The ‘Making Dundee a Living Wage City’ campaign has entered its 6th year and a senior councillor has visited a local employer to meet with staff who have benefitted from accreditation.
Kanzen for Lifeis an award-winning social enterprise charity who support over 1,200 people weekly through physical exercise, education and wellbeing. They are well known in the city for excelling in Karate but also offer a wide range of classes and programmes for all ages and backgrounds, delivering an impressive range of community activities each week.
They have been accredited as a Living Wage employer since 2022 and have recently joined the Dundee Living Wage Action Group as a partner member following on from being a vocal, passionate supporter of the Living Wage movement.
Oliver Bruce, a team member at Kanzen for Life, met with Cllr Steven Rome to discuss how the uplift in pay and working for an accredited employer has benefitted him.
Oliver said: “Paying the Living Wage at Kanzen for Life shows that we genuinely value our team. For me, it’s not just about fair pay – it’s about respect, dignity, and creating a positive environment where people can thrive, both in work and life.”
Oliver has also written a blogabout why being living wage accredited is important to him as an employee and to Kanzen for Life as his employer.
Roy O’Kane, Charity Chief Officer at Kanzen for Life, said: “Paying the Living Wage is about fairness, respecting the dignity of hard work, and showing our team they’re valued. When we treat people right, they stay, they grow, and they bring their best to everything we do.”
Councillor Steven Rome, Convener of Fair Work, Economic Growth and Infrastructure said: “I was pleased to take up the opportunity to visit Kanzen for Life and speak with Oliver and Roy about their role in the local community and thank them for the positive impact they have had in Dundee.
“They have enhanced the reputation of the city by supporting major events as well as working to improve the health and wellbeing of citizens of all ages. It was also clear to me that they are really proud of being Living Wage accredited and that it goes hand in hand with their ethos as an organisation.”
This year the action group will be finalising the new Living Wage Action Plan, leading the implementation of the new Living Wage branding, attending key events, meeting with accredited employers and running the Living Wage Week 2025 programme.
Cllr Rome added: “We look forward to seeing their future plans come to fruition and are pleased that they have joined the group and know they will make many valuable contributions.
“I highly recommend anyone interested in becoming accredited to read Oliver’s eloquently written blog as it clearly highlights the benefits of paying the Living Wage. The action group is ready and waiting to hear from you.”
More information about the ‘Making A Living Wage Living City’ campaign as well as contact details for the action group can be found on the council’s website.
Source: France-Diplomatie – Ministry of Foreign Affairs and International Development
France took part in the EU’s Foreign Affairs Council meeting in Brussels on May 20. This meeting focused on the situation in Ukraine and the Middle East.
With regard to Ukraine, France welcomed the adoption of an ambitious sanctions package against Russia – the 17th – which must now be further strengthened, as that country is still refusing to negotiate a peace agreement. France is determined to continue current efforts to give Ukraine solid security guarantees.
France reiterated its strong condemnation of the expansion of Israeli military operations in Gaza and its blockade against humanitarian aid, which violates the principles of international law. France stressed its strong concern over Israel’s settlement policy and underscored the need for an agreement by Member States on sanctions against violent settlers and entities that promote settlement activity. It also called on the EU to take concrete measures, including the reexamination of the association agreement between the EU and Israel, and commended the High Representative’s announcement in this regard at the end of the meeting. France reaffirmed its commitment to the two-State solution and noted its efforts to ensure its implementation at the conference it will co-chair with Saudi Arabia this June in New York.
As for Syria, France supported the decision to lift economic sanctions against the country. This historic decision is the concrete expression of the commitments France made to the transition authorities with a view to supporting Syria’s economic recovery and transition process. France also emphasized that the easing of sanctions should go hand in hand with solid guarantees on transparency, the proper use of international funds and respect for our political conditions. The EU will have to continue ensuring that priority challenges are taken into account, especially the fight against terrorism. At France’s initiative, the EU member States also pledged to adopt sanctions against the perpetrators of human rights violations committed in Syria since the fall of Bashar al-Assad.
Source: United Kingdom – Executive Government & Departments
News story
Somerset Prepared Community Resilience Awards – nominations open
The Somerset Prepared partnership is now taking nominations for its annual awards which celebrate people who help their communities deal with emergencies.
Lucie Reader of Pitcombe and last years’s award winner
The Somerset Prepared partnership, including the Environment Agency, is searching for nominees for its next Community Resilience Awards.
The nomination window opened on Sunday 11 May in celebration of this month’s Somerset Day.
These awards recognise people and groups who have gone above and beyond to help their community be better able to deal with emergencies.
Awards will be presented in two categories:
Group award – for community organisations demonstrating exceptional emergency planning or preparedness
Individual award – for people who have made significant personal contributions to community resilience
Award winners will receive public recognition and vouchers for community activities. The awards will be presented by the Lord Lieutenant of Somerset, Mr Mohammed Saddiq at the annual Somerset Prepared Community Resilience Day, which will be held at Taunton Racecourse on Thursday, 15 October. At the free event, partners welcome local people to celebrate Somerset’s community emergency volunteers, with workshops, presentations, and equipment demonstrations.
The annual Somerset Prepared Community Resilience Day brings together key organisations including the Environment Agency, Somerset Rivers Authority and Somerset Council to help local communities strengthen their resilience against emergencies. Members of the public (or media) can reserve a place at the event by visiting Eventbrite.
Dr Bel Deering, community engagement officer for Somerset Rivers Authority, said:
The incredible work of volunteers who help their communities before and during emergencies deserves our gratitude.
They are our local heroes, and their courage and compassion deserve to be celebrated and shared as stories of hope for all of Somerset.
Last year’s individual winner was Lucie Reader of Pitcombe, whose exceptional leadership led to all homes in her community being flood protected for future emergencies. The group winner was Nunney Parish Council, whose councillors supported their community by proactively working with residents to improve their resilience to flooding.
Emma Giffard, flood resilience engagement advisor for the Environment Agency, said:
On behalf of all the Somerset Prepared partners, we extend our sincere thanks and warmly encourage both groups and individuals to submit their nominations for the awards.
Nominations for the award close on 15 September 2025.
Somerset Prepared is a multi-agency partnership working closely with communities to deliver advice, support and training to help enhance local resilience to emergencies. The partnership is made up of many organisations able to provide advice, guidance and support to help you develop local initiatives that enhance resilience to emergencies.
Source: United Kingdom – Executive Government & Departments
A study published in JAMA Network Open looks at social media use and depressive symptoms during early adolescents.
Prof Chris Ferguson, Professor of Psychology, Stetson University, said:
“Contrary to the claims of the authors, this study, in fact, finds little evidence that earlier social media time is associated with later mental health. The effect sizes reported are, in fact, so small, as to likely be due to statistical noise, not real effects. This is a common flaw of many correlational studies, particularly those with large samples such as this one. On balance, this study provides better evidence that social media has no predictive relationship with later mental health than it does anything parents should worry about. Further, pediatricians should not waste valuable time querying patients about social media, based on the extraordinarily weak statistical results from this study.”
‘Social Media Use and Depressive Symptoms During Early Adolescence’ by Jason M. Nagataet al. was published in JAMA Network Open at 16:00 UK time on Wednesday 21 May.
Source: People’s Republic of China in Russian – People’s Republic of China in Russian –
Source: People’s Republic of China – State Council News
Khabarovsk, May 21 /Xinhua/ — “We attach great importance to developing sales in the Chinese market; since 2011, the bulk of Baltika deliveries to China have been carried out from the plant in Khabarovsk. During this time, exports from Khabarovsk Krai to China have increased 15-fold,” said Roman Degtyarev, director of the Baltika-Khabarovsk branch (a branch of the Russian brewing company Baltika in Khabarovsk), in his speech at the session “Agroexport: How to Sell in China,” held on May 19 as part of the Russian-Chinese Forum.
R. Degtyarev told the forum participants about the company’s successful experience in entering the Chinese market. “We have been long-standing partners with China: regular export of Baltika has been carried out here since 2001, and during this time, deliveries have increased dozens of times.”
According to him, in order to expand Baltika’s presence in the Chinese market and certify the quality of its products, the company underwent voluntary certification “Made in Russia”. A network of representative offices was deployed in the country and abroad, including in the Chinese cities of Beijing and Harbin. Taking into account the preferences of Chinese consumers, in 2024 the company released the Baltika Bolshoy Medved brand specifically for the Chinese market.
The Baltika-Khabarovsk enterprise, launched in April 2003, is the largest producer of beer and soft drinks in the Khabarovsk Territory. The annual capacity of the plant currently amounts to 230 million liters. The bulk of deliveries to the countries of the Asia-Pacific region comes from China.
On May 19, a two-day Russian-Chinese forum dedicated to cooperation between the two countries opened in Khabarovsk. More than 3,000 applications were received from representatives of business, government bodies, and creative industries of Russia and China to participate in the forum. –0–
Source: People’s Republic of China in Russian – People’s Republic of China in Russian –
Source: People’s Republic of China – State Council News
BEIJING, May 21 (Xinhua) — The ministers of economy and trade of China and the Association of Southeast Asian Nations (ASEAN) have called for deepening bilateral economic and trade cooperation to counter negative uncertainties. The call was made at a special meeting of China-ASEAN ministers of economy and trade held via video link on Tuesday.
As Chinese Commerce Minister Wang Wentao noted during the meeting, China is willing to work with ASEAN to maintain the stable and smooth operation of global industrial and supply chains, make greater contributions to promoting the development and rise of both sides, and safeguarding international fairness and justice.
Wang Wentao recalled that recently some economies have been abusing so-called “mirror duties” and engaging in economic bullying, which has seriously undermined the international trade system and introduced a high degree of uncertainty into the global economy. Such practices do not comply with economic rules and violate market principles, the head of the Ministry of Commerce of the People’s Republic of China stated.
During the meeting, the ministers called for collective action to defend the multilateral trading system and free trade, as well as for the effective use of the World Trade Organization mechanisms to establish constructive contacts, find joint solutions and address concerns in global trade.
ASEAN Secretary-General Kao Kim Horn said all parties should cooperate with a forward-looking approach, firmly uphold openness and inclusiveness, and continuously promote regional economic integration.
He expressed hope that ASEAN and China can deepen their partnership, achieve high-quality common development, promote cooperation in areas such as smart manufacturing, and strengthen connectivity and green transformation.
Following the meeting, a joint statement was issued reaffirming China and ASEAN’s position on economic exchanges and challenges to the global economy.
China and 10 ASEAN countries have completed negotiations to upgrade the China-ASEAN Free Trade Area to version 3.0, the Ministry of Commerce said on Wednesday. –0–
This groundbreaking technical paper is informed by and supports the effort by Small Island Developing States (SIDS) to tackle the economic and commercial determinants of health—as set out in the 2023 Bridegtown Declaration. In particular, the paper addresses the challenges and opportunities for SIDS in addressing the economic and commercial determinants of noncommunicable diseases, mental health conditions, injuries and violence.
The technical paper is the first comprehensive analysis examining how commercial determinants specifically impact health outcomes in SIDS, identifying both challenges and opportunities for intervention.
Key findings
The paper reveals several critical common and shared vulnerabilities of SIDS which underpin their economic and commercial determinants of health.:
Power imbalances: Due to small populations and limited human and financial resources, SIDS face disproportionate pressure from multinational commercial actors
Less diversified economies: Many SIDS rely heavily on sectors centered on potentially health-harming products.
Dependence on external supply: Import dependency leaves SIDS susceptible to market fluctuations and disadvantageous trade agreements
Interconnected challenges: Climate change, food insecurity and harmful commercial practices compound leading to health harms.
Recommendations
The paper outlines five key opportunity areas for addressing economic and commercial determinants of health in SIDS:
Creating policy environments that enable health through measures such as taxation of health-harming products as well as regulation of commercial practices such as harmful marketing
Safeguarding against conflicts of interest through transparent and coordinated governance mechanisms
Empowering community participation in governance for health
Strengthening governance for commercial determinants in development approaches
Investing in SIDS-SIDS and triangular cooperation
As Dr Etienne Krug, Director of WHO’s Social Determinants of Health Department, notes in the paper’s foreword: “Tackling the commercial determinants of health in SIDS includes action to support shifting businesses from health-harming to health-promoting practices, addressing power imbalances between public sectors and commercial actors, regulating harmful commercial practices, and improving underlying systems.”
