Category: Internet Communications Technology

MIL-OSI: Best Mobile Tracking & Monitoring App 2025: mSpy Review – Top Mobile Spy App for Hidden Phone Surveillance
Source: GlobeNewswire (MIL-OSI)

New York City, NY, May 21, 2025 (GLOBE NEWSWIRE) — In the contemporary era of digitization, the ubiquity of smartphones has redefined our modes of communication and global connectivity.

Concomitant with this technological progress, the surge of phone surveillance applications has emerged, granting a window into the undertakings and engagements transpiring on these gadgets.

Track Instantly with the Best Mobile Tracking App – Try mSpy Before It’s Too Late!

While phone surveillance software wields considerable potential within certain contexts, it is imperative to undertake their employment with a discerning consciousness of accountability and ethical considerations.

Observing the current landscape, it becomes evident that social media platforms and mobile devices have assumed roles of paramount significance in the contemporary child’s life. Per findings unveiled by the Common Sense Census, a notable 84% of American adolescents within the age cohort of 13 to 18 acquired their initial smartphone during the year 2019. Subsequently, these youths dedicated an average of precisely 7 hours and 22 minutes daily, exclusively engrossed in social media applications and websites.

✅ Top Pick: mSpy – Best Mobile Spy & Monitoring App for Hidden Phone Surveillance this year.

While the internet undeniably furnishes global youngsters with a commendable avenue for unfettered education and communication, it has concurrently engendered a milieu wherein they engage with individuals entirely unfamiliar to them. This virtual realm’s essence necessitates an appraisal of the electronic safety quotient. Young minds stand perpetually exposed to online perils, ranging from cyberbullying and harassment to the insidious realm of sextortion. Beyond this, extensive social media usage harbors the potential to precipitate internet dependency, potentially culminating in social interaction deficits amongst the youthful demographic.

Don’t Settle for Less: Get the Best Mobile Spy App of 2025 – mSpy Is All You Need

Advancements in technology are progressing rapidly, and the pervasive presence of smartphones is evident across diverse age groups. People spanning from children to adults rely on various applications and mobile services to facilitate their daily routines. The desire to ensure your children’s well-being in the digital realm, gather pertinent information from your spouse’s mobile device, or optimize workforce efficiency might lead to the inclination of discreetly and autonomously monitoring a specific individual’s Android device.

However, not all of these options prove to be efficient and valuable. Among the array of spy applications we evaluated, mSpy emerged as our paramount selection after meticulous scrutiny.

Why Mobile Tracking Apps Are in High Demand in 2025
The need for mobile tracking and monitoring apps has surged in 2025. With nearly everyone relying on smartphones for work, social interaction, and entertainment, concerns around digital safety, accountability, and privacy breaches have grown. Parents are more cautious than ever about their children’s online activity. Employers are seeking better ways to monitor company-issued devices. Even individuals in relationships are using tracking apps to rebuild trust or stay informed.
Monitor Any Device in Stealth Mode – mSpy Is the Best Mobile Tracking App Trusted Worldwide
Cyberbullying, online predators, screen addiction, and unauthorized data sharing are just a few reasons why mobile tracking solutions are in high demand. At the same time, the rise of remote workforces has made employee monitoring essential for business owners to prevent misuse of company time and resources.
Apps like mSpy have emerged as tools that provide peace of mind. They offer insight into text messages, GPS locations, app usage, and more—without requiring direct access to the device in real time. These tools are becoming an integral part of modern digital life, helping people feel more secure in a hyper-connected world.
What to Look For in a Mobile Spy App
Not all mobile tracking apps are created equal. Some offer advanced features but lack ease of use; others are stealthy but limited in scope. If you’re looking for a phone spy app in 2025, there are several key features to prioritize.
First, compatibility is crucial—make sure the app works on both Android and iOS devices. Look for real-time GPS tracking, call and SMS logs, social media monitoring, and browsing history access. The app should run discreetly in the background to avoid detection and provide a user-friendly dashboard for accessing tracked data.
Security is equally important. Top-tier apps use encrypted data channels to ensure privacy, both for the person being monitored and the one viewing the information. Reliable customer support, frequent updates, and clear installation guides also add to a tool’s credibility.
When evaluating mobile monitoring software, features like geofencing, app usage limits, and screen time analysis can add extra value—especially for parental use. A well-rounded app like mSpy offers all of these while keeping the setup process simple and discreet.
Full Access. Zero Detection. mSpy Is the Best Mobile Spy App for Hidden Surveillance
Is Phone Spying Safe & Ethical?
Phone tracking, when used ethically, can serve as a protective tool. But misuse can raise serious privacy concerns. The line between security and surveillance often comes down to intent—and legality.
In many countries, it’s legal for parents to monitor the phones of their minor children without consent. Employers may also monitor company-owned devices provided they disclose it in their policies. However, using a spy app to monitor a partner or adult without consent can cross legal and ethical boundaries.
Apps like mSpy are designed for legitimate use cases, particularly child safety and employee productivity. The app clearly states that users must comply with local laws and have proper authorization. If used responsibly, mSpy can empower users to stay informed and make proactive decisions without violating trust.
Understanding the ethical framework before using any mobile spy app is critical. When used as intended—for safety, protection, and responsible oversight—it becomes a digital ally rather than an invasion of privacy.

