minimum target level.
The funds have been built up over a 10-year period through contributions from credit institutions and are directly available to reimburse depositors in the case of a bank failure.
The amount of deposits protected by the DGSs increased by 3.2% to €8.6tn from 2023 to 2024.
The European Banking Authority (EBA) today published end-2024 data related to two key concepts and indicators in the Deposit Guarantee Schemes Directive (DGSD), namely financial means available to, and covered deposits protected by, national deposit guarantee schemes. The EBA publishes this data for each Member State, and on a yearly basis to enhance the transparency and public accountability of DGSs across the EU to the benefit of depositors, markets, policymakers, DGSs and Members States. Following a 10-year build-up phase, the EU DGS funds have reached €79bn of available means in aggregate.
The DGSD ensures the adequate protection of depositors when banks fail, by guaranteeing that deposits up to a certain level will always be repaid even if the bank holding them fails. Covered deposits are guaranteed up to €100,000 or the equivalent in other currencies per depositor at each bank. The data as of 31 December 2024 shows that, compared to 2023, the amount of covered deposits across the EU further increased by 3.2% to €8.6tn, after increases of 1.7% in 2023 and 2.5% in 2022.
Furthermore, all banks in the EU have been obliged to contribute to funds held by the DGSs in their jurisdiction for the main purpose of reimbursing depositors within seven days after a bank failure. The deadline for those funds to reach the minimum required target level of usually 0.8% of covered deposits for the first time was 3 July 2024. The end-2024 data shows that all 33 EU DGSs are at or above that target level. In total, funds available to protect deposits in case of bank failures rose by 11.1% to €79bn in 2024. DGSs have in place additional arrangements, to require credit institutions to make additional contributions to the fund and/or to make additional short-term funding available should the need arise.
The public data includes data for the EU countries, Iceland, Norway and Liechtenstein, which together form the European Economic Area (EEA). The total covered deposits in the EEA amount to €8.8tn and the total available financial means in the EEA funds amount to €81bn at the end of2024.
Legal basis and background
The EBA is collecting data on deposit guarantee schemes in accordance with Article 10(10) of the DGSD. As per its Decision EBA/DC/2018/243 from 23 July 2018, the EBA makes this data publicly available on its website.
Furthermore, in support of the DGSD, the EBA published in December 2021 the Guidelines EBA/GL/2021/17 on the delineation and reporting of AFMs of the DGSs and, thus, expanded the reporting requirements from DGSs to the EBA.
Source: People’s Republic of China – State Council News
BEIJING, May 21 — China will further step up financing support for small and micro enterprises by increasing financing supply, lowering financing costs, and enhancing the precision of supportive measures, according to a guideline issued Wednesday by eight departments.
The document — jointly issued by the National Financial Regulatory Administration, the People’s Bank of China, the National Development and Reform Commission and other authorities, proposes 23 concrete measures to boost financing for small and micro firms.
To increase financing supply for these companies, the country will strengthen the issuance of first-time loans, credit loans, medium- to long-term loans, corporate loans and loans to private enterprises, the guideline revealed.
Financing support for small and micro firms in the agricultural sector will be strengthened by leveraging structural monetary tools including re-lending, the document said.
China will also support small and micro enterprises in pursuing equity financing, the guideline stated.
To reduce the financing costs of small and micro companies, the country will guide banks to determine their lending rates for such enterprises reasonably while lowering additional loan-related fees.
China will also guide banks to improve their financing efficiency, streamline application materials and optimize approval procedures, said the document, while adding that more support will be channeled to science and technology-oriented, innovation-driven small and micro firms as well as those engaged in new business models regarding foreign trade.
Source: People’s Republic of China – State Council News
Deutsche Grammophon (DG) and Blue Note Records, two of the world’s most iconic classical and jazz labels, launched Chinese branches on May 15 as the country’s audience for these genres continues to expand.
The labels will operate dedicated China imprints in collaboration with Universal Music Greater China, the companies said.
Executives launch Deutsche Grammophon China in Shanghai, May 15, 2025. [Photo courtesy of Universal Music Group]
“For decades, Deutsche Grammophon and Blue Note have held a special place in the hearts of Chinese classical and jazz musicians,” said Timothy Xu, chairman and CEO of Universal Music Greater China.