Building on momentum
The paper builds on the 2023 Bridgetown Declaration on NCDs and Mental Health, providing a technical foundation for implementing the roadmap established at the SIDS Ministerial Conference in Barbados.
This paper comes as the Bridgetown Declaration’s importance moves beyond SIDS: it provides the momentum and path forward as the world approaches the Fourth High-Level Meeting. In the same way that the 2007 Declaration of Port-of-Spain on Uniting to Stop the Epidemic of Chronic NCDs is credited with building momentum for the first UN high-level meeting on NCDs in 2011 and its transformation of the NCD response, the 2023 Bridgetown Declaration promises to be a catalyst for the rebirth of the response to NCDs and mental health.
“The time for action is now,” the technical paper concludes, calling for collaborative efforts between SIDS governments, communities, and international partners to develop integrated approaches that prioritize well-being, embrace Indigenous knowledge, and support health-aligned local businesses.
WHO will continue supporting SIDS and all countries through technical assistance, capacity-building and fostering a global community of practice on commercial determinants of health to protect health, promote wellbeing and save lives.
Angel Families — whose lives have been shattered by illegal immigrant criminals with no right to be in the country — are calling on Congress to pass President Donald J. Trump’s One, Big, Beautiful Bill, the New York Post reports.
“’Angel families’ whose loved ones have been killed by illegal immigrants and gang members are urging congressional Republicans to pass President Trump’s ‘big beautiful bill’ to seal the border and fast-track deportations, The Post can exclusively reveal.
‘We write to you not as politicians or pundits, but as parents — mothers and fathers who have buried our children because the United States government failed to secure its border,’ they said in an open letter to Congress. ‘There can be no justice for our children, but there can be accountability. There can be action. And there must be change,’ they added.
‘We urge every member of Congress to support the ‘One Big Beautiful Bill’ and vote to secure the border, protect our communities, and prevent the next American family from living our nightmare.’
More than 60 angel relatives co-signed the letter, including the mother of Jocelyn Nungaray, whose 12-year-old daughter was allegedly murdered by two illegal migrants, and the family of Laken Riley, a Georgia nursing student who was killed by a Tren de Aragua gang member from Venezuela. […]
In their letter, the ‘angel families’ said that for too long they ‘have been ignored, dismissed, or labeled as political props.’
‘Every single one of us is living with a permanent hole in our lives because an illegal immigrant, who never should have been in this country, was allowed to stay and take an innocent life,’ they said.
‘These were preventable tragedies. And yet, year after year, Washington offers excuses insteadof solutions. That must end now.’”
Greenbelt, Maryland – Chase William Mulligan, 28, of Silver Spring, Maryland, pled guilty to two counts of producing child sexual abuse material in federal court. The charges are in connection with a scheme in which he met young girls through social media and internet chat rooms and eventually “sextorted” them.
Specifically, through the scheme, Mulligan coerced at least 108 girls — ranging from ages 5-17 — to send him sexually explicit photographs and videos of themselves. When the girls told him they no longer wanted to send him sexually graphic images, Mulligan threatened to post the images online or come to their house.
Kelly O. Hayes, U.S. Attorney for the District of Maryland, announced the guilty plea with Special Agent in Charge William J. DelBagno of the Federal Bureau of Investigation (FBI) – Baltimore Field Office.
“Mulligan used manipulation, fear, and intimidation to exploit over 100 young victims. Now we must ensure that we send a clear message to Mulligan, and others, that those who abuse the most vulnerable members of our communities will pay a steep price,” Hayes said. “We’re committed to working with our law-enforcement partners to relentlessly pursue, prosecute, and bring to justice those who engage in these deplorable acts.”
“Chase Mulligan is a depraved and dangerous predator. He used social media to target, viciously threaten, and horribly abuse more than 100 minor victims – one as young as five years old,” DelBagno said. “His abhorrent behavior is not diminished by the fact he was thousands of miles away and never met his victims, rather, it’s the opposite. Despite his distance, he presents a serious threat to any child he can access through the internet. The FBI works diligently every day to find and arrest predators like Mulligan so they can no longer prey on innocent children.”
As detailed in the plea agreement, between at least 2019 and December 2023, Mulligan used numerous Snapchat, Discord, Roblox, Skype, Omegle, and Instagram accounts to target young girls. He convinced minors living in the United States, Canada, Denmark, Spain, Philippines, Australia, and United Kingdom to produce and send him sexually explicit images.
Mulligan also directed minors to expose their genital areas and engage in sexual conduct. Additionally, Mulligan coerced multiple girls to urinate on camera, insert objects into their genitalia, and participate in sexual acts with dogs.
After some victims informed Mulligan that they no longer wished to send him sexually explicit images, he threatened to publicly post the images or come to their homes. Mulligan wanted the victims to send more images depicting increasingly graphic sexual conduct.
As part of his plea agreement, Mulligan must register as a sex offender in places where he resides, is an employee, and is a student, under the Sex Offender Registration and Notification Act.
Mulligan is facing a mandatory minimum of 15 years and a statutory maximum of 60 years in federal prison. U.S. District Judge Theodore C. Chuang scheduled sentencing for Wednesday, August 27, at 2:30 p.m.
This case was brought as part of Project Safe Childhood, a nationwide initiative launched in May 2006 by the Department of Justice to combat the growing epidemic of child sexual exploitation and abuse. Led by the United States Attorney’s Offices and the Criminal Division’s Child Exploitation and Obscenity Section, Project Safe Childhood marshals federal, state, and local resources to locate, apprehend, and prosecute individuals who sexually exploit children, and to identify and rescue victims. For more information about Project Safe Childhood, visit www.justice.gov/psc. Click the “Resources” tab on the left side of the page to learn about Internet safety education.
U.S. Attorney Hayes commended the FBI for its work in the investigation. Ms. Hayes also thanked Assistant U.S. Attorneys Megan S. McKoy and Elizabeth Wright who are prosecuting the case.
In recent years, the term “eldest daughter syndrome” has gained traction on social media, as many firstborn daughters share how they had to grow up faster. They often took on caregiving and supportive roles in their families.
In high-income countries, research shows that these responsibilities often bring long-term benefits. Firstborn daughters – and sons – tend to have higher educational attainment and stronger cognitive skills. They also enjoy better job prospects and salaries.
Some studies in low- and middle-income countries have found similar positive effects of being the eldest. But others have found the opposite.
In low-income contexts, economic constraints, cultural practices – such as the involvement of extended families in child-rearing – and inheritance norms may produce very different effects.
Our research brings new insights by examining these dynamics in Madagascar. It is one of the world’s poorest countries. Birth order there strongly shapes the transition to adulthood, especially for firstborn children.
Progress in understanding birth order effects in low-income countries is held back by the lack of detailed, sibling-level data. Our study used a dataset that followed individuals from the ages of 10 to 22, capturing their transition from adolescence to adulthood. It collected detailed information on education, work, health, marriage, and migration. The dataset also captured key demographic and educational details for all living full siblings of each respondent.
We found that firstborns in Madagascar transition into adulthood earlier than their younger siblings. They are more likely to leave school early. They enter the workforce sooner and marry at younger ages. For example, fourth-born children are 1.5 percentage points less likely than firstborns to have never attended school, and 1.1 percentage points more likely to complete post-secondary education.
Or, third-borns are 23% less likely to marry at age 19 than firstborns.
Our findings suggest that later-born children benefit from greater parental investment in education. This leads to better schooling outcomes and delayed entry into the labour market.
Birth order and the transition to adulthood
In Madagascar, early marriage can be a way for families to ease financial pressure. This is especially true since daughters typically join their husband’s household.
When it comes to marriage, we find that later-born children are less likely to marry early than their firstborn siblings – especially after age 17. This trend holds for both boys and girls. The difference appears earlier for girls, which aligns with their younger average age at marriage.
Interestingly, second-born girls are not significantly less likely to marry than their older sisters. This suggests that the eldest daughter does not always bear the full brunt of early marriage risk.
Firstborn daughters often take on caregiving and household roles. These responsibilities may delay their marriage slightly, as families rely on them for day-to-day support.
What explains these birth order effects?
We did not observe significant differences in cognitive skills (like reasoning) or non-cognitive traits (like personality) between firstborns and their younger siblings. Cognitive abilities were assessed through oral and written math and French tests administered at home. These findings contrast with evidence from wealthier countries, where firstborns often outperform their siblings in both cognitive and non-cognitive domains. This may result from greater early parental investment.
In Madagascar, child development may rely less on direct parental input and more on interactions within the extended family. This is consistent with the concept of fihavanana, a cultural principle that emphasises solidarity and mutual support within the extended family.
Rather than benefiting mostly from parental quality time, children – especially later-borns – may develop their cognitive and non-cognitive skills through broader social networks. These include relatives and older siblings.
We also explored whether gender preferences might help explain the differences in outcomes. For instance, if later-born children were disproportionately boys, it could suggest that parents continued having children in hopes of having a son. This could lead to more resources being allocated to that later-born boy. However, our data show an even distribution of boys and girls among later-born children. This suggests that gender-based stopping rules are unlikely to explain the patterns we observe.
Instead, our findings point to economic constraints as the main driver for firstborns transitioning into adulthood earlier than their younger siblings.
In poorer households, particularly in rural areas, firstborn children are often asked to help out financially. This often comes at the cost of their own education. Later-born children, by contrast, receive more investment in their schooling. This may compensate for their limited access to other resources, such as land.
We find no birth order advantage in wealthier households or among families where parents have some education. This again highlights poverty as a key factor shaping these patterns.
The double burden of being firstborn
To sum up, our research shows that, in Madagascar, both male and female firstborns face an earlier transition into adulthood. They leave school and enter the labour market sooner. They marry earlier, although firstborn girls may be at slightly lower risk of early marriage than their younger sisters.
This suggests that, in poor countries, the eldest daughter syndrome is not just about emotional and care-giving responsibilities. It may also come with fewer educational opportunities, greater economic pressure, and an earlier end to childhood. A true double burden for disadvantaged girls. Economic constraints within households largely explain this pattern.
But the story is not only one of constraint. The absence of differences in cognitive and non-cognitive skills suggests that broader community ties, rooted in fihavanana and extended kinship networks, help cushion the impact of early responsibility. These collective structures may not erase inequality, but they offer a vital source of resilience.
As policymakers and practitioners look for ways to promote educational equity, it’s worth remembering that some of the most overlooked trade-offs happen within households. Reducing the weight of those trade-offs – through financial support, community-based programmes, or school retention efforts – could help ensure that the future of one child doesn’t come at the expense of another.
Claire Ricard receives funding from the program “Investissements d’avenir” (ANR-10-LABX-14-01). She’s affiliated to Université Clermont Auvergne, CNRS, IRD, CERDI, F-63000, Clermont-Ferrand and works as an Economist at IDinsight, Rabat, Morocco.
Francesca Marchetta receives funding from the program “Investissements d’avenir” (ANR-10-LABX-14-01).
She’s affiliated to Université Clermont Auvergne, CNRS, IRD, CERDI, F-63000, Clermont-Ferrand and with PEP (Partnership for Economic Policy).
Source: The Conversation – Canada – By Paco Milhiet, Visiting fellow au sein de la Rajaratnam School of International Studies ( NTU-Singapour), chercheur associé à l’Institut catholique de Paris, Institut catholique de Paris (ICP)
These recent events provide an opportunity to examine the complex historical and geopolitical entanglements surrounding St-Pierre-Miquelon and involving France, Canada and the United States.
Last French territory in the region
Visited by Indigenous Peoples for nearly 5,000 years, St-Pierre-Miquelon became known to European sailors in the late 15th century and was officially claimed for France by Jacques Cartier in 1536.
The archipelago soon emerged as a strategic base for French fishermen engaged in cod fishing and whaling. Over the ensuing centuries, the islands were fiercely contested by France and Great Britain, changing hands multiple times before being definitively restored to French control in 1816.