Top-Rated mSpy Deal: The #1 Phone Monitoring App Is Just a Click Away

What Is mSpy?

mSpy is a mobile tracking and monitoring application designed to give users discreet access to key data from smartphones and tablets. Introduced to the market in 2010, the spy application tailored for smartphones provides the capability to clandestinely observe individuals employing the designated device. It seamlessly integrates into employee phones or the devices of your progeny, facilitating real-time oversight of their whereabouts and engagements on the device.
Leveraging mSpy’s free version, you can meticulously monitor diverse activities, encompassing geographic movements, social media interactions, phone conversations, as well as the dispatch and receipt of messages.

The apex attribute of this application resides in its inconspicuous functionality, evading detection by the party under scrutiny. It discreetly operates in the backdrop, diligently acquiring information without arousing their awareness.

Over the course of time, this technology has undergone refinement, with mSpy presently standing as the preeminent application of its genre. Its ascendancy is corroborated by a substantial user base exceeding one million parents who employ it as a means to oversee their children’s pursuits. Furthermore, it proves instrumental for spouses and employers who harbor the intent to gain insights into the activities of their target individuals.

mSpy encompasses these pivotal features for parental supervision:
- Online and application filtering — Dictate the permissible applications for your children and the websites they are permitted to access. It’s worth noting that mSpy’s capacity for website filtering is limited to specific blacklisting, without the option to categorically filter websites.
- Location tracing — Maintain tabs on your child’s whereabouts and their historical movements.
- Activity summaries — Consolidates and presents insights regarding your child’s device utilization, encompassing their most frequent contacts for messaging and calling, prevalent websites visited, and more.
In addition to the aforementioned, mSpy boasts an array of supplementary functionalities, inclusive of call and SMS tracking, surveillance of social media applications, a keylogger, and screen recording capabilities.

Get the Best Mobile Spy App of the Year – Instant mSpy Setup. No Tech Skills Needed.

How does mSpy work?

As previously indicated, subsequent to a successful installation of mSpy on the designated mobile device, it will seamlessly operate in the device’s background. It diligently assembles a wide spectrum of data from the said device, encompassing call logs, text messages, instant messaging dialogues, geographic positioning, among others, subsequently transmitting this data to your designated mSpy account.

Subsequently, accessing your account is a streamlined process. You can effortlessly log into your account utilizing any web browser accessible through diverse devices such as mobile phones, desktops, and laptops, thus facilitating a thorough perusal of the accumulated information as per your convenience.
Simplified Monitoring in Three Effortless Phases
To initiate monitoring, you can effortlessly adhere to the ensuing three uncomplicated stages, commencing your child’s device oversight seamlessly.

First Step: Select a Subscription
Embark upon your journey by selecting an appropriate subscription plan from the mSpy website, catering to your precise software attribute prerequisites. Subsequently, finalize the purchase by inputting your payment particulars. Following this, an email confirming your transaction will be dispatched to your inbox.

Second Step: Deploy mSpy onto the Target Device
Contained within the welcome email is an installation manual, meticulously guiding you through the process of establishing the mSpy application upon the targeted device.

Third Step: Initiate Surveillance
With the successful implementation of mSpy upon the designated device, you can seamlessly access your control panel on the mSpy website, thereby commencing an effortless exploration of the acquired data through an intuitively designed dashboard.