“These labels have deeply influenced how local artists understand, study and create within these genres. Today marks a new beginning. For the first time, these two iconic brands are establishing dedicated labels in China to engage directly with local artists and communities.”
The new labels will focus on discovering Chinese talent, developing original creative work and connecting local musicians with international audiences, according to company executives.
Xu said DG China and Blue Note Records China “will be fully committed to discovering and supporting the next generation of talent emerging from China.”
“Through these efforts, we hope to contribute to the growth and appreciation of classical and jazz music in China and to help bring the richness of Chinese musical expression into deeper dialogue with the world,” he said.
“By combining the global heritage and artistic leadership of these two iconic labels with the market knowledge and cultural insight of our local team, we are creating a stronger platform to connect Chinese talent with global opportunities,” said Adam Granite, executive vice president for market development at Universal Music Group.
Pianists Lang Lang and Yuja Wang, along with Shanghai Symphony Orchestra Music Director Yu Long, all longtime DG artists, will serve as artistic advisors to DG China, executives announced at the launch event.
Lang Lang said in a video message that “Deutsche Grammophon has been my musical home for many years, and I’m thrilled to see the launch of DG China.”
“I believe DG China will be a key platform for emerging Chinese musicians and help connect classical music with broader audiences,” he said. “I also hope it will bring more Chinese voices to the global stage, a mission I deeply believe in and am proud to support.”
DG China will release its first album, “Bach: The Cello Suites,” performed by cellist Wang Jian on May 23, with plans to record all of Dmitri Shostakovich’s symphonies with the Shanghai Symphony Orchestra by 2029 to mark the orchestra’s 150th anniversary. Yu Long called it “also a powerful expression of the artistry and interpretive depth of Chinese musicians today.”
Executives launch Blue Note Records China in Shanghai, May 15, 2025. [Photo courtesy of Universal Music Group]
Blue Note Records China, a new division of the iconic jazz label known for artists like Miles Davis and Herbie Hancock, will focus on developing local talent while bringing Chinese jazz to international audiences, executives said.
The label’s first signing is INNOUT, an avant-garde jazz duo composed of guitarist Xiao Jun and drummer An Yu. The duo combines jazz with electronic elements and experimental composition in a style that has gained recognition in China’s contemporary jazz scene.
Don Was, president of Blue Note Records, said: “Xiao Jun and An Yu are two of the most talented and visionary musicians I’ve ever met. Their music is going to blow people’s minds all over the world. It’s a thrill and an honor to be able to launch Blue Note Records China with their music.”
Blue Note Records China will also partner with JZ Music, a major player in China’s jazz scene, to develop live performance opportunities, including tours, festivals and venue events. The partnership aims to increase Chinese jazz visibility both locally and internationally.
We use the term “Renaissance man” very loosely these days, for anybody even slightly multi-talented. But Lesotho-born jazz drummer, novelist and development scholar Morabo Morojele was the genuine article.
He not only worked across multiple fields, but achieved impressively in all. Morojele died on 20 May, aged 64.
As a researcher into South African jazz, I encountered him initially through his impressive live performances. I was surprised to hear about his first novel and then – as a teacher of writing – bowled over by its literary power.
Celebrating a life such as Morojele’s matters, because a pan-African polymath like him cut against the grain of a world of narrow professional boxes, where borders are increasingly closing to “foreigners”.
This was a man who not only played the jazz changes, but wrote – and lived – the social and political ones.
The economist who loved jazz
Born on 16 September 1960 in Maseru, Lesotho, Morojele schooled at the Waterford Kamhlaba United World College in Swaziland (now Eswatini) before being accepted to study at the London School of Economics.
In London in the early 1980s the young economics student converted his longstanding jazz drumming hobby into a professional side gig. There was a vibrant African diasporic music community, respected by and often sharing stages with their British peers. Morojele worked, among others, in the bands of South African drummer Julian Bahula and Ghanaian saxophonist George Lee. With Lee’s outfit, Dadadi, he recorded Boogie Highlife Volume 1 in 1985.
Studies completed and back in Lesotho, Morojele founded the small Afro-jazz group Black Market and later the trio Afro-Blue. He worked intermittently with other Basotho music groups including Sankomota, Drizzle and Thabure while building links with visiting South African artists. For them neighbouring Lesotho provided less repressive stages than apartheid South Africa.