In the 20th century, the archipelago was at the heart of recurring fishing disputes between Canada and France.
Both these events had major economic repercussions for St-Pierre-Miquelon.
Hefty tariff
Today, the territory’s economy is small — less than 0.001 per cent of France’s GDP — and it depends heavily on public funds and external provisions, particularly from neighbouring Canada.
Nevertheless, the territory was initially included among the targets of the so-called Liberation Day tariffs announced U.S. President Donald Trump in April. It was singled out with a hefty 50 per cent import duty, temporarily making it one of the most heavily taxed territories in the world, matched only by the landlocked African country of Lesotho.
St-Pierre-Miquelon and the U.S. had a balanced trade relationship from 2010 to 2025, until a sharp discrepancy appeared in July 2024. The U.S. imported US$3.4 million worth of goods from the islands, exporting only $100,000 over the entire year.
This resulted in a reported trade imbalance of 3,300 per cent for the year 2024, which the U.S. government appears to have interpreted as evidence of a 99 per cent tariff imposed by the territory, applying the same flawed algorithm on other countries.
Why was there such a discrepancy in July 2024?
According to several reports, this statistical anomaly is actually the result of a long-standing dispute between France and Canada over fishing quotas in the waters surrounding St-Pierre-Miquelon.
Traditionally, the territory mainly exports seafood products to France and Canada, and almost none to the U.S.
While the catch was made in international waters and was technically legal, it occurred amid ongoing tensions between France and Canada over halibut stocks and the sustainability of the species in the area.
Because of these tensions, the catch was redirected to the U.S. market and sold for the aforementioned US$3.4 million, an outcome that ultimately triggered the tariffs imposed by the Trump administration.
France and Canada reached an agreement on halibut later in 2024. But their “halibut war” was just the latest example of recurring disputes between the two countries over fishing quotas in the waters off the Grand Banks of Newfoundland, one of the world’s richest fishing grounds.
The heavy tariffs imposed by the U.S. on St-Pierre-Miquelon, even though they were swiftly reversed, wer therefore an indirect consequence of the long-standing tensions between France and Canada.
A new Alcatraz?
Within days of St-Pierre-Miquelon recovering from the tariff shock, it was once again thrust into the spotlight.
It’s not the first time politicians have proposed deporting prisoners to French overseas territories.
The suggestion is aligned with France’s historical use of these territories as sites for penal colonies, most notably in Cayenne in French Guyana and New Caledonia in the South Pacific.
Wauquiez’s remarks were widely condemned as contemptuous and colonial in tone, including by members of the government.
In response, local authorities in St-Pierre-Miquelon tried to capitalize on the controversy by launching a humorous media campaign that reappropriated the OQTF acronym.
Social media ads from St-Pierre-Miquelon officials on the deportation proposal by Laurent Wauquiez. (Compiled by Paco Milhiet)
Their goal was to shift the narrative and highlight the archipelago’s appeal: low unemployment, strong public safety, outstanding natural landscapes and a peaceful, family-friendly quality of life — and, hopefully, free from hefty American tariffs.
Paco Milhiet does not work for, consult, own shares in or receive funding from any company or organisation that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.
An international award-winning author will be hosting a free talk this Saturday at Aberdeen Central Library.
Leila Aboulela will discuss her latest book ‘A New Year’, released as part of this year’s World Book Night, as well as talking about her career, inspirations and love of reading and writing.
Councillor Martin Greig, Aberdeen City Council’s culture spokesperson, said: “We are delighted to welcome such a distinguished author to our library.
“Leila’s work is hugely influential and insightful and I encourage everyone to come along and be inspired.”
Leila Aboulela said: “I am delighted to be back at the central library. Here in the early 1990s, my ambition to become a writer was first ignited.
“I attended creative writing workshops and author events which introduced me to the works of Scotland’s top writers. And of course I borrowed and read lots of books. I also made friends at the library, lifelong friends. The library will always be one of my favourite places in Aberdeen.”
The talk will be followed by a book signing, and copies of Leila’s books will be available to purchase.
Born in Cairo, Egypt, and brought up in Khartoum, Sudan, Leila began her literary career after moving to Aberdeen. Her work has received critical recognition for its depiction of the interior lives of Muslim women and the exploration of identity, migration and Islamic spirituality.
An Afternoon with Leila Aboulela will be held on Saturday 24 May at 2:30pm at Aberdeen Central Library. Booking is required to attend this event. To reserve a place, please email libraryevents@aberdeencity.gov.uk or phone 01224 070707.
Residents across Sunderland are being invited to join a packed schedule of family fun at the Ford and Downhill Football Hubs this May half term. This is part of the city’s commitment to promoting active lifestyles for all ages and abilities.
On Wednesday 28 May, head over to Ford Football Hub and drop in for a day packed with fun activities that are perfect for all ages and abilities. From exciting family games to gentle movement sessions, there’s something for everyone.
Try your hand at basketball with Lambton Raptors, enjoy some friendly non-contact rugby with Vigor Rugby, or jump into classic group games with ParkPlay – a big hit with kids and grown-ups alike. There’s even Walking Football for those who prefer a gentler pace, and light, music-filled sessions like Clubbercise that are all about having fun.
Families can also hop on the Melissa Bus – an interactive mobile space where you can explore health and wellbeing in a hands-on, engaging way. Kids will love the smoothie bike, where they can pedal their way to a fruity treat, while parents can browse stalls from NHS Oral Health, Everyone Active, and other local groups offering friendly tips and advice.
The fun continues on Friday 30 May at Downhill Football Hub, where the day features even more inclusive activities. Fancy a stretch and a moment of calm? Join the Stretch & Relax session – great for loosening up and taking a breather together. The Family Fit 4 Fun session, run by the Active Sunderland Healthy Lifestyle Team, is all about playful movement and bonding as a family – no experience needed!
Councillor Beth Jones, Cabinet Member of Communities, Culture and Tourism at Sunderland City Council, said: “These events are all about bringing families together to enjoy activity together – moments of movement, fun, and connection. Whether you’re playing games, trying something new, or just soaking up the atmosphere, there’s something for everyone to enjoy.”
Source: State University Higher School of Economics – State University Higher School of Economics –
In Ashgabat (Turkmenistan) was held V Open Mathematical Olympiad for Students OMOUS-2025 (Open Mathematical Olympiad for University Students), which brought together teams from Turkmenistan, Uzbekistan, Indonesia, Iran, Romania, Poland, the United Arab Emirates, Russia and India. In total, about 500 students joined the event.
The Olympiad consisted of two rounds: individual and team. The individual round lasted four hours, the participants were asked to solve six problems. In this competition, the students of the Faculty of Computer Science showed excellent results, winning gold medals.
The team round of the Olympiad took place the next day and lasted two hours, during which ten problems had to be solved. Here, the FKN team took second place, scoring 69 points out of 100.
Vasily Silvestrov
— Preparing for the problems of previous years, we understood that the Olympiad is not easy, but we have a good chance of winning gold medals. For me, this was the first international Olympiad, which added reasons to be nervous. We got a lot of points on the appeal. We prepared for it for two nights: we wrote alternative solutions and prepared criteria for them. Overall, it was an unforgettable experience: interesting culture, a beautiful city, delicious food. I would like to thank the organizers of the Olympiad for choosing and preparing the problems. We hope that next year, our university teams will also achieve excellent results.
Text: Maria Vorontsova
Please note: This information is raw content directly from the source of the information. It is exactly what the source states and does not reflect the position of MIL-OSI or its clients.
Source: United States Senator for Minnesota Amy Klobuchar
WASHINGTON – Senators Amy Klobuchar (D-MN) and Chuck Grassley (R-IA) led a bipartisan group of senators in introducing a resolution calling for the return of abducted Ukrainian children before finalizing any peace agreement to end Russia’s brutal invasion of Ukraine.
The resolution condemns Russia’s abduction and forcible transfer of Ukrainian children and notes Russia’s invasion has increasingly exposed children to human trafficking and exploitation, child labor, sexual violence, hunger, injury, trauma and death.
“The mass kidnapping of Ukrainian children by Russia is an atrocity,”said Klobuchar.“We cannot accept a world where children are abducted during wartime and used as a form of hostage-taking for negotiations. These children must be returned unconditionally before any peace deal is finalized.”
“Putin’s inhumane and unprovoked attack on Ukraine started the largest war in Europe since World War II. He has kidnapped thousands of children to brainwash and Russify them in an attempt to destroy their cultural identity and heritage. The United States ought to demand these children are returned before inking a deal to end the war in Ukraine,”Grassley said.
Additional cosponsors of the resolution include Senators Joni Ernst (R-IA), Dick Durbin (D-IL), and John Fetterman (D-PA), Roger Wicker (R-MS) and Rick Scott (R-FL). You can find the full text of the resolutionhere.
This resolution follows a bipartisanlettersent in March, led by Senators Klobuchar, Grassley and Durbin, calling for the State Department to continue supporting efforts to investigate Russia’s abduction and deportation of Ukrainian children.
To date, Ukrainian authorities have received at least 19,546 confirmed reports of unlawful deportations and forced transfers of Ukrainian children to Russia, Belarus or Russian-occupied Ukrainian territory. The abductions aim to erase the children’s Ukrainian names, language and identity. As of April 16, Ukraine and its partners have only managed to return 1,274 abducted children.
The State Department’s 2024 Trafficking in Persons Report found Russia recruits or uses child soldiers, has a state-sponsored policy or pattern of human trafficking and is among the worst hubs for human trafficking in the world.
Reacting to comments in the Commons today in which Keir Starmer said he wanted to ensure more pensioners are eligible for winter fuel payments, Sian Berry MP said:
“The Prime Minister’s statement shows just how much pressure he is now under, from the public, Greens and others in opposition, and many Labour MPs, to demonstrate he has at least some understanding that his Government’s cuts are hurting people.
“To truly right these many wrongs, the Chancellor must try harder, and use her upcoming fiscal decisions to tax extreme wealth fairly. This could not only restore payments in full to the millions of pensioners Labour has betrayed, but also enable her to reconsider other cruel political choices, including £5 billion in cuts to welfare and her refusal to cancel the two-child benefit cap.
“Together, these u-turns would save hundreds of thousands from being pushed into poverty, and Greens will be making the case for this alongside everyone affected until this Government does the right thing.”
Source: United Kingdom – Executive Government & Departments
Press release
Government Taskforce meets on Merseyside to bolster nation’s flood resilience
Flood response capabilities on display at Merseyside fire base
The third meeting of the Government’s national Floods Resilience Taskforce convened in Aintree today
Bolstering the nation’s resilience to flooding, including in Merseyside, was top of the agenda as the Government’s national Floods Resilience Taskforce convened in Aintree today (Wednesday 21 May).
The meeting was chaired by Floods Minister Emma Hardy and hosted by Mersey Fire and Rescue Service at their National Resilience Centre of Excellence, one of the UK’s most advanced emergency service training facilities, used to co-ordinate national responses to large scale incidents and provide firefighters with the necessary training and skills to respond to events such as severe flooding.
The Government inherited the nation’s flood defences in their worst condition on record. To ensure the country is protected from the devastating impacts of flooding, more than 1,000 flood defences will be built or repaired through the Plan for Change as part of a record £2.65 billion two-year investment.
Today’s Taskforce meeting brought together partners including Defra, Cabinet Office, the Ministry for Housing, Communities and Local Government, the Environment Agency, the Met Office, Local Resilience Forums, Mayoral Offices, emergency responders, the National Farmers Union, and environmental interest groups.
Floods Minister Emma Hardy said:
The role of any government is to protect its citizens. Having inherited flood defences in disrepair, we are bringing together valued partners through our Floods Resilience Taskforce here in Aintree as we look to speed up and co-ordinate flood preparation and resilience.
Through our Plan for Change, we’re investing a record £2.65 billion to repair and build more than 1,000 flood defences across the country, protecting tens of thousands of homes and businesses including on Merseyside.
The group discussed plans to modernise the UK’s system for flood warnings further, stressing the need for users to understand better how it works for effective decision-making, planning and response. The development of a common warnings framework across the UK will enhance the service and support actions to reduce risks to people, property and livelihoods.