==> Special Discount: Order Today With Best Price And Special Offers <==

Primary Features of mSpy

mSpy has several unique features and we are explaining a few of them that piqued our interest.
- Supervision and Site Limitation: Embedded within mSpy’s array of functionalities is the capacity to oversee the websites frequented by your child or designated individual, encompassing even bookmarked pages. Moreover, the application stands poised to furnish prompt notifications when particular keywords are inputted into the mobile device. This dynamic attribute can prove notably advantageous for parents, enabling them to attain heightened insights into their children’s online explorations and content consumption.
- Moreover, an ancillary capability affords you the prerogative to restrict access to specific websites. This provision holds true on the premise that the monitored entity employs any of the prevalent web browsers such as Safari, Chrome, or a native Android browser.
- Procure Requisite Insights: The entirety of the data gleaned from the targeted device orchestrates its voyage to your dedicated dashboard on mSpy.com. This hub offers a comprehensive glimpse into the targeted phone’s operating system, memory utilization, as well as particulars regarding the cell provider and installed software version. The dashboard even presents real-time indications of the remaining battery charge. Furthermore, it extends visibility into the habitual usage patterns and synchronization status of the targeted phone.
- From this vantage point, you wield the authority to either reactivate or entirely disable the software. Additional functionalities encompass log extraction, device locking, log removal, disconnection from the application, data preservation measures in the event of device loss, and the capacity to initiate a device reboot. mSpy endows you with a formidable realm of control, resting at your disposal.
- Text Communication Surveillance: Beyond telephonic conversations, the mSpy tracking tool extends its reach to encompass transmitted, received, and erased text messages. This capacity affords the means to ascertain whether your child engages in the dissemination of unsuitable content or confidential details, or if such interactions transpire reciprocally.
- Vigilance Over Virtual Networks: Resonating with akin surveillance solutions like WebWatcher, mSpy facilitates oversight of diverse messaging platforms and social media applications. To avail this elevated functionality, opting for the Premium or Family Kit subscription is a requisite. Additionally, there might be a need to undertake jailbreaking or rooting of the device to unlock this advanced layer of surveillance capability.
- Contact and Schedule Examination: Employing mSpy empowers you to peruse the compilation of contact identities, email addresses, telephone digits, as well as the tangible address entries, meticulously archived within the target mobile device. Furthermore, you gain the prerogative to scrutinize the calendar itinerary featured on the target device. This extends the capability to remain attuned to scheduled engagements, calendar annotations, and any foreordained appointments.
- App & Screen Activity: See which apps are installed and how frequently they’re used. You can also block specific apps from running if necessary.
- Location Surveillance via GPS: Within the realm of parental surveillance, mSpy empowers you to virtually shadow your offspring. The application offers the prowess to trail your child’s spatial trajectory, revealing an encapsulated chronicle of their route history over a designated time span. This granular information encompasses specific addresses and coordinates, affording an exhaustive retrospective and contemporary snapshot of locations traversed.
- Boundary Delimitation: An innovative facet encompassed within mSpy’s repertoire is the introduction of geofencing. This progressive attribute empowers you to demarcate regions of safety and restraint. As your child enters or departs these predefined zones, you are promptly apprised via email notifications. A supplementary benefit is the integrated mapping feature, which adeptly illustrates the historical trajectory of your child’s movements.
- Keylogger: mSpy includes a built-in keylogger that records every keystroke made on the device. This is especially helpful for uncovering hidden logins, searches, or messages typed across apps.
Parental Control? Employee Oversight? mSpy Is the Best Phone Monitoring App for You

mSpy Pros and Cons

✅ Pros:
- Stealth Mode: Operates invisibly in the background without user detection.
- Multi-App Monitoring: Tracks major social media platforms.
- Geofencing & Real-Time Alerts: Great for parents and employers.
- User-Friendly Dashboard: Clean interface with easy navigation.
- Cross-Platform Support: Compatible with Android and iPhone.
❌ Cons:
- Some Features Require Rooting or Jailbreaking: Advanced tools need extra steps.
- Pricing Is Subscription-Based: No one-time purchase option.
- No Live Call Recording: Restricted due to privacy laws in many regions.
Despite these limitations, mSpy remains one of the most balanced spy apps for those seeking depth without unnecessary complexity.

Protect What Matters with the Best Phone Monitoring App – Start with mSpy Now
Compatibility of mSpy application Across Mobile Devices

mSpy extends its compatibility umbrella over an extensive array of mobile phones and tablets, encompassing the following:
- iOS 7 through 9.1 for mSpy with jailbreak. In scenarios where the targeted iPhone remains unjailbroken, data transfer is routed through iCloud storage, facilitating mSpy functionality on any phone with iOS 7 or higher.
- Android 4 or subsequent iterations, although certain advanced facets of the application may solely be accessible on rooted Android devices.
- Mac OS X variants encompassing 10.9 Mavericks, 10.8 Mountain Lion, 10.7 Lion, 10.11 El Capitan, and 10.10 Yosemite.
Costing of mSpy
Outlined below is the cost framework for mSpy’s mobile phone monitoring services:

mSpy Basic Plan
1-month subscription: $39.99 3

mSpy Premium Plan
1-month subscription: $59.99 3-month subscription:

mSpy Family Kit
Moreover, the company introduces the Family Kit, facilitating concurrent oversight of 3 devices. This package is available at the ensuing rates: 12-month subscription: $199.99

mSpy Refund Policy: What You Need to Know

mSpy offers a 14-day refund window for first-time subscribers, but only under specific conditions.