Morojele relocated to Johannesburg in 1995 and picked up his old playing relationship with Lee, by then also settled there. His drum prowess caught the eye of rising star saxophonist Zim Ngqawana. With bassist Herbie Tsoaeli and pianist Andile Yenana, he became part of the reedman’s regular rhythm section.
The three rhythm players developed a close bond and a distinctive shared vision, which led to their creating a trio and an independent repertoire. Later they were joined by saxophonist Sydney Mnisi and trumpeter Marcus Wyatt to form the quintet Voice.
Voice was often the resident band at one of Johannesburg’s most important post-liberation jazz clubs: the Bassline. Although the 1994-founded venue was just a cramped little storefront in a bohemian suburb, it provided a stage for an entire new generation of indigenous jazz and pan-African music in its nine years. Voice was an important part of that identity, audible on their second recording.
Morojele on drums for Andile Yenana.
Morojele also recorded with South African jazz stars like Bheki Mseleku and McCoy Mrubata. He appeared on stage with everyone from Abdullah Ibrahim to Feya Faku.
His drum sound had a tight, disciplined, almost classical swing, punctuated visually by kinetic energy, and sonically by hoarse, breathy vocalisations. Voice playing partner Marcus Wyatt recalls:
The first time I played with you, I remember being really freaked out by those vocal sound effects coming from the drum kit behind me, but the heaviness of your swing far outweighed the heaviness of the grunting. That heavy swing was in everything you did – the way you spoke, the way you loved, the way you drank, the way you wrote, the way you lived your life.
Wyatt also recalls a gentle, humble approach to making music together, but spiced with sharp, unmuted honesty – “You always spoke your mind” – and intense, intellectual after-show conversations about much more than music.
Because Morojele had never abandoned his other life as a development scholar and consultant. He was travelling extensively and engaging with (and acutely feeling the hurt of) the injustices and inequalities of the world. Between those two vocations, a third was insinuating itself into the light: that of writer.
I came to writing almost by accident … I’ve always enjoyed writing (but) I never grew up thinking I was going to be a writer.
In 2006, after what he described in interviews as a series of false starts, he produced a manuscript that simply “wrote itself”, How We Buried Puso.
Starting with the preparations for a brother’s funeral, the novel – set in Lesotho – reflects on the diverse personal and societal meanings of liberation in the “country neighbouring” (South Africa) and at home. How new meanings for old practices are forged, and how the personal and the political intertwine and diverge. All set to Lesotho’s lifela music. The book was shortlisted for the 2007 M-Net Literary Award.
There was an 18-year hiatus before Morojele’s second novel, 2023’s The Three Egg Dilemma. Now that he was settled again in Lesotho, music was less and less a viable source of income, and development work filled his time. “I suppose,” he said, “I forgot I was a writer.” But, in the end, that book “also wrote itself, because I didn’t have an outline … it just became what it is almost by accident.”
In 2022, a serious health emergency hit; he was transported to South Africa for urgent surgery.
The Three Egg Dilemma, unfolding against an unnamed near-future landscape that could also be Lesotho, broadens his canvas considerably.
The setting could as easily be any nation overtaken by the enforced isolation of a pandemic or the dislocation of civil war and military dictatorship, forcing individuals to rethink and re-make themselves. And complicated by the intervention of a malign ghost: a motif that Morojele said had been in his mind for a decade.
For this powerful second novel, Morojele was joint winner of the University of Johannesburg prize for South African writing in English.
He was working on his third fiction outing – a collection of short stories – at the time of his death.
The beauty of his work lives on
Morojele’s creative career was remarkable. What wove his three identities – musician, development worker and writer – together were his conscious, committed pan-Africanism and his master craftsman’s skill with sound: the sound of his drums and the sound of his words as they rose off the page.
Through the books, and the (far too few) recordings, that beauty lives with us still. Robala ka khotso (Sleep in peace).
Gwen Ansell does not work for, consult, own shares in or receive funding from any company or organisation that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.