The Taskforce also confirmed plans to improve the way the government identifies individuals vulnerable to flooding. This includes using the risk vulnerability tool, unveiled last month by the Cabinet Office, which will enable thousands of officials to see how vulnerable particular areas are to risks by mapping real time crisis data such as live weather warnings, alongside demographic statistics.
The meeting touched upon the flood recovery framework, which through local authorities in England provides government support in the aftermath of flooding in exceptional circumstances. There was also discussion of the Bellwin scheme, which is used to reimburse local authorities in England for the costs of the actions they take in the immediate aftermath of an emergency or disaster that endangers life or property. It was agreed that further work is required to improve public understanding of flood resilience.
Caroline Douglass, Executive Director for Flood and Coastal Risk Management at the Environment Agency, said:
Protecting communities in England from the devastating impact of flooding is one of our top priorities as climate change brings more extreme weather.
By participating in the Floods Resilience Taskforce, we’re ensuring we share information and co-ordinate our approach to bolster protection for thousands of homes and businesses from the dangers of flooding, preventing billions of pounds worth of damages.
Minister Oppong-Asare, Parliamentary Secretary at the Cabinet Office, said:
The Flood Resilience Taskforce sits at the heart of our work to protect communities from extreme weather and flooding.
Today’s meeting highlighted how digital tools can strengthen our flood response to identify and support those who are most vulnerable to the impacts of flooding.
Through the taskforce, we’re continuing to work closely with key partners to keep people, homes, and businesses safe.
Met Office Services Director Simon Brown said:
Our observations show that the UK is getting wetter, we are seeing more days with over 50mm rainfall in autumn months. A warmer, moister atmosphere increases the capacity for deluges of rain, which can result in serious flooding. A recent study looking at the storms through autumn and winter in 2023/24 found climate change increased the amount of rainfall from these storms, making them about 20% more intense.
A number of recent Met Office attribution studies have shown that some recent heavy rainfall events in the UK associated with flooding can be linked to human-caused climate change. Since 1998 the UK has seen six of the 10 wettest years on record. Events such as the wettest February on record in 2020, are expected to become more frequent by 2100 due to climate change.
The Government’s record investment in flood defences includes around £2.5 million in funding for Merseyside across 2024/25 and 2025/26, including £1 million for a flood alleviation scheme to protect communities near the Pool watercourse at Churchtown in Southport.
Following the cabinet decision on 11 February to transform the library services, Sutton Coldfield’s town centre library will close on 27 June.
The closure is due to the significant investment required to address the condition of the building and associated Health and Safety concerns.
The closure of the Town centre library located in the Red Rose shopping centre also allows Birmingham City Council with partners to progress the redevelopment of the Red Rose shopping centre as a priority for the transformation of the Sutton Coldfield Town Centre.
Cllr Saima Suleman, Cabinet Member for Digital, Culture, Heritage & Tourism said:
“We remain committed to providing a library service across Sutton Coldfield and will continue to work with partners for the continuation of Boldmere and Walmley libraries, in addition to services at Mere Green Library.
“The mobile library service will also continue to serve the area providing access for those impacted by the closure. Residents in Sutton Coldfield can continue to access the 24-hour online service, citywide book reservation service, self-service, Library Services at Home, and digital library offering. We remain open to exploring future partnership opportunities as they arise across the city.”
Further information on the closure, alternate arrangements and in finding your nearest library can be found at: https://www.birmingham.gov.uk/directory_record/5153/sutton_coldfield_library
Joint statement on the launch of a High-Level Panel on Social Protection in Fragile and Conflict Settings
Joint statement from the Panel co-chairs, Lord Collins of Highbury, Parliamentary Under Secretary of State for Foreign, Commonwealth and Development Affairs and H.E. Salah Ahmed Jama, Deputy Prime Minister, Federal Government of Somalia
Joint statement:
“Today marks the first meeting of the High-Level Panel on Social Protection in Fragile and Conflict-Affected Settings. And the beginning of our six-month mandate.
Nearly three-quarters of the world’s extreme poor live in fragile settings, where crises are lasting longer, forcing more people from their homes, and contributing to migration.
When floods, cyclones and droughts hit, when conflict breaks out, when economic shocks destroy livelihoods, social protection can provide a first line of defence, an effective locally led solution that enables the most vulnerable people to withstand, survive, recover from crisis and rebuild their lives at home. One that reduces the need for humanitarian response.
But despite its proven potential, it is often overlooked in the fragile and conflict-affected settings where it is needed most.
Over the next six months, the Panel will gather and review lessons from across sectors and regions – including through a forthcoming global public enquiry. As co-chairs, our goal is to come up with bold, practical recommendations that can drive meaningful change.”
Support for young people into agricultural careers.
More than £2 million will be available to support young people entering farming through a pre-apprenticeship programme and training fund.
Speaking at a joint NFU Scotland and Scottish Government summit on new entrants, Agriculture Minister Jim Fairlie launched a newly procured Land Based Pre-apprenticeship Programme with £1.8 million committed over three years.
Mr Fairlie also confirmed the relaunch and procurement of the Next Generation Practical Training Fund. The fund is open from now until March 2027 with at least £300,000 a year to help young people access skills training in a flexible, individual way.
Mr Fairlie said:
“I know from my own experience the hard work and dedication that it takes to enter the industry as a new entrant farmer and the challenges young people can face. These two funds will help more people get practical training to launch their agriculture careers.
“The pre-apprenticeship programme has been expanded to take on close to 400 people and to date we have had more than 60 applications for the training fund. This is a really promising start and is a positive step towards improving safety on-farm and training up the depleted post-Brexit labour force.”
“We welcome this vital investment in practical training and pre-apprenticeship opportunities. These programmes are not just about developing skills, they are about securing the future of Scottish agriculture.
“We urgently need action on land access and capital support to complement this step forward, so that young people can see a clear, supported path into the sector.”
Lantra Scotland Director Dr Liz Barron-Majerik said:
“Lantra works to enhance Scotland’s natural environment and support the rural economy, by increasing the number and diversity of employees in Scotland’s land-based and aquaculture sector and driving their skills development. The training fund and the pre-apprenticeship programme are both of great benefit to new entrants to agriculture as they start on their career path, and so I’m delighted that we’re going to be managing them on behalf of, and in partnership with, FONE and the Scottish Government.
“We look forward to working with our training provider partners on the delivery of the training funds, and the Scottish Machinery Rings, SRUC and Borders College on the pre-apprenticeship. We would also like to encourage others who are interested in becoming involved to please get in touch via scotland@lantra.co.uk.”
Westminster City Council has announced the implementation of a new Selective Licensing Scheme for privately rented homes, reaffirming its commitment to raising housing standards and creating a fairer, safer rental environment for residents across the city.
The new scheme, set to cover 15 of the city’s 18 wards, will apply to all privately rented properties excluding Houses in Multiple Occupation (HMOs) that are already covered under existing mandatory and additional licensing schemes. This decisive move is aimed at tackling poor housing conditions and reducing anti-social behaviour by targeting rogue landlords and bringing substandard properties up to acceptable living standards.
Westminster City Council undertook a thorough statutory consultation process before approving the scheme. The council commissioned Cadence Innova, an independent consultancy with expertise in public sector engagement, to carry out an extensive series of consultation activities. These included outreach with landlords, tenants, residents, and other key stakeholders. Cadence Innova has independently reviewed and reported on the responses and findings from the consultation.
The decision to proceed with the scheme follows careful consideration of the consultation results and a detailed evidence base, highlighting the need for intervention in areas where housing conditions and anti-social behaviour remain problematic.
Councillor Matt Noble, Cabinet Member for Regeneration and Renters, said:
“The Selective Licensing Scheme is about supporting responsible landlords and ensuring that every resident in Westminster has access to safe, secure, and well-maintained housing. We’re focused on improving living conditions, not only to protect tenants but also to support landlords who do the right thing.”
Once the decision becomes effective, the council will formally designate the selective licensing areas. Full details, including the scheme’s start date and guidance on when and how landlords can apply for licences, will be published in due course.
Notes to Editors:
The Scheme will be rolled out over two ‘designations’.
Designation 1 consists of eight wards experiencing high levels of poor housing conditions – Abbey Road, Church Street, Harrow Road, Knightsbridge and Belgravia, Little Venice, Maida Vale, Queen’s Park and Westbourne.
Designation 2 consists of seven wards experiencing both high levels of poor housing conditions and significant and persistent problems caused by anti-social behaviour – Bayswater, Hyde Park, Lancaster Gate, Marylebone, Pimlico North, Regent’s Park and West End.
The Selective Licensing Scheme excludes properties already licensed under Westminster’s existing HMO schemes. Other exemptions also apply, including properties managed by Registered Providers of Social Housing.
The scheme is part of Westminster’s broader Private Rented Sector Strategy.
Licensing will enable the council to require landlords to meet basic housing standards, with enforcement powers for non-compliance.
Incentives will apply to landlords of well managed properties including fee discounts for accredited landlords and for the most energy efficient properties.
For more information contact mediateam@westminster.gov.uk
Patrick Harvie MSP calls on the UK Government to fix broken energy market
More in Economy
High energy bills are punishing households and families and baking in high rates of inflation for years to come, say the Scottish Greens.
The Scottish Greens have called for UK Labour to listen to climate experts, take urgent action to fix the broken energy market, and end the artificial high price for clean green electricity, which is cheap to generate but expensive to consume.
This comes following the publication of new monthly figures from the Office for National Statistics showing that inflation has jumped to 3.5% in April, the highest level since February last year.
The ONS has revealed that big increases in utility bills – including electricity and gas bills – have impacted inflation, after changes to the Ofgem energy price cap earlier this year sent April rates soaring.
Independent climate advisors have advised that the UK Government must act urgently to make electricity cheaper, through rebalancing prices to remove policy levies from electricity bills.
The Scottish Greens’ climate spokesperson, Patrick Harvie, said:
“At a time when so many are already struggling to make ends meet, households and families across our country are now facing the highest rates of inflation since February last year.
“Labour promised to make energy bills cheaper, but they have only gone up. Keir Starmer and his colleagues must urgently step in to make sure that households get the benefit of the low price of renewable energy, to help get inflation under control.
“This isn’t just about the price cap. Climate experts are clear – out-of-date policy levies on electricity bills are stopping costs from coming down for consumers, and that’s a barrier to people switching away from fossil fuels for heat and transport. So even though home-grown renewable energy is very cheap to generate, that’s not being reflected in the bills people are paying.
“We desperately need to fix the broken energy market that is plunging people into poverty all while keeping our reliance on climate-wrecking fossil fuels.”
Patrick Harvie calls for UK to take action on Israeli aid blockade
More in Peace
Israeli forces must urgently allow aid to reach extremely vulnerable children, says Scottish Greens Co-Leader Patrick Harvie MSP, ahead of a Parliamentary committee hearing from aid agencies working in Gaza and the West Bank.
It comes after warnings yesterday from the United Nations that 14,000 babies could die in Gaza unless extra aid arrived. Israel claims to have ended their 11-week aid blockade of Gaza, but the UN has warned that the aid trucks allowed in so far are just a “drop in the ocean” compared to what Gaza needs.
Scottish Greens have continually called for the UK & Scottish Governments to end complicity in the war crimes being committed by Israel.
The Labour UK Government has provided more arms to Israel in three months than the previous three years under Conservative governments, and the SNP Scottish Government have continued to fund arms manufacturers who produce parts for the F-35 fighter jets which have been used by Israel.
Scottish Greens Co-Leader Patrick Harvie MSP said:
“The situation in Gaza is unprecedented in modern times, with the world allowing Israel to inflict collective punishment on a grotesque scale. Aid blockades and genocide are never acceptable yet governments across the West have overlooked Israel’s war crimes.
“Israeli forces have withheld urgent aid from civilians for over 11 weeks, and despite their claims to be allowing aid into Palestinian territory, we have heard from the front lines that what is being allowed to enter is nowhere near enough.
“Senior Ministers in the Israeli Government are quite explicit about their intention to destroy Palestinian life in Gaza, and their utter contempt for international law.