✅ Eligible for Refund:
- You experience technical issues that mSpy’s support team cannot resolve.
- Your refund request is submitted within 14 days of purchase.
- The request pertains to your initial subscription (not renewals or additional purchases).
❌ Not Eligible for Refund:
- You change your mind or make an accidental purchase.
- The target device is incompatible, lacks internet access, or has been reset.
- You refuse to follow installation instructions or decline technical assistance.
- You lack physical access to the target device or cannot unlock it.
- You fail to reinstall mSpy after an OS update or factory reset.
- You lose your private encryption key, resulting in data loss.
- You attempt to use mSpy on unsupported operating systems (e.g., Symbian, Windows Phone, BlackBerry 10).
How to Request a Refund:
- Email your request to refund@mspy.com.
- Include your order details and the reason for the refund.
- Note: Refund requests are not accepted via live chat or phone.
The Phone Monitoring App You Can Trust – Try mSpy Risk-Free
mSpy Installation Guide: Step-by-Step

For Android Devices:
1. Purchase your mSpy plan
2. Access installation guide in your dashboard
3. Enable app installation from unknown sources
4. Install the app on the target device
5. Hide the app icon (automatic)
6. Start monitoring via your web account
For iPhones:
1. Buy mSpy and log in to your account
2. Enter iCloud credentials of the target phone
3. Enable backup sync (2FA must be off)
4. Start tracking through your dashboard
Total setup time: Under 10 minutes in most cases
No ongoing access required once installed
Secure & Track Remotely with the Best Mobile Tracking App – mSpy Limited Offer On Now!
Exploring the mSpy Free Trial

Embark on a 7-day exploration of the mSpy free trial to ascertain its potential merits. Upon initiation, you will be granted unrestricted access to all functionalities, acquainting yourself with the benefits it bestows.

This trial stint is instrumental in unveiling the capacity to invisibly and remotely oversee any mobile device. The process is straightforward: navigate to mSpy.com, select an appropriate subscription plan, and opt for the free trial alternative.

Following a week of experiential utilization, you possess the liberty to either perpetuate the subscription or opt for its termination. Should you aspire to delve into its efficacy sans financial commitment, the avenue of this complimentary trial beckons.

Get An Exclusive Limited Time Discount on mSpy

Is mSpy Legal to Use?

The legality of mobile tracking apps depends on how they’re used:
- ✅ Legal for Parental Monitoring: Parents can track their minor children’s phones.
- ✅ Legal on Company Devices: Employers can monitor work-issued devices with employee consent or policy documentation.
- ❌ Illegal Without Consent: It’s unlawful in many regions to spy on a spouse, adult, or partner without permission.
mSpy emphasizes responsible usage. Users must confirm that they own the device or have legal permission before installing the software. The platform clearly disclaims liability for misuse.
If used within the bounds of law and intent, mSpy is a powerful and compliant solution for modern digital monitoring.
Why Wait? The Best Phone Monitoring App (mSpy) Is Ready – Real-Time GPS, Social Media Logs & More

mSpy vs Competitors

mSpy vs FlexiSPY

FlexiSPY offers live call interception and ambient recording—features mSpy avoids for legal reasons. However, mSpy wins on ease of use, stealth, and customer support.

mSpy vs uMobix

uMobix has strong social media tracking, but its dashboard is less intuitive. mSpy provides a better overall user experience and is more stable on iOS.

mSpy vs Cocospy

Cocospy is beginner-friendly but lacks depth. mSpy offers more advanced features, such as keyword alerts, geofencing, and in-depth logs.
In side-by-side comparisons, mSpy consistently delivers the best combination of reliability, discretion, and monitoring power.