After 18 months of punishing airstrikes, raids and an increasingly restrictive siege in Gaza, the United Nations on May 20, 2025, issued one of its most urgent warnings yet about the ongoing humanitarian crisis: an estimated 14,000 babies were at risk of death within the next 48 hours without an immediate influx of substantial aid, especially food.
The assessment came a day after Israel allowed the first trickle of aid back into Gaza following its nearly three-month total blockade imposed on March 2. But on the first day of that resumption, the U.N. Office for the Coordination of Humanitarian Affairs reported that only nine trucks were allowed into Gaza, when around 500 are required every day. The U.N. called it “a drop in the ocean of what is urgently needed.”
Israel’s control of food and aid into Gaza has been a consistent theme throughout the past 18 months. Indeed, just two weeks after Israel’s massive military campaign in the Gaza Strip began in late 2023, Oxfam International reported that only around 2% of the usual amount of food was being delivered to residents in the territory and warned against “using starvation as a weapon of war.”
Amid the broader destruction to lives and infrastructure, there is now barely a food system to speak of in Gaza.
Since October 2023, Israeli bombs have destroyed homes, bakeries, food production factories and grocery stores, making it harder for people in Gaza to offset the impact of the reduced imports of food.
A handful of trucks loaded with humanitarian aid for the Gaza Strip are seen at the Kerem Shalom crossing in southern Israel on May 20, 2025. AP Photo/Maya Alleruzzo
But as much as things have worsened in the past 18 months, food insecurity in Gaza and the mechanisms that enable it did not start with Israel’s response to the Oct. 7 attack by Hamas.
Multiple factors contributed to this preexisting food insecurity, not least the blockade of Gaza imposed by Israel and enabled by Egypt since 2007. All items entering the Gaza Strip, including food, became subject to Israeli inspection, delay or denial.
Basic foodstuff was allowed, but because of delays at the border, it could spoil before it entered Gaza.
By placing restrictions on food imports, Israel has claimed to be trying to put pressure on Hamas by making life difficult for the people in Gaza. “The idea is to put the Palestinians on a diet, but not to make them die of hunger,” said one Israeli government adviser in 2006.
To enable this, the Israeli government commissioned a 2008 study to work out exactly how many calories Palestinians would need to avoid malnutrition. The report was released to the public only following a 2012 legal battle. Echoes of this sentiment can be seen in the Israeli decision in May 2025 to allow only “the basic amount of food” to reach Gaza to purportedly ensure “no starvation crisis develops.”
The long-running blockade also increased food insecurity by preventing meaningful development of an economy in Gaza.
Displaced Palestinians fleeing amid ongoing Israeli military operations in the Gaza Strip arrive in Jabalia in northern Gaza on May 18, 2025. AP Photo/Jehad Alshrafi
The U.N. cites the “excessive production and transaction costs and barriers to trade with the rest of the world” imposed by Israel as the primary cause of severe underdevelopment in the occupied territories, including Gaza. As a result, in late 2022 the unemployment rate in Gaza stood at around 50%. This, coupled with a steady increase in the cost of food, made affording food difficult for many Gazan households, rendering them dependent on aid, which fluctuates frequently.
Hampering self-sufficency
More generally, the blockade and the multiple rounds of destruction of parts of the Gaza Strip have made food sovereignty in the territory nearly impossible.
Even prior to the latest war, Gaza’s fishermen were regularly shot at by Israeli gunboats if they ventured farther in the Mediterranean Sea than Israel permits. Because the fish closer to the shore are smaller and less plentiful, the average income of a fisherman in Gaza has more than halved since 2017.
Much of Gaza’s farmland has been rendered inaccessible to Palestinians as a result of post-October 2023 actions by Israel.
And the infrastructure needed for adequate food production – greenhouses, arable lands, orchards, livestock and food production facilities – has been destroyed or heavily damaged. International donors hesitate to rebuild facilities, knowing they cannot guarantee their investment will last more than a few years before being bombed again.
The latest ongoing siege has only further crippled the ability of Gaza to be food self-sufficient. By May 2025, nearly 75% of croplands had been destroyed, along with significant amounts of livestock. Less than one-third of agricultural wells used for irrigation remain functional.
Starvation as weapon of war
The use of starvation as a weapon is strictly forbidden under the Geneva Conventions, a set of statutes that govern the laws of warfare. Starvation has been condemned by U.N. Resolution 2417, which decried the use of deprivation of food and basic needs of the civilian population and compelled parties in conflict to ensure full humanitarian access.