“The UK Labour Government have blood on their hands, they have continued to enable and support Israel’s war crimes throughout this disgraceful campaign. They must now surely end all trade with Israel, and join with other countries to ensure that urgent aid is provided to meet the immediate needs of the people of Gaza.”
Source: People’s Republic of China in Russian – People’s Republic of China in Russian –
Source: People’s Republic of China – State Council News
Moscow, May 21 /Xinhua/ — Work on a memorandum on a future peace treaty between Russia and Ukraine is proceeding dynamically, and no one is interested in delaying the process, Russian presidential press secretary Dmitry Peskov said at a briefing on Wednesday.
“Nobody is interested in delaying the process; everyone is working dynamically,” TASS quotes him as saying.
The Kremlin representative emphasized that most of this work is being conducted in a discrete mode and should not be “open to the public for obvious reasons.” D. Peskov promised to inform about the progress of the document’s preparation.
Russian President Vladimir Putin previously stated that Moscow is ready to work with Kiev on a memorandum on a future peace treaty, which could also include issues of a ceasefire and principles for resolving the conflict. On May 19, he held a telephone conversation with US President Donald Trump, during which they discussed the resumption of direct negotiations between Russia and Ukraine. –0–
NATO Secretary General Mark Rutte welcomed Czech President Petr Pavel to NATO Headquarters on Wednesday (21 May 2025) to discuss preparations for the upcoming NATO Summit in The Hague.
The Secretary General praised Czechia as a strong and reliable Ally, highlighting its defence investment and support to Ukraine. “You spend more than 2% of GDP on defence, and I welcome the commitment you’ve already made to increase defence spending to 3% in the coming years,” said Mr Rutte.
Czechia plays an important role in NATO’s deterrence and defence, contributing to Forward Land Forces in Slovakia, Latvia and Lithuania. This year, Czechia will also deploy combat aircraft to Iceland in support of NATO’s air policing mission.
The Secretary General commended Czechia’s substantial support to Ukraine, including over 1.3 billion euros in military assistance. He welcomed the success of the Czech-led ammunition initiative, which has helped deliver over 3 million rounds of large-calibre ammunition to Ukraine, including 1.5 million in 2024 alone. Mr Rutte also underlined Czechia’s growing role in NATO’s long-term support to Ukraine, including contributions to NATO’s Security Assistance and Training command (NSATU) in Wiesbaden and the deployment of 20 personnel to NSATU’s Logistics Enabling Nodes this July.
Looking ahead to the NATO Summit in The Hague, Secretary General Rutte stressed the importance of strengthening NATO’s deterrence and defence even further, increasing defence spending, and building a stronger and more innovative transatlantic defence industry. “We will need to do much more, and this will remain our focus as we prepare for The Hague Summit,” he said. “We have a lot of work to do. And I know I can count on Czechia’s continued commitment and leadership.”
Minister of Correctional Services, Dr Pieter Groenewald, says that the country’s Self-Sufficiency and Sustainability Strategic Framework (SSSF) not only creates employment opportunities for offenders in farms, bakeries, gardens, and abattoirs, but also empowers them.
“Enabling them to produce their own food has not only empowered the offenders but also resulted in considerable savings for the South African government, “ the Minister said.
The Minister believes this demonstrates how the United Nations Standard Minimum Rules for the Treatment of Prisoners, known as the Nelson Mandela Rules, can be effectively implemented.
The Minister believes that this is one of several successful examples demonstrating how the implementation of the Nelson Mandela Rules can lead to transformative outcomes.
These outcomes equip offenders with the necessary skills and experiences to become economically independent after their rehabilitation and reintegration into society. The Minister spoke at the 34th Session of the United Nations (UN) Commission on Crime Prevention and Criminal Justice (CCPCI) held in Vienna, Austria.
This as the international community also celebrated the 10th anniversary of the rules.
The revised Nelson Mandela Rules were adopted unanimously in December 2015 by the UN General Assembly and set out the minimum standards for good prison management, including ensuring that the rights of prisoners are respected.
The Minister also took the time to urge world leaders to honour the enduring legacy of President Nelson Mandela, who was in prison for 27 years for his activism against apartheid, and the ideals of dignity, justice, and human rights that he stood for.
In addition, he called for the international community to advance a more just, inclusive, and rehabilitative approach to incarceration.
“In light of rising global prison populations, systemic overcrowding, and the urgent need for more humane and effective penal systems, the 10th Anniversary of the Nelson Mandela Rules provides a timely platform to underscore the importance of prison and penal reform.”
The Minister also took the time to urge world leaders to honour the enduring legacy of President Mandela and the ideals of dignity, justice, and human rights that he stood for.
He also took the time to acknowledge the commemoration of the 10th Anniversary of the Nelson Mandela Rules at the UN General Assembly High-Level Debate, scheduled for 13 June 2025.
The theme of the debate is “A Second Chance: Addressing the Global Prison Challenge.”
The Minister expressed support for the Bangkok Rules, which complement the Nelson Mandela Rules by addressing the specific needs and circumstances of women in the criminal justice system, requiring gender-sensitive approaches to their treatment and rehabilitation.
“Together, these two sets of international standards promote a more inclusive, equitable, and human rights–based correctional system that respects the dignity of all individuals,” he explained.
He congratulated Japan on successfully adopting the Model Strategies to Reduce Reoffending, which further supports the Nelson Mandela Rules by ensuring that rehabilitation and reintegration principles are effectively realised beyond prison walls.
“We wish to express our sincere gratitude to the UNODC [United Nations Office on Drugs and Crime] for their efforts in promoting the practical application of the rules and encourage them to continue assisting Member States in seeking innovative ways to address prison management and penal reform.”
He concluded his talk by quoting Nelson Mandela, who aptly said, “No one truly knows a nation until one has been inside its jails. A nation should not be judged by how it treats its highest citizens, but its lowest ones.” – SAnews.gov.za
The EU’s single market gives businesses access to 450 million consumers. But its rules and regulations can be complex and create barriers to entry and growth. The European Commission has introduced a new strategy to simplify rules, reduce bureaucracy and boost growth opportunities for businesses.
Source: United Kingdom – Executive Government & Departments
News story
Waste packaging company director pays high price in data fraud
A Birmingham-based director and his company has been ordered to pay a Proceeds of Crime confiscation order, fines and costs totalling £476,995.
An officer on inspection duty. Please note the photo is an example of EA’s work not directly from this case.
This follows an Environment Agency investigation into fraudulent entry of waste packaging data.
At Birmingham Crown Court on Friday 16 May 2025, Shaobo Qin, a director of EDU Case Ltd, pleaded guilty to fraud by false representation. He was given a 2 year prison sentence suspended for 18 months.
Qin, age 42, of Sutton Coldfield, West Midlands, was also ordered to pay a Proceeds of Crime confiscation order of £255,057. He must pay within 2 months or face 3 years in prison.
He was also disqualified as a director for 4 years and ordered to do 200 hours of unpaid work.
His company, EDU Case Ltd of Portway Road, Rowley Regis, was fined £200,000. The Environment Agency were also awarded £21,995 in investigation costs.
The court was told Qin’s company was a plastics and recycling exports enterprise. The offences were discovered by the Environment Agency towards the end of 2022.
The company, orchestrated by Qin, was deliberately and systematically entering false data on to the Environment Agency’s National Packaging Waste Database (NPWD) for non-existent waste exports.
This resulted in Qin receiving a benefit for himself and his company in the sum of approx. £255,000. He was arrested on Wednesday 10 January 2024 where he was interviewed by Environment Agency officers.
EDU Case were accredited to carry out plastic packaging exports and able to issue “evidence” of that activity in the form of tonnage figures on the database.
This evidence could be bought by businesses who are obliged to account for their plastic packaging waste under the Producer Responsibility Obligations (Packaging Waste) Regulations 2007.
An audit conducted by Environment Agency officers in 2023 and information following that work identified discrepancies between the amount of waste exported and the amount of evidence issued.
The false entries represented nearly two-thirds of the business’ entire trade in 2022 towards the end of that year.
As part of that audit, a legal notice was served on Qin and the company in September 2023.
This notice required the production of their evidence of plastic waste exports. In response, Qin sent a computer memory stick containing his business’ waste export evidence and a letter explaining a large discrepancy, described as an “overclaim.”
The letter stated that the company had carried out 1,239 metric tonnes of plastic waste exports in 2022, only 453.60 metric was genuine and that the majority of his trading, 785.40 metric tonnes was ‘a mistake.’
In sentencing the judge said this was without doubt deliberate offending and pre-planned. There had been a significant undermining of the regulatory regime.
He accepted that there had been a guilty plea entered at first opportunity and that money had been put aside to repay the financial benefit made. The company was also fined to mark the seriousness of the offending.
Sham Singh, Senior Environmental Crime Officer for the Environment Agency, said:
“This case shows that the Environment Agency will pursue individuals and their enterprises who profit illegally.
“This was a fraud on a large scale and undermines legitimate business and the investment and economic growth that go with it.
“We support legitimate businesses and are proactively supporting them by disrupting and stopping the criminal element backed up by the threat of tough enforcement as in this case.
“If anyone suspects that a company is doing something wrong, please contact the Environment Agency on 0800 80 70 60 or report it anonymously to Crimestoppers on 0800 555 111.”
The Charges
Shaobo Qin
Between 1st January 2022 and 31st January 2023 dishonestly and intending thereby to make a gain for himself or another, or to cause loss to another, or to expose another to the risk of loss, made a false representation to the online National Packaging Waste Database which was and which he knew was, or might be, untrue or misleading, namely, that the 785.4 tonnes of plastic waste that he claimed EDU Case UK Ltd had exported over that period, had all actually been exported when it had not, contrary to Sections 1 and 2 of the Fraud Act 2006.
EDU Case UK Limited (Company No. 08888722)
Between 1st January 2022 and 31st January 2023 dishonestly and intending thereby to make a gain for himself or another, or to cause loss to another, or to expose another to the risk of loss, made a false representation to the online National Packaging Waste Database which was and which he knew was, or might be, untrue or misleading, namely, that the 785.4 tonnes of plastic waste that EDU Case UK Ltd had exported over that period, had all actually been exported when it had not, contrary to Sections 1 and 2 of the Fraud Act 2006.
Background Information
The Packaging Producer Responsibility Regulations were introduced to oblige the producers of waste packaging such as plastic, glass and cardboard (e.g. supermarkets) to contribute towards the financial cost of recycling and the disposal of waste. Any large organisation that meets the criteria for this obligation is required to prove they have made such financial contributions by the purchasing of credits known as Packaging Recovery Notes (PRNs) or Packaging Export Recovery Notes (PERNs) from UK waste reprocessors and waste exporters.
This joint cybersecurity advisory (CSA) highlights a Russian state-sponsored cyber campaign targeting Western logistics entities and technology companies. This includes those involved in the coordination, transport, and delivery of foreign assistance to Ukraine. Since 2022, Western logistics entities and IT companies have faced an elevated risk of targeting by the Russian General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (85th GTsSS), military unit 26165—tracked in the cybersecurity community under several names (see “Cybersecurity Industry Tracking”). The actors’ cyber espionage-oriented campaign, targeting technology companies and logistics entities, uses a mix of previously disclosed tactics, techniques, and procedures (TTPs). The authoring agencies expect similar targeting and TTP use to continue.
Executives and network defenders at logistics entities and technology companies should recognize the elevated threat of unit 26165 targeting, increase monitoring and threat hunting for known TTPs and indicators of compromise (IOCs), and posture network defenses with a presumption of targeting.
This cyber espionage-oriented campaign targeting logistics entities and technology companies uses a mix of previously disclosed TTPs and is likely connected to these actors’ wide scale targeting of IP cameras in Ukraine and bordering NATO nations.