Why mSpy Earns Its Reputation as a Premier Mobile Surveillance App
- Budget-Friendly Vigilance: mSpy emerges as a cost-effective avenue, facilitating the scrutiny of your child’s digital interactions or mobile pursuits for a mere fraction of a dollar per day.
- Effortless Deployment: Installation proves a straightforward endeavor, requiring less than 10 minutes for comprehensive setup completion.
- Concealed Operation: The application seamlessly functions in a concealed background mode, rendering it entirely imperceptible to the marked user.
- Timely Updates: The flow of updated information from the target device remains uninterrupted, with data refresh cycles occurring every 5 minutes.
- Comprehensive Assistance: A robust network of 24/7 multilingual support ensures that you receive the requisite guidance and aid throughout your journey with mSpy.
- Unwavering Dependability and Security: mSpy embodies an unwavering commitment to reliability and security. All procured data undergoes encryption and safeguards, rendering it a steadfast and secure mobile monitoring solution.
Track Smarter in 2025 – mSpy Is the Best Mobile Tracking App for Safe, Legal Use

FAQs About mSpy Apps

Q1: Is mSpy visible on the phone?
No, once installed, mSpy runs in stealth mode and is not visible to the device user.
Q2: Does mSpy work with the latest iOS and Android versions?
Yes. mSpy supports Android 13/14 and iOS 17, with ongoing updates to maintain compatibility.
Q3: What happens if the phone restarts or updates?
The app auto-restarts in most cases and continues tracking unless uninstalled.
Q4: Can I install mSpy without touching the phone?
Only on iPhones with iCloud backup enabled and no 2FA. Android phones require brief physical access.
Q5: What are people saying on Reddit or forums?
Reddit users generally report that mSpy is dependable, especially for parental control. Some voice privacy concerns, but these are tied to misuse rather than flaws in the app.

Click Here to Get mSpy From Its Official website

mSpy Real User Reviews

Jenna T. – Dallas, TX (Parent)

“I needed a way to monitor my teenage son’s online behavior after some late-night messages raised concerns. mSpy helped me keep track of his activity without making him feel violated. It’s been a life-saver.”
Raj M. – San Jose, CA (Employer)
“We issued company phones last year and suspected misuse. mSpy provided the visibility we needed without disrupting work. The dashboard is intuitive, and the alerts help us spot problems early.”
Carla R. – Atlanta, GA (Concerned Spouse)
“mSpy gave me the peace of mind I was looking for. I had suspicions, and while it wasn’t easy, the clarity helped us have an honest conversation. It’s discreet and effective.”
Peter N. – Chicago, IL (Tech Blogger)
“As someone who tests monitoring tools, mSpy stands out for its reliability and feature richness. It’s not the cheapest, but it delivers value, especially for less tech-savvy users.”
See Their Calls, Chats & GPS – All From Your Dashboard with the Best Mobile Tracking App

How mSpy Helps Prevent Digital Dangers

The digital world is filled with unseen threats, especially for children and vulnerable users. mSpy plays a preventive role by giving parents and guardians real-time insights into mobile behavior—often before something harmful occurs.
For example, cyberbullying often starts subtly, through text messages or social media. With mSpy’s keyword alert system and message monitoring, red flags can be detected early. Parents can intervene before emotional damage is done.
Online predators are another concern. They typically engage victims through apps like Snapchat, Instagram, and WhatsApp. mSpy allows guardians to review conversations across these platforms, revealing inappropriate behavior or grooming tactics.
Screen addiction is also on the rise. With app usage tracking, parents can understand where time is being spent and set digital boundaries. For employers, mSpy prevents productivity loss by identifying inappropriate device use during work hours.
By offering visibility and early intervention tools, mSpy becomes more than just a spy app—it becomes a layer of digital protection.

Can You Trust Spy Apps? Reputation Check & Scam Warning Signs

The spy app industry is filled with copycats, scams, and malware-laced programs. Knowing who to trust is essential—and mSpy stands out for good reason.
What Makes a Spy App Trustworthy?
- Official website distribution only
- Transparent pricing and feature lists
- Clear legal use policy
- Regular updates and live customer support
mSpy checks every box. It’s not found on suspicious third-party app stores or fake marketplaces. The company has been in operation for over 10 years, with a verifiable user base and global presence.
Red Flags to Avoid
- Apps offering “undetectable call recording” without any legal disclaimer
- Download links through sketchy APK sites
- No refund policy or support contact
Before installing any tracking tool, check reviews, legal policies, and trust ratings. If it looks too good to be true, it probably is.