Israeli Prime Minister Benjamin Netanyahu has said publicly that Israel was permitting aid now only because allies were pressuring him over “images of mass famine.” This stance suggests that Israel will not soon increase aid beyond what his government deems politically acceptable.
While there is more evidence than ever before that Israel is using food as a weapon of war, there is also, I believe, ample evidence that this was the reality long before Oct. 7, 2023.
In the meantime, the implications for Palestinians in Gaza have never been more dire.
More death is certain to follow. On May 12, the Integrated Food Security Phase Classification, a global system created to track food insecurity, released an alarming report on projections of food insecurity in Gaza.
It warned that by September 2025, half a million people in Gaza – 1 in 5 of the population – will be facing starvation and that the entire population will experience acute food insecurity at crisis level, or worse.
Editor’s note: Parts of this story were originally contained in an article published by The Conversation U.S. on Feb. 15, 2024.
Yara M. Asi does not work for, consult, own shares in or receive funding from any company or organization that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.
How much do you engage with others when you’re out in public? Lots of people don’t actually engage with others much at all. Think of commuters on public transportation staring down at their phones with earbuds firmly in place.
As a professor of social psychology, I see similar trends on my university campus, where students often put on their headphones and start checking their phones before leaving the lecture hall on the way to their next class.
Curating daily experiences in these ways may appeal to your personal interests, but it also limits opportunities for social connection. Humans are social beings: We desire to feel connected to others, and even connecting with strangers can potentially boost our mood.
At the same time, our attention is increasingly being pulled in varied directions within a highly saturated information environment, now commonly known as the “attention economy.”
It is perhaps not surprising, then, that so many Americans are experiencing a crisis of social connection. Research in social psychology helps to explain how the small behaviors and choices we make as individuals affect our experiences with others in public settings.
Where you focus your attention
One factor shaping people’s experiences in public settings concerns where they focus their attention. Since there is more information out in the world than anyone could ever realistically take in, people are driven to conserve their limited mental resources for those things that seem most crucial to navigating the world successfully. What this means is that every person’s attention is finite and selective: By attending to certain bits of information, you necessarily tune out others, whether you’re aware of doing so or not.
More often than not, the information you deem worthy of attention also tends to be self-relevant. That is, people are more likely to engage with information that piques their interest or relates to them in some way, whereas they tend to ignore information that seems unrelated or irrelevant to their existence.
One unfortunate consequence is that a person may end up treating interactions with other people as transactions, with a primary focus on getting one’s own needs met, or one’s own questions answered. A very different approach would involve seeing interactions with others as opportunities for social connection; being willing to expend some additional mental energy to listen to others’ experiences and exchange views on topics of shared interest can serve as a foundation for building social relationships.
It can feel alienating to be surrounded by people who have basically hung out a ‘do not disturb’ sign. Drazen/E+ via Getty Images
How others interpret your actions
Also, by focusing so much attention on their own individual interests, people may inadvertently signal disinterest to others in their social environments.
As an example, imagine how it would feel to be on the receiving end of those daily commuting rituals. You find yourself surrounded by people whose ears are closed off, whose eyes are down and whose attention is elsewhere – and you might start to feel like no one really cares whether you exist or not.
As social creatures, it’s natural for human beings to want to be seen and acknowledged by other people. Small gestures such as eye contact or a smile, even from a stranger, can foster feelings of connection by signaling that our existence matters. Instead, when these signals are absent, a person may come to feel like they don’t matter, or that they’re not worthy of others’ attention.
How to foster connection in public spaces
For all these reasons, it may prove valuable to reflect on how you use your limited mental resources, as a way to be more mindful and purposeful about what and who garner your attention. As I encourage my students to do, people can choose to engage in what I refer to as psychological generosity: You can intentionally redirect some of your attention toward the other people around you and expend mental resources beyond what is absolutely necessary to navigate the social world.
Engaging in psychological generosity doesn’t need to be a heavy lift, nor does it call for any grand gestures. But it will probably take a little more effort beyond the bare minimum it typically takes to get by. In other words, it will likely involve moving from being merely transactional with other people to becoming more relational while navigating interactions with them.