The following authors and co-sealers are releasing this CSA:
United States National Security Agency (NSA)
United States Federal Bureau of Investigation (FBI)
United Kingdom National Cyber Security Centre (NCSC-UK)
Germany Federal Intelligence Service (BND) Bundesnachrichtendienst
Germany Federal Office for Information Security (BSI) Bundesamt für Sicherheit in der Informationstechnik
Germany Federal Office for the Protection of the Constitution (BfV) Bundesamt für Verfassungsschutz
Czech Republic Military Intelligence (VZ) Vojenské zpravodajství
Czech Republic National Cyber and Information Security Agency (NÚKIB) Národní úřad pro kybernetickou a informační bezpečnost
Czech Republic Security Information Service (BIS) Bezpečnostní informační služba
Poland Internal Security Agency (ABW) Agencja Bezpieczeństwa Wewnętrznego
Poland Military Counterintelligence Service (SKW) Służba Kontrwywiadu Wojskowego
United States Cybersecurity and Infrastructure Security Agency (CISA)
United States Department of Defense Cyber Crime Center (DC3)
United States Cyber Command (USCYBERCOM)
Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC)
Canadian Centre for Cyber Security (CCCS)
Danish Defence Intelligence Service (DDIS) Forsvarets Efterretningstjeneste
Estonian Foreign Intelligence Service (EFIS) Välisluureamet
Estonian National Cyber Security Centre (NCSC-EE) Küberturvalisuse keskus
French Cybersecurity Agency (ANSSI) Agence nationale de la sécurité des systèmes d’information
Netherlands Defence Intelligence and Security Service (MIVD) Militaire Inlichtingen- en Veiligheidsdienst
For over two years, the Russian GRU 85th GTsSS, military unit 26165—commonly known in the cybersecurity community as APT28, Fancy Bear, Forest Blizzard, BlueDelta, and a variety of other identifiers—has conducted this campaign using a mix of known tactics, techniques, and procedures (TTPs), including reconstituted password spraying capabilities, spearphishing, and modification of Microsoft Exchange mailbox permissions. In late February 2022, multiple Russian state-sponsored cyber actors increased the variety of cyber operations for purposes of espionage, destruction, and influence—with unit 26165 predominately involved in espionage. [1] As Russian military forces failed to meet their military objectives and Western countries provided aid to support Ukraine’s territorial defense, unit 26165 expanded its targeting of logistics entities and technology companies involved in the delivery of aid. These actors have also targeted Internet-connected cameras at Ukrainian border crossings to monitor and track aid shipments. Note: This advisory uses the MITRE ATT&CK® for Enterprise framework, version 17. See Appendix A: MITRE ATT&CK tactics and techniques for a table of the threat actors’ activity mapped to MITRE ATT&CK tactics and techniques. This advisory uses the MITRE D3FEND® framework, version 1.0.
Description of Targets
The GRU unit 26165 cyber campaign against Western logistics providers and technology companies has targeted dozens of entities, including government organizations and private/commercial entities across virtually all transportation modes: air, sea, and rail. These actors have targeted entities associated with the following verticals within NATO member states, Ukraine, and at international organizations:
Defense Industry
Transportation and Transportation Hubs (ports, airports, etc.)
Maritime
Air Traffic Management
IT Services
In the course of the targeting lifecycle, unit 26165 actors identified and conducted follow-on targeting of additional entities in the transportation sector that had business ties to the primary target, exploiting trust relationships to attempt to gain additional access [T1199].
The actors also conducted reconnaissance on at least one entity involved in the production of industrial control system (ICS) components for railway management, though a successful compromise was not confirmed [TA0043].
The countries with targeted entities include the following, as illustrated in Figure 1:
Bulgaria
Czech Republic
France
Germany
Greece
Italy
Moldova
Netherlands
Poland
Romania
Slovakia
Ukraine
United States
Figure 1: Countries with Targeted Entities
Initial Access TTPs
To gain initial access to targeted entities, unit 26165 actors used several techniques to gain initial access to targeted entities, including (but not limited to):
The actors abused vulnerabilities associated with a range of brands and models of small office/home office (SOHO) devices to facilitate covert cyber operations, as well as proxy malicious activity via devices with geolocation in proximity to the target [T1665]. [2]
Credential Guessing/Brute Force
Unit 26165 actors’ credential guessing [T1110.001] operations in this campaign exhibit some similar characteristics to those disclosed in the previous CSA “Russian GRU Conducting Global Brute Force Campaign to Compromise Enterprise and Cloud Environments.” [3] Based on victim network investigations, the current iteration of this TTP employs a similar blend of anonymization infrastructure, including the use of Tor and commercial VPNs [T1090.003]. The actors frequently rotated the IP addresses used to further hamper detection. All observed connections were made via encrypted TLS [T1573].
Spearphishing
GRU unit 26165 actors’ spearphishing emails included links [T1566.002] leading to fake login pages impersonating a variety of government entities and Western cloud email providers’ webpages. These webpages were typically hosted on free third-party services or compromised SOHO devices and often used legitimate documents associated with thematically similar entities as lures. The subjects of spearphishing emails were diverse and ranged from professional topics to adult themes. Phishing emails were frequently sent via compromised accounts or free webmail accounts [T1586.002, T1586.003]. The emails were typically written in the target’s native language and sent to a single targeted recipient.
Some campaigns employed multi-stage redirectors [T1104] verifying IP-geolocation [T1627.001] and browser fingerprints [T1627] to protect credential harvesting infrastructure or provide multifactor authentication (MFA) [T1111] and CAPTCHA relaying capabilities [T1056]. Connecting endpoints failing the location checks were redirected to a benign URL [T1627], such as msn.com. Redirector services used include:
Webhook[.]site
FrgeIO
InfinityFree
Dynu
Mocky
Pipedream
Mockbin[.]org
The actors also used spearphishing to deliver malware (including HEADLACE and MASEPIE) executables [T1204.002] delivered via third-party services and redirectors [T1566.002], scripts in a mix of languages [T1059] (including BAT [T1059.003] and VBScript [T1059.005]) and links to hosted shortcuts [T1204.001].
CVE Usage
Throughout this campaign, GRU unit 26165 weaponized an Outlook NTLM vulnerability (CVE-2023-23397) to collect NTLM hashes and credentials via specially crafted Outlook calendar appointment invitations [T1187]. [4],[5] These actors also used a series of Roundcube CVEs (CVE-2020-12641, CVE-2020-35730, and CVE-2021-44026) to execute arbitrary shell commands [T1059], gain access to victim email accounts, and retrieve sensitive data from email servers [T1114].
Since at least fall 2023, the actors leveraged a WinRAR vulnerability (CVE-2023-38831) allowing for the execution of arbitrary code embedded in an archive as a means of initial access [T1659]. The actors sent emails with malicious attachments [T1566.001] or embedded hyperlinks [T1566.002] that downloaded a malicious archive prepared using this CVE.
Post-Compromise TTPs
After an initial compromise using one of the above techniques, unit 26165 actors conducted contact information reconnaissance to identify additional targets in key positions [T1589.002]. The actors also conducted reconnaissance of the cybersecurity department [T1591], individuals responsible for coordinating transport [T1591.004], and other companies cooperating with the victim entity [T1591.002].
The actors used native commands and open source tools, such as Impacket and PsExec, to move laterally within the environment [TA0008]. Multiple Impacket scripts were used as .exe files, in addition to the python versions, depending on the victim environment. The actors also moved laterally within the network using Remote Desktop Protocol (RDP) [T1021.001] to access additional hosts and attempt to dump Active Directory NTDS.dit domain databases [T1003.003] using native Active Directory Domain Services commands, such as in Figure 2: Example Active Directory Domain Services command:
C:Windowssystem32ntdsutil.exe "activate instance ntds" ifm "create full C:temp[a-z]{3}" quit quit
Figure 2: Example Active Directory Domain Services command
Additionally, GRU unit 26165 actors used the tools Certipy and ADExplorer.exe to exfiltrate information from the Active Directory. The actors installed python [T1059.006] on infected machines to enable the execution of Certipy. Accessed files were archived in .zip files prior to exfiltration [T1560]. The actors attempted to exfiltrate archived data via a previously dropped OpenSSH binary [T1048].
Incident response investigations revealed that the actors would take steps to locate and exfiltrate lists of Office 365 users and set up sustained email collection. The actors used manipulation of mailbox permissions [T1098.002] to establish sustained email collection at compromised logistics entities, as detailed in a Polish Cybercommand blog. [6]
After initial authentication, unit 26165 actors would change accounts’ folder permissions and enroll compromised accounts in MFA mechanisms to increase the trust-level of compromised accounts and enable sustained access [T1556.006]. The actors leveraged python scripts to retrieve plaintext passwords via Group Policy Preferences [T1552.006] using Get-GPPPassword.py and a modified ldap-dump.py to enumerate the Windows environment [T1087.002] and conduct a brute force password spray [T1110.003] via Lightweight Directory Access Protocol (LDAP). The actors would additionally delete event logs through the wevtutil utility [T1070.001].
After gaining initial access to the network, the actors pursued further access to accounts with access to sensitive information on shipments, such as train schedules and shipping manifests. These accounts contained information on aid shipments to Ukraine, including:
sender,
recipient,
train/plane/ship numbers,
point of departure,
destination,
container registration numbers,
travel route, and
cargo contents.
In at least one instance, the actors attempted to use voice phishing [T1566.004] to gain access to privileged accounts by impersonating IT staff.
Malware
Unit 26165’s use of malware in this campaign ranged from gaining initial access to establishing persistence and exfiltrating data. In some cases, the attack chain resulted in multiple pieces of malware being deployed in succession. The actors used dynamic link library (DLL) search order hijacking [T1574.001] to facilitate malware execution. There were a number of known malware variants tied to this campaign against logistics sector victims, including:
While other malware variants, such as OCEANMAP and STEELHOOK, [8] were not directly observed targeting logistics or IT entities, their deployment against victims in other sectors in Ukraine and other Western countries suggest that they could be deployed against logistics and IT entities should the need arise.
Persistence
In addition to the abovementioned mailbox permissions abuse, unit 26165 actors also used scheduled tasks [T1053.005], run keys [T1547.001], and placed malicious shortcuts [T1547.009] in the startup folder to establish persistence.
Exfiltration
GRU unit 26165 actors used a variety of methods for data exfiltration that varied based on the victim environment, including both malware and living off the land binaries. PowerShell commands [T1059.001] were often used to prepare data for exfiltration; for example, the actors prepared zip archives [T1560.001] for upload to their own infrastructure.
The actors also used server data exchange protocols and Application Programming Interfaces (APIs) such as Exchange Web Services (EWS) and Internet Message Access Protocol (IMAP) [T1114.002] to exfiltrate data from email servers. In multiple instances, the actors used periodic EWS queries [T1119] to collect new emails sent and received since the last data exfiltration [T1029]. The actors typically used infrastructure in close geographic proximity to the victim. Long gaps between exfiltration, the use of trusted and legitimate protocols, and the use of local infrastructure allowed for long-term collection of sensitive data to go undetected.
Connections to Targeting of IP Cameras
In addition to targeting logistics entities, unit 26165 actors likely used access to private cameras at key locations, such as near border crossings, military installations, and rail stations, to track the movement of materials into Ukraine. The actors also used legitimate municipal services, such as traffic cams.
The actors targeted Real Time Streaming Protocol (RTSP) servers hosting IP cameras primarily located in Ukraine as early as March 2022 in a large-scale campaign, which included attempts to enumerate devices [T1592] and gain access to the cameras’ feeds [T1125]. Actor-controlled servers sent RTSP DESCRIBE requests destined for RTSP servers, primarily hosting IP cameras [T1090.002]. The DESCRIBE requests were crafted to obtain access to IP cameras located on logically distinct networks from that of the routers that received the request. The requests included Base64-encoded credentials for the RTSP server, which included publicly documented default credentials and likely generic attempts to brute force access to the devices [T1110]. An example of an RTSP request is shown in Figure 3.
Successful RTSP 200 OK responses contained a snapshot of the IP camera’s image and IP camera metadata such as video codec, resolution, and other properties depending on the IP camera’s configuration.
From a sample available to the authoring agencies of over 10,000 cameras targeted via this effort, the geographic distribution of victims showed a strong focus on cameras in Ukraine and border countries, as shown in Table 1:
Table 1: Geographic distribution of targeted IP cameras
Country
Percentage of Total Attempts
Ukraine
81.0%
Romania
9.9%
Poland
4.0%
Hungary
2.8%
Slovakia
1.7%
Others
0.6%
Mitigation Actions
General Security Mitigations
Architecture and Configuration
Employ appropriate network segmentation [D3-NI] and restrictions to limit access and utilize additional attributes (such as device information, environment, and access path) when making access decisions [D3-AMED].