Best Mobile Spy App for Parents, Employers & Partners – Get mSpy Now
Troubleshooting Guide: What to Do If mSpy Stops Working
Even reliable apps can run into issues—especially after OS updates or permission resets. If mSpy stops syncing or collecting data, here’s what to do:
Step 1: Check Internet Connection
The app needs internet access to sync data. Ensure the target phone is connected to Wi-Fi or mobile data.
Step 2: Revisit Permissions
Go to the phone’s settings and ensure permissions like GPS, contacts, and storage are still enabled for mSpy.
Step 3: Confirm App Visibility
Make sure the app hasn’t been removed or flagged by antivirus software. If necessary, reinstall following the original setup guide.
Step 4: Contact Support
mSpy has 24/7 live chat support. Log in to your dashboard and connect with their team for personalized assistance.
With the right response, most issues can be resolved within minutes—and your monitoring resumes without disruption.
Best Mobile Spy App for Android & iPhone – Track Without Being Detected with mSpy
The Final Conclusion

After conducting a comprehensive exploration, juxtaposing the positives and negatives, we have arrived at a definitive conclusion. The pivotal question emerges: Does mSpy stand as a prudent investment, or is it best to avert its usage?

Our exhaustive analysis of mSpy customer feedback resoundingly echoes the sentiment of admiration. This accord resonates with our own assessment, solidifying the stance that mSpy represents a high-value proposition, replete with an array of commendable attributes and exceptional customer assistance. It is our conviction that mSpy reigns as the preeminent tracking application, proficiently catering to the needs of those seeking to discreetly oversee the actions of their employees, children, or other individuals. It stands as a potent conduit to discreetly peruse incoming calls and dispatched messages, all while evading the awareness of the subject under observation.

The stalwart customer support infrastructure, coupled with the seamless integration of routine updates to ensure a user-friendly experience, fuels our belief that mSpy’s enduring value will persist in the foreseeable future. Notably, mSpy extends a suite of preeminent monitoring features, further enhancing its allure.

The Phone Monitoring App You Can Trust – Try mSpy Risk-Free

Project name: mSpy
Londynska 730/59,
Vinohrady,
120 00 Praha,
Czech Republic
Media Contact:
Company website: https://www.mspy.com/
email: support@mspy.com
USA (toll-free): +1 855 896 00 41

Disclosure: The claim “#1 Choice in the United States” reflects our personal opinion and is not supported by independent market research.
mSpy is intended strictly for legal use only. Installing monitoring software on a device you do not own, or without proper consent, may violate local laws. In most jurisdictions, you are required to notify the device owner before installation.
Unauthorized use could lead to civil or criminal penalties. You are fully responsible for ensuring lawful use of the software.
We strongly recommend consulting a licensed legal advisor before installing or using mSpy on any device.
All trademarks, logos, and brand names mentioned are the property of their respective owners. References to third-party products or services are for identification purposes only and do not constitute endorsements.
Always refer to the official website of the loan provider for the most accurate and up-to-date product terms, pricing, and eligibility requirements.

Content Accuracy Disclaimer

Every effort has been made to ensure the accuracy of the information presented in this article. However, due to the dynamic nature of product formulations, promotions, and availability, details may change without notice. The publisher makes no warranties or representations as to the current completeness or accuracy of any content, including product claims, pricing, or ingredient lists.
It is the responsibility of the reader to verify product information directly through the official website or manufacturer prior to making a purchasing decision. Any reliance placed on the information in this article is done strictly at your own risk.

Affiliate Disclosure
This article may contain affiliate links. If you purchase a product or service through these links, the publisher may earn a commission at no additional cost to you. These commissions help support the creation of in-depth reviews and educational wellness content.
The publisher only promotes products that have been independently evaluated and deemed potentially beneficial to readers. However, this compensation may influence the content, topics, or products discussed in this article. The views and opinions expressed are those of the author and do not necessarily reflect the official policy or position of any affiliate partner or product provider.

Attachment

The MIL Network –
May 22, 2025

MIL-OSI USA: Russian GRU Targeting Western Logistics Entities and Technology Companies

News In Brief – Source: US Computer Emergency Readiness Team

Executive Summary

This joint cybersecurity advisory (CSA) highlights a Russian state-sponsored cyber campaign targeting Western logistics entities and technology companies. This includes those involved in the coordination, transport, and delivery of foreign assistance to Ukraine. Since 2022, Western logistics entities and IT companies have faced an elevated risk of targeting by the Russian General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (85th GTsSS), military unit 26165—tracked in the cybersecurity community under several names (see “Cybersecurity Industry Tracking”). The actors’ cyber espionage-oriented campaign, targeting technology companies and logistics entities, uses a mix of previously disclosed tactics, techniques, and procedures (TTPs). The authoring agencies expect similar targeting and TTP use to continue.