A few simple examples of psychological generosity might include actions such as:
Tuning in by turning off devices. Rather than default to focusing attention on your phone, try turning off its volume or setting it to airplane mode. See if you notice any changes in how you engage with other people in your immediate environment.
Making eye contact and small talk. As historian Timothy Snyder writes, eye contact and small talk are “not just polite” but constitute “part of being a responsible member of society.”
Smiling and greeting someone you don’t know. Take the principle of “innocent until proven guilty” to the realm of social relations, by showing your willingness to welcome other people rather than displaying disinterest and avoidance. Such simple acts may help to foster feelings of belonging and build a sense of community with others.
Acknowledging another human with a smile, even when using an automated system, can help them feel seen and valued. izusek/E+ via Getty Images
Among the most cynical, examples like these may initially be written off as reflecting pleas to practice the random acts of kindness often trumpeted on bumper stickers. Yet acts like these are far from random – they require intention and redirection of your attention toward action, like any new habit you may wish to cultivate.
Practicing acts of psychological generosity, then, can provide you with opportunities to benefit from social connection, at the same time as these acts can pay dividends to other people and to the social fabric of your community.
Linda R. Tropp does not work for, consult, own shares in or receive funding from any company or organization that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.
BOSTON, May 21, 2025 (GLOBE NEWSWIRE) — Ataccama, the data trust company, today announced the release of Ataccama ONE data trust platform v16.1. This new version introduces powerful data lineage and connectivity capabilities, including enhanced diagram export for audit and compliance use cases and improved lineage visualization tools. It also expands pushdown processing for cloud platforms, such as Azure Synapse and Google BigQuery. With these updates, Ataccama helps organizations more easily operationalize automated lineage, govern data across complex environments, and deliver trusted insights at scale.
As more organizations shift to hybrid and multi-cloud setups, their data becomes spread across multiple systems, teams, and tools. The result is a growing lack of visibility into the origin of data, how it changes, and its utilization. Without that visibility, building trust, ensuring compliance, and keeping costs down become harder.
According to Gartner, only 48% of digital initiatives achieve their business outcome targets, often because organizations struggle to find, understand, and trust their data in complex environments. Traditional approaches to data lineage focus too narrowly on technical users, leaving business teams without the context they need to make timely, informed decisions. When teams cannot see where data comes from or how it changes across systems, tracing issues, confirming accuracy, and meeting compliance expectations becomes increasingly difficult.
The Ataccama ONE data trust platform closes the data trust gap by giving organizations a comprehensive and portable view of how data moves, transforms, and impacts downstream systems. New capabilities make it easier to manage lineage across environments, including exporting diagrams for audits, preserving historical lineage states, and migrating metadata to support governance workflows and system changes. Teams can go beyond static data views to track sensitive information, audit its handling, and build confidence with point-in-time documentation. Expanded pushdown processing allows organizations to analyze data directly within cloud platforms like Azure Synapse and BigQuery, reducing movement, improving performance, and maintaining governance at scale. These updates enable teams to act faster, meet regulatory requirements, and confidently deliver trusted insights.
“This release makes our lineage capabilities more actionable and enterprise-ready,” said Jessica Smith, VP of Data Quality at Ataccama. “Visualizing lineage in highly regulated and complex sectors like financial services, insurance, or manufacturing is not enough. Organizations need capabilities that support audit readiness, migrations, and change control. These updates allow teams to export diagrams for compliance reporting and manage metadata to promote environments and enforce governance policies. These enhancements help teams meet regulatory demands while staying agile across their data landscape.”
New capabilities in v16.1:
Automated lineage and audit snapshots: Organizations can track lineage automatically across systems and export diagrams as point-in-time snapshots for compliance reporting. Additional features allow teams to preserve historical lineage states and migrate metadata between environments to support governance and system changes.
Enhanced visibility and collaboration: Users can customize and export lineage diagrams, drill down into detailed monitoring dashboards, and leverage improved search ranking to pinpoint issues quickly, accelerate troubleshooting, and present compliance metrics with greater precision.
Cloud-native data processing: Expanded pushdown processing allows organizations to analyze large datasets directly within cloud platforms like Azure Synapse and BigQuery, reducing data movement, accelerating performance, and significantly lowering cloud processing costs.