Consider Zero Trust principles when designing systems. Base product choices on how those products can solve specific risks identified as part of the end-to-end design. [9]
Ensure that host firewalls and network security appliances (e.g., firewalls) are configured to only allow legitimately needed data flows between devices and servers to prevent lateral movement [D3-ITF]. Alert on attempts to connect laterally between host devices or other unusual data flows.
Use automated tools to audit access logs for security concerns and identify anomalous access requests [D3-RAPA].
For organizations using on-premises authentication and email services, block and alert on NTLM/SMB requests to external infrastructure [D3-OTF].
Utilize endpoint, detection, and response (EDR) and other cybersecurity solutions on all systems, prioritizing high value systems with large amounts of sensitive data such as mail servers and domain controllers [D3-PM] first.
Perform threat and attack modeling to understand how sensitive systems may be compromised within an organization’s specific architecture and security controls. Use this to develop a monitoring strategy to detect compromise attempts and select appropriate products to enact this strategy.
Collect and monitor Windows logs for certain events, especially for events that indicate that a log was cleared unexpectedly [D3-SFA].
Enable optional security features in Windows to harden endpoints and mitigate initial access techniques [D3-AH]:
Enable attack surface reduction rules to prevent executable content from email [D3-ABPI].
Enable attack surface reduction rules to prevent execution of files from globally writeable directories, such as Downloads or %APPDATA% [D3-EAL].
Unless users are involved in the development of scripts, limit the local execution of scripts (such as batch scripts, VBScript, JScript/JavaScript, and PowerShell [10]) to known scripts [D3-EI], and audit execution attempts.
Disable Windows Host Scripting functionality and configure PowerShell to run in Constrained mode [D3-ACH].
Where feasible, implement allowlisting for applications and scripts to limit execution to only those needed for authorized activities, blocking all others by default [D3-EAL].
Consider using open source SIGMA rules as a baseline for detecting and alerting on suspicious file execution or command parameters [D3-PSA].
Use services that provide enhanced browsing services and safe link checking [D3-URA]. Significant reductions in successful spearphishing attempts were noted when email providers began offering link checking and automatic file detonation to block malicious content.
Where possible, block logins from public VPNs, including exit nodes in the same country as target systems, or, if they need to be allowed, alert on them for further investigation. Most organizations should not need to allow incoming traffic, especially logins to systems, from VPN services [D3-NAM].
Educate users to only use approved corporate systems for relevant government and military business and avoid the use of personal accounts on cloud email providers to conduct official business. Network administrators should also audit both email and web request logs to detect such activity.
Many organizations may not need to allow outgoing traffic to hosting and API mocking services, which are frequently used by GRU unit 26165. Organizations should consider alerting on or blocking the following services, with exceptions allowlisted for legitimate activity [D3-DNSDL].
*.000[.]pe
*.1cooldns[.]com
*.42web[.]io
*.4cloud[.]click
*.accesscan[.]org
*.bumbleshrimp[.]com
*.camdvr[.]org
*.casacam[.]net
*.ddnsfree[.]com
*.ddnsgeek[.]com
*.ddnsguru[.]com
*.dynuddns[.]com
*.dynuddns[.]net
*.free[.]nf
*.freeddns[.]org
*.frge[.]io
*.glize[.]com
*.great-site[.]net
*.infinityfreeapp[.]com
*.kesug[.]com
*.loseyourip[.]com
*.lovestoblog[.]com
*.mockbin[.]io
*.mockbin[.]org
*.mocky[.]io
*.mybiolink[.]io
*.mysynology[.]net
*.mywire[.]org
*.ngrok[.]io
*.ooguy[.]com
*.pipedream[.]net
*.rf[.]gd
*.urlbae[.]com
*.webhook[.]site
*.webhookapp[.]com
*.webredirect[.]org
*.wuaze[.]com
Heuristic detections for web requests to new subdomains, including of the above providers, may uncover malicious phishing activity [D3-DNRA]. Logging the requests for each sub-domain requested by users on a network, such as in DNS or firewall logs, may enable system administrators to identify new targeting and victims.
Identity and Access Management
Organizations should take measures to ensure strong access controls and mitigate against common credential theft techniques:
Use MFA with strong factors, such as passkeys or PKI smartcards, and require regular re-authentication [D3-MFA]. [11], [12] Strong authentication factors are not guessable using dictionary techniques, so they resist brute force attempts.
Implement other mitigations for privileged accounts: including limiting the number of admin accounts, considering using hardware MFA tokens, and regularly reviewing all privileged user accounts [D3-JFAPA].
Separate privileged accounts by role and alert on misuse of privileged accounts [D3-UAP]. For example, email administrator accounts should be different from domain administrator accounts.
Reduce reliance on passwords; instead, consider using services like single sign-on [D3-TBA].
For organizations using on-premises authentication and email services, plan to disable NTLM entirely and migrate to more robust authentication processes such as PKI certificate authentication.
Do not store passwords in Group Policy Preferences (GPP). Remove all passwords previously included in GPP and change all passwords on the corresponding accounts [D3-CH]. [13]
Use account throttling or account lockout [D3-ANET]:
Throttling is preferred to lockout. Throttling progressively increases time delay between successive login attempts.
Account lockout can leave legitimate users unable to access their accounts and requires access to an account recovery process.
Account lockout can provide a malicious actor with an easy way to launch a Denial of Service (DoS).
If using lockout, then allowing 5 to 10 attempts before lockout is recommended.
Use a service to check for compromised passwords before using them [D3-SPP]. For example, “Have I Been Pwned” can be used to check whether a password has been previously compromised without disclosing the potential password.
Change all default credentials [D3-CRO] and disable protocols that use weak authentication (e.g., clear-text passwords or outdated and vulnerable authentication or encryption protocols) or do not support multi-factor authentication [D3-ACH] [D3-ET]. Always configure access controls carefully to ensure that only well-maintained and well-authenticated accounts have access. [13]
IP Camera Mitigations
The following mitigation techniques for IP cameras can be used to defend against this type of malicious activity:
Ensure IP cameras are currently supported. Replace devices that are out of support.
Apply security patches and firmware updates to all IP cameras [D3-SU].
Disable remote access to the IP camera, if unnecessary [D3-ITF].
Ensure cameras are protected by a security appliance, if possible, such as by using a firewall to prevent communication with the camera from IP addresses not on an allowlist [D3-NAM].
If remote access to IP camera feeds is required, ensure authentication is enabled [D3-AA] and use a VPN to connect remotely [D3-ET]. Use MFA for management accounts if supported [D3-MFA].
Disable Universal Plug and Play (UPnP), Peer-to-Peer (P2P), and Anonymous Visit features on IP cameras and routers [D3-NI].
Turn off other ports/services not in use (e.g., FTP, web interface, etc.) [D3-ACH].
If supported, enable authenticated RTSP access only [D3-AA].
Review all authentication activity for remote access to make sure it is valid and expected [D3-UBA]. Investigate any unexpected or unusual activity.
Audit IP camera user accounts to ensure they are an accurate reflection of your organization and that they are being used as expected [D3-UAP].
Configure, tune, and monitor logging—if available—on the IP camera.
Indicators of Compromise (IOCs)
Note: Specific IoCs may no longer be actor controlled, may themselves be compromised infrastructure or email accounts, or may be shared infrastructure such as public VPN or Tor exit nodes. Care should be taken when basing triaging logs or developing detection rules on these indicators. GRU unit 26165 almost certainly uses extensive further infrastructure and TTPs not specifically listed in this report.
Utilities and scripts
Legitimate utilities
Unauthorized or unusual use of the following legitimate utilities can be an indication of a potential compromise:
ntdsutil – A legitimate Windows executable used by threat actors to export contents of Active Directory
wevtutil – A legitimate Windows executable used by threat actors to delete event logs
vssadmin – A legitimate Windows executable possibly used by threat actors to make a copy of the server’s C: drive
ADexplorer – A legitimate window executable to view, edit, and backup Active Directory Certificate Services
OpenSSH – The Windows version of a legitimate open source SSH client
schtasks – A legitimate Windows executable used to create persistence using scheduled tasks
whoami – A legitimate Windows executable used to retrieve the name of the current user
tasklist – A legitimate Windows executable used to retrieve the list of running processes
hostname – A legitimate Windows executable used to retrieve the device name
arp – A legitimate Windows executable used to retrieve the ARP table for mapping the network environment
systeminfo – A legitimate Windows executable used to retrieve a comprehensive summary of device and operating system information
net – A legitimate Windows executable used to retrieve detailed user information
wmic – A legitimate Windows executable used to interact with Windows Management Instrumentation (WMI), such as to retrieve letters assigned to logical partitions on storage drives
cacls – A legitimate Windows executable used to modify permissions on files
icacls – A legitimate Windows executable used to modify permissions to files and handle integrity levels and ownership
ssh – A legitimate Windows executable used to establish network shell connections
reg – A legitimate Windows executable used to add to or modify the system registry
Note: Additional heuristics are needed for effective hunting for these and other living off the land (LOTL) binaries to avoid being overwhelmed by false positives if these legitimate management tools are used regularly. See the joint guide, Identifying and Mitigating Living Off the Land Techniques, for guidance on developing a multifaceted cybersecurity strategy that enables behavior analytics, anomaly detection, and proactive hunting, which are part of a comprehensive approach to mitigating cyber threats that employ LOTL techniques.
Malicious scripts
Certipy – An open source python tool for enumerating and abusing Active Directory Certificate Services
Get-GPPPassword.py – An open source python script for finding insecure passwords stored in Group Policy Preferences
ldap-dump.py – A script for enumerating user accounts and other information in Active Directory
Hikvision backdoor string: “YWRtaW46MTEK”
Suspicious command lines
While the following utilities are legitimate, and using them with the command lines shown may also be legitimate, these command lines are often used during malicious activities and could be an indication of a compromise:
edge.exe “-headless-new -disable-gpu”
ntdsutil.exe “activate instance ntds” ifm “create full C:temp[a-z]{3}” quit quit
Disclaimer: These IP addresses date June 2024 through August 2024. The authoring agencies recommend organizations investigate or vet these IP addresses prior to taking action, such as blocking.
June 2024
July 2024
August 2024
192[.]162[.]174[.]94
207[.]244[.]71[.]84
31[.]135[.]199[.]145
79[.]184[.]25[.]198
91[.]149[.]253[.]204
103[.]97[.]203[.]29
162[.]210[.]194[.]2
31[.]42[.]4[.]138
79[.]185[.]5[.]142
91[.]149[.]254[.]75
209[.]14[.]71[.]127
46[.]112[.]70[.]252
83[.]10[.]46[.]174
91[.]149[.]255[.]122
109[.]95[.]151[.]207
46[.]248[.]185[.]236
83[.]168[.]66[.]145
91[.]149[.]255[.]19
64[.]176[.]67[.]117
83[.]168[.]78[.]27
91[.]149[.]255[.]195
64[.]176[.]69[.]196
83[.]168[.]78[.]31
91[.]221[.]88[.]76
64[.]176[.]70[.]18
83[.]168[.]78[.]55
93[.]105[.]185[.]139
64[.]176[.]70[.]238
83[.]23[.]130[.]49
95[.]215[.]76[.]209
64[.]176[.]71[.]201
83[.]29[.]138[.]115
138[.]199[.]59[.]43
70[.]34[.]242[.]220
89[.]64[.]70[.]69
147[.]135[.]209[.]245
70[.]34[.]243[.]226
90[.]156[.]4[.]204
178[.]235[.]191[.]182
70[.]34[.]244[.]100
91[.]149[.]202[.]215
178[.]37[.]97[.]243
70[.]34[.]245[.]215
91[.]149[.]203[.]73
185[.]234[.]235[.]69
70[.]34[.]252[.]168
91[.]149[.]219[.]158
192[.]162[.]174[.]67
70[.]34[.]252[.]186
91[.]149[.]219[.]23
194[.]187[.]180[.]20
70[.]34[.]252[.]222
91[.]149[.]223[.]130
212[.]127[.]78[.]170
70[.]34[.]253[.]13
91[.]149[.]253[.]118
213[.]134[.]184[.]167
70[.]34[.]253[.]247
91[.]149[.]253[.]198
70[.]34[.]254[.]245
91[.]149[.]253[.]20
Detections
Customized NTLM listener
rule APT28_NTLM_LISTENER {
meta:
description = "Detects NTLM listeners including APT28's custom one"
( any of ($sysinternals_*) and any of ($psexec_*) )
or
( 2 of ($network_*) and 2 of ($psexec_*))
)
}
The cybersecurity industry provides overlapping cyber threat intelligence, IOCs, and mitigation recommendations related to GRU unit 26165 cyber actors. While not all encompassing, the following are the most notable threat group names related under MITRE ATT&CK G0007 and commonly used within the cybersecurity community:
Note: Cybersecurity companies have different methods of tracking and attributing cyber actors, and this may not be a 1:1 correlation to the U.S. government’s understanding for all activity related to these groupings.