Executives and network defenders at logistics entities and technology companies should recognize the elevated threat of unit 26165 targeting, increase monitoring and threat hunting for known TTPs and indicators of compromise (IOCs), and posture network defenses with a presumption of targeting.

This cyber espionage-oriented campaign targeting logistics entities and technology companies uses a mix of previously disclosed TTPs and is likely connected to these actors’ wide scale targeting of IP cameras in Ukraine and bordering NATO nations.

The following authors and co-sealers are releasing this CSA:

United States National Security Agency (NSA)
United States Federal Bureau of Investigation (FBI)
United Kingdom National Cyber Security Centre (NCSC-UK)
Germany Federal Intelligence Service (BND) Bundesnachrichtendienst
Germany Federal Office for Information Security (BSI) Bundesamt für Sicherheit in der Informationstechnik
Germany Federal Office for the Protection of the Constitution (BfV) Bundesamt für Verfassungsschutz
Czech Republic Military Intelligence (VZ) Vojenské zpravodajství
Czech Republic National Cyber and Information Security Agency (NÚKIB) Národní úřad pro kybernetickou a informační bezpečnost
Czech Republic Security Information Service (BIS) Bezpečnostní informační služba
Poland Internal Security Agency (ABW) Agencja Bezpieczeństwa Wewnętrznego
Poland Military Counterintelligence Service (SKW) Służba Kontrwywiadu Wojskowego
United States Cybersecurity and Infrastructure Security Agency (CISA)
United States Department of Defense Cyber Crime Center (DC3)
United States Cyber Command (USCYBERCOM)
Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC)
Canadian Centre for Cyber Security (CCCS)
Danish Defence Intelligence Service (DDIS) Forsvarets Efterretningstjeneste
Estonian Foreign Intelligence Service (EFIS) Välisluureamet
Estonian National Cyber Security Centre (NCSC-EE) Küberturvalisuse keskus
French Cybersecurity Agency (ANSSI) Agence nationale de la sécurité des systèmes d’information
Netherlands Defence Intelligence and Security Service (MIVD) Militaire Inlichtingen- en Veiligheidsdienst

Download the PDF version of this report:

Russian GRU Targeting Western Logistics Entities and Technology Companies (PDF, 1,081KB)

For a downloadable list of IOCs, visit:

Introduction

For over two years, the Russian GRU 85th GTsSS, military unit 26165—commonly known in the cybersecurity community as APT28, Fancy Bear, Forest Blizzard, BlueDelta, and a variety of other identifiers—has conducted this campaign using a mix of known tactics, techniques, and procedures (TTPs), including reconstituted password spraying capabilities, spearphishing, and modification of Microsoft Exchange mailbox permissions.
In late February 2022, multiple Russian state-sponsored cyber actors increased the variety of cyber operations for purposes of espionage, destruction, and influence—with unit 26165 predominately involved in espionage. [1] As Russian military forces failed to meet their military objectives and Western countries provided aid to support Ukraine’s territorial defense, unit 26165 expanded its targeting of logistics entities and technology companies involved in the delivery of aid. These actors have also targeted Internet-connected cameras at Ukrainian border crossings to monitor and track aid shipments.
Note: This advisory uses the MITRE ATT&CK® for Enterprise framework, version 17. See Appendix A: MITRE ATT&CK tactics and techniques for a table of the threat actors’ activity mapped to MITRE ATT&CK tactics and techniques. This advisory uses the MITRE D3FEND® framework, version 1.0.

Description of Targets

The GRU unit 26165 cyber campaign against Western logistics providers and technology companies has targeted dozens of entities, including government organizations and private/commercial entities across virtually all transportation modes: air, sea, and rail. These actors have targeted entities associated with the following verticals within NATO member states, Ukraine, and at international organizations:

Defense Industry
Transportation and Transportation Hubs (ports, airports, etc.)
Maritime
Air Traffic Management
IT Services

In the course of the targeting lifecycle, unit 26165 actors identified and conducted follow-on targeting of additional entities in the transportation sector that had business ties to the primary target, exploiting trust relationships to attempt to gain additional access [T1199].

The actors also conducted reconnaissance on at least one entity involved in the production of industrial control system (ICS) components for railway management, though a successful compromise was not confirmed [TA0043].