Support for big data workloads: Enterprises can now catalog, profile, and process Avro files stored on cloud storage systems, streamlining the integration and analysis of large and complex datasets.
Enhanced connectivity and flexibility: Updates, including custom schema management for Snowflake pushdown and JWT authentication with HashiCorp Vault, further enable secure, flexible, and scalable enterprise data operations.
Ataccama is the data trust company. Organizations worldwide rely on Ataccama ONE, the unified data trust platform, to ensure data is accurate, accessible, and actionable. By integrating data quality, lineage, observability, governance, and master data management into a single solution, Ataccama enables businesses to unlock value from their data for AI, analytics, and operations. Trusted by global enterprises, Ataccama helps organizations drive innovation, reduce costs, and mitigate risk. Recognized as a Leader in the 2025 Gartner Magic Quadrant for Augmented Data Quality and the 2025 Magic Quadrant for Data and Analytics Governance, Ataccama continues to set the standard for trusted data at scale. Learn more at www.ataccama.com.
NASHVILLE, Tenn., May 21, 2025 (GLOBE NEWSWIRE) — RightNOW2025 — Having emerged from yet another demanding tax season, accounting professionals now confront heightened client expectations and limited time to pursue innovation and growth.
To help with navigating these persistent obstacles, Rightworks today announced Rightworks Community, its online platform that offers accounting and tax professionals the latest tools, insights, and actionable strategies from the profession’s most trusted advisors to help drive progress and inspire future-forward firms.
Rightworks Community combines the company’s two decades of leadership with its robust network of seasoned in-house and external experts to give members:
Centralized Resources: A growing range of educational content including templates, guides, articles, videos, podcasts, and CPE-eligible courses to enhance firm efficiency and deepen expertise.
Community Engagement: A collaborative space to develop winning strategies with like-minded professionals, benefit from mutual accountability, and receive expert guidance to navigate unique challenges and achieve their goals.
Emerging Best Practices: The latest trends and most effective tactics, featuring live and on-demand events, from mainstage presentations to in-depth workshops and wellness sessions led by top industry leaders, including Jason Staats, Ryan Lazanis, and more.
In early May, Rightworks Community completed its 2025 Tax Season Programming, which included events led by Amy Vetter, CPA, Yogi, and CEO of The B3 Method Institute. The free wellness sessions were designed to support mental clarity and optimize productivity during one of the profession’s most stressful seasons.
“The Rightworks Tax Season Programming, particularly Amy Vetter’s Chair Yoga and Mindful Meditation sessions, genuinely made a difference during a typically high-pressure time. Starting my day with these practices put my mind at ease, reduced stress, and l highly recommend attending a session to anyone seeking a positive way to begin their day,” said Susan Bannwart, CPA and President of Highpoint Advisory Services. “I’m excited to see the Chair Yoga sessions return and hope they’ll be back for next tax season.”
Free 60-Day Membership Offer for RightNOW2025 Attendees
To help turn their conference experience into a year-round actionable plan, Rightworks Community is extending 60 days of free Advantage membership through July 1 to RightNOW2025 attendees. The special offer is designed to enable attendees to continue learning, growing, and connecting with peers post-conference through roundtable events hosted by RightNOW2025 speakers, including Hector Garcia, Will Hill, and John Mitchell.
“We created the Rightworks Community as part of our mission to help advance the accounting profession,” said Joel Hughes, CEO of Rightworks. “The Community is an interactive space where accounting and tax professionals can collaborate with colleagues and trusted experts who understand their challenges. Members have access to comprehensive resources that bridge the gap between traditional practices and modern strategies.”
To learn more about Rightworks Community and to sign up, click here.
About Rightworks Rightworks enables accounting firms and businesses to significantly simplify operations and expand their value to clients via our award-winning intelligent cloud and learning resources. This is possible with Rightworks OneSpace, the only secure cloud platform purpose-built for the accounting and tax profession, and our premier community for firm optimization, growth, and professional development. Founded in 2002, we’ve grown to serve over 10,000 accounting firms in the US—from single practitioners to Top 10 firms. For more information, please visit rightworks.com or follow us on LinkedIn, Facebook, and Instagram.