Further Reference
To search for the presence of malicious email messages targeting CVE-2023-23397, network defenders may consider using the script published by Microsoft: https://aka.ms/CVE-2023-23397ScriptDoc.
The information and opinions contained in this document are provided "as is" and without any warranties or guarantees. Reference herein to any specific commercial products, process, or service by trade name, trademark, manufacturer, or otherwise, does not constitute or imply its endorsement, recommendation, or favoring by the United States Government, and this guidance shall not be used for advertising or product endorsement purposes.
Purpose
This document was developed in furtherance of the authoring agencies’ cybersecurity missions, including their responsibilities to identify and disseminate threats and to develop and issue cybersecurity specifications and mitigations. This information may be shared broadly to reach all appropriate stakeholders.
Contact
United States organizations
National Security Agency (NSA)
Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI)
U.S. organizations are encouraged to reporting suspicious or criminal activity related to information in this advisory to CISA via the agency’s Incident Reporting System, its 24/7 Operations Center (report@cisa.gov or 888-282-0870), or your local FBI field office. When available, please include the following information regarding the incident: date, time, and location of the incident; type of activity; number of people affected; type of equipment user for the activity; the name of the submitting company or organization; and a designated point of contact.
Department of Defense Cyber Crime Center (DC3)
United Kingdom organizations
Germany organizations
Czech Republic organizations
Poland organizations
Australian organizations
Visit cyber.gov.au or call 1300 292 371 (1300 CYBER 1) to report cybersecurity incidents and access alerts and advisories.
Canadian organizations
Estonia organizations
French organizations
French organizations are encouraged to report suspicious activity or incident related to information found in this advisory by contacting ANSSI/CERT-FR by email at cert-fr@ssi.gouv.fr or by phone at: 3218 or +33 9 70 83 32 18.
See Table 2 through Table 14 for all the threat actor tactics and techniques referenced in this advisory.
Conducted follow-on targeting of additional entities in the transportation sector that had business ties to the primary target, exploiting trust relationships to attempt to gain additional access.
Sent requests with Base64-encoded credentials for the RTSP server, which included publicly documented default credentials, and likely were generic attempts to brute force access to the devices.
Abused SOHO devices to facilitate covert cyber operations, as well as proxy malicious activity, via devices with geolocation in proximity to the target.
External actors could send specially crafted emails that cause a connection from the victim to an untrusted location of the actor’s control, leaking the Net-NTLMv2 hash of the victim that the actor could then relay to another service to authenticate as the victim.
An XSS issue was discovered in Roundcube Webmail before 1.2.13, 1.3.x before 1.3.16 and 1.4.x before 1.4.10, where a plaintext email message with JavaScript in a link reference element is mishandled by linkref_addindex in rcube_string_replacer.php.
Roundcube Webmail before 1.4.4 allows arbitrary code execution via shell metacharacters in a configuration setting for im_convert_path or im_identify_path in rcube_image.php.
Appendix C: MITRE D3FEND Countermeasures
Table 16: MITRE D3FEND countermeasures
Countermeasure Title
ID
Details
Network Isolation
Employ appropriate network segmentation. Disable Universal Plug and Play (UPnP), Peer-to-Peer (P2P), and Anonymous Visit features on IP cameras and routers.
Access Mediation
Limit access and utilize additional attributes (such as device information, environment, and access path) when making access decisions. Configure access controls carefully to ensure that only well-maintained and well-authenticated accounts have access.
Inbound Traffic Filtering
Implement host firewall rules to block connections from other devices on the network, other than from authorized management devices and servers, to prevent lateral movement.
Resource Access Pattern Analysis
Use automated tools to audit access logs for security concerns and identify anomalous access requests.
Outbound Traffic Filtering
Block NTLM/SMB requests to external infrastructure.
Platform Monitoring
Install EDR/logging/cybersecurity solutions onto high value systems with large amounts of sensitive data such as mail servers and domain controllers.
System File Analysis
Collect and monitor Windows logs for certain events, especially for events that indicate that a log was cleared unexpectedly.
Application Hardening
Enable optional security features in Windows to harden endpoints and mitigate initial access techniques.
Application-based Process Isolation
Enable attack surface reduction rules to prevent executable content from email.
Executable Allowlisting
Enable attack surface reduction rules to prevent execution of files from globally writeable directories, such as Downloads or %APPDATA%.
Execution Isolation
Unless users are involved in the development of scripts, limit the execution of scripts (such as batch, JavaScript, and PowerShell) to known scripts.
Application Configuration Hardening
Disable Windows Host Scripting functionality and configure PowerShell to run in Constrained mode. Disable protocols that use weak authentication (e.g., clear-text passwords, or outdated and vulnerable authentication or encryption protocols) or do not support multi-factor authentication. Turn off other ports/services not in use (e.g., FTP, web interface, etc.).
Process Spawn Analysis
Use open source SIGMA rules as a baseline for detecting and alerting on suspicious file execution or command parameters.
URL Reputation Analysis
Use services that provide enhanced browsing services and safe link checking.
Network Access Mediation
Do not allow incoming traffic, especially logins to systems, from public VPN services. Where possible, logins from public VPNs, including exit nodes in the same country as target systems, should be blocked or, if allowed, alerted on for further investigation. Ensure cameras and other Internet of Things devices are protected by a security appliance, if possible.
Do not allow outgoing traffic to hosting and API mocking services frequently used by malicious actors.
Domain Name Reputation Analysis
Heuristic detections for web requests to new subdomains may uncover malicious phishing activity. Logging the requests for each sub-domain requested by users on a network, such as in DNS or firewall logs, may enable system administrators to identify new targeting and victims.
Multi-factor Authentication
Use MFA with strong factors and require regular re-authentication, especially for management accounts.
Implement other mitigations for privileged accounts: including limiting the number of admin accounts, considering using hardware MFA tokens, and regularly reviewing all privileged user accounts.
User Account Permissions
Separate privileged accounts by role and alert on misuse of privileged accounts. Audit user accounts on all devices to ensure they are an accurate reflection of your organization and that they are being used as expected.
Token-based Authentication
Reduce reliance on passwords; instead, consider using services like single sign-on.
Credential Hardening
Do not store passwords in Group Policy Preferences (GPP). Remove all passwords previously included in GPP and change all passwords on the corresponding accounts.
Authentication Event Threshholding
Use account throttling or account lockout. Throttling progressively increases time delay between successive login attempts. If using account lockout, allow between 5 to 10 attempts before lockout.
Strong Password Policy
Use a service to check for compromised passwords before using them.
Credential Rotation
Change all default credentials.
Encrypted Tunnels
Disable protocols that use weak authentication (e.g., clear-text passwords, or outdated and vulnerable authentication or encryption protocols). Use a VPN for remote connections to devices.
Software Update
Apply security patches and firmware updates to all devices. Ensure devices are currently supported. Replace devices that are end-of-life.
Agent Authentication
Ensure authentication is enabled for remote access to devices. If supported on IP cameras, enable authenticated RTSP access only.
User Behavior Analysis
Review all authentication activity for remote access to make sure it is valid and expected. Investigate any unexpected or unusual activity.
SINGAPORE, May 21, 2025 (GLOBE NEWSWIRE) — Bitcoin has officially shattered the long-anticipated $100,000 barrier, marking a historic milestone for the crypto market. As shown in the latest TradingView chart, BTC continues to push higher, riding the upper edge of the Bollinger Bands with no signs of slowing down.
While the bull run creates exciting opportunities, traders are now facing a critical question: Which platform is best positioned to help them capitalize on this volatility?
Introducing BexBack — A Streamlined Futures Trading Platform Built for This Moment
In a sea of exchanges that are often overloaded, overcomplicated, or overregulated, BexBack stands out with its fast, frictionless, and fully non-KYC approach to crypto derivatives trading.
Whether you’re a seasoned leverage trader or just getting started, BexBack delivers a powerful yet simple experience, offering:
No KYC Required — Trade anonymously with just an email
100% Deposit Bonus+ $100 Trading Bonus — Double your capital and get a head start
Up to 100x Leverage — Maximize your position in times of volatility
Free Demo Account — Practice with 10 BTC and 1,000,000 USDT risk-free
50+ Perpetual Contracts — Including BTC, ETH, XRP, ADA, SOL and more
Zero Spread, No Slippage — What you see is what you get
Security and Speed in One Package
BexBack isn’t just fast — it’s secure. With cold wallet fund storage, multi-signature withdrawal approvals, and real-time risk monitoring, the platform ensures your assets and trades are well protected.
Global Access, Real Freedom
BexBack proudly serves a global user base. With no mandatory KYC, even traders from regions with limited access to traditional exchanges can participate freely and instantly.
About BexBack?
BexBack is a leading cryptocurrency derivatives platform offering up to 100x leverage on futures contracts for BTC, ETH, ADA, SOL, XRP, and over 50 other digital assets. Headquartered in Singapore, the platform also operates offices in Hong Kong, Japan, the United States, the United Kingdom, and Argentina. Like many top-tier exchanges, BexBack holds a U.S. MSB (Money Services Business) license and is trusted by more than 500,000 traders worldwide. The platform accepts users from the United States, Canada, and Europe, with zero deposit fees and 24/7 multilingual customer support, delivering a secure, efficient, and user-friendly trading experience.
As Bitcoin Enters Price Discovery, Don’t Get Left Behind
Markets like this don’t come around often. Whether you’re aiming to ride short-term price swings or position for long-term growth, BexBack provides the tools, leverage, and freedom you need to trade your way.
Create your account, claim your bonuses, and trade with confidence — all on BexBack.
Disclaimer: This content is provided by BexBackThe statements, views, and opinions expressed in this content are solely those of the content provider and do not necessarily reflect the views of this media platform or its publisher. We do not endorse, verify, or guarantee the accuracy, completeness, or reliability of any information presented. We do not guarantee any claims, statements, or promises made in this article. This content is for informational purposes only and should not be considered financial, investment, or trading advice. Investing in crypto and mining-related opportunities involves significant risks, including the potential loss of capital. It is possible to lose all your capital. These products may not be suitable for everyone, and you should ensure that you understand the risks involved. Seek independent advice if necessary. Speculate only with funds that you can afford to lose. Readers are strongly encouraged to conduct their own research and consult with a qualified financial advisor before making any investment decisions. However, due to the inherently speculative nature of the blockchain sector—including cryptocurrency, NFTs, and mining—complete accuracy cannot always be guaranteed. Neither the media platform nor the publisher shall be held responsible for any fraudulent activities, misrepresentations, or financial losses arising from the content of this press release. In the event of any legal claims or charges against this article, we accept no liability or responsibility. Globenewswire does not endorse any content on this page.
Legal Disclaimer: This media platform provides the content of this article on an “as-is” basis, without any warranties or representations of any kind, express or implied. We assume no responsibility for any inaccuracies, errors, or omissions. We do not assume any responsibility or liability for the accuracy, content, images, videos, licenses, completeness, legality, or reliability of the information presented herein. Any concerns, complaints, or copyright issues related to this article should be directed to the content provider mentioned above.
Photos accompanying this announcement are available at