The countries with targeted entities include the following, as illustrated in Figure 1:

Bulgaria
Czech Republic
France
Germany
Greece
Italy
Moldova
Netherlands
Poland
Romania
Slovakia
Ukraine
United States

Figure 1: Countries with Targeted Entities

Initial Access TTPs

To gain initial access to targeted entities, unit 26165 actors used several techniques to gain initial access to targeted entities, including (but not limited to):

The actors abused vulnerabilities associated with a range of brands and models of small office/home office (SOHO) devices to facilitate covert cyber operations, as well as proxy malicious activity via devices with geolocation in proximity to the target [T1665]. [2]

Credential Guessing/Brute Force

Unit 26165 actors’ credential guessing [T1110.001] operations in this campaign exhibit some similar characteristics to those disclosed in the previous CSA “Russian GRU Conducting Global Brute Force Campaign to Compromise Enterprise and Cloud Environments.” [3] Based on victim network investigations, the current iteration of this TTP employs a similar blend of anonymization infrastructure, including the use of Tor and commercial VPNs [T1090.003]. The actors frequently rotated the IP addresses used to further hamper detection. All observed connections were made via encrypted TLS [T1573].

Spearphishing

GRU unit 26165 actors’ spearphishing emails included links [T1566.002] leading to fake login pages impersonating a variety of government entities and Western cloud email providers’ webpages. These webpages were typically hosted on free third-party services or compromised SOHO devices and often used legitimate documents associated with thematically similar entities as lures. The subjects of spearphishing emails were diverse and ranged from professional topics to adult themes. Phishing emails were frequently sent via compromised accounts or free webmail accounts [T1586.002, T1586.003]. The emails were typically written in the target’s native language and sent to a single targeted recipient.

Some campaigns employed multi-stage redirectors [T1104] verifying IP-geolocation [T1627.001] and browser fingerprints [T1627] to protect credential harvesting infrastructure or provide multifactor authentication (MFA) [T1111] and CAPTCHA relaying capabilities [T1056]. Connecting endpoints failing the location checks were redirected to a benign URL [T1627], such as msn.com. Redirector services used include:

Webhook[.]site
FrgeIO
InfinityFree
Dynu
Mocky
Pipedream
Mockbin[.]org

The actors also used spearphishing to deliver malware (including HEADLACE and MASEPIE) executables [T1204.002] delivered via third-party services and redirectors [T1566.002], scripts in a mix of languages [T1059] (including BAT [T1059.003] and VBScript [T1059.005]) and links to hosted shortcuts [T1204.001].

CVE Usage

Throughout this campaign, GRU unit 26165 weaponized an Outlook NTLM vulnerability (CVE-2023-23397) to collect NTLM hashes and credentials via specially crafted Outlook calendar appointment invitations [T1187]. [4],[5] These actors also used a series of Roundcube CVEs (CVE-2020-12641, CVE-2020-35730, and CVE-2021-44026) to execute arbitrary shell commands [T1059], gain access to victim email accounts, and retrieve sensitive data from email servers [T1114].

Since at least fall 2023, the actors leveraged a WinRAR vulnerability (CVE-2023-38831) allowing for the execution of arbitrary code embedded in an archive as a means of initial access [T1659]. The actors sent emails with malicious attachments [T1566.001] or embedded hyperlinks [T1566.002] that downloaded a malicious archive prepared using this CVE.

Post-Compromise TTPs

After an initial compromise using one of the above techniques, unit 26165 actors conducted contact information reconnaissance to identify additional targets in key positions [T1589.002]. The actors also conducted reconnaissance of the cybersecurity department [T1591], individuals responsible for coordinating transport [T1591.004], and other companies cooperating with the victim entity [T1591.002].

The actors used native commands and open source tools, such as Impacket and PsExec, to move laterally within the environment [TA0008]. Multiple Impacket scripts were used as .exe files, in addition to the python versions, depending on the victim environment. The actors also moved laterally within the network using Remote Desktop Protocol (RDP) [T1021.001] to access additional hosts and attempt to dump Active Directory NTDS.dit domain databases [T1003.003] using native Active Directory Domain Services commands, such as in Figure 2: Example Active Directory Domain Services command:

C:Windowssystem32ntdsutil.exe "activate instance ntds" ifm "create full C:temp[a-z]{3}" quit quit

Figure 2: Example Active Directory Domain Services command

Additionally, GRU unit 26165 actors used the tools Certipy and ADExplorer.exe to exfiltrate information from the Active Directory. The actors installed python [T1059.006] on infected machines to enable the execution of Certipy. Accessed files were archived in .zip files prior to exfiltration [T1560]. The actors attempted to exfiltrate archived data via a previously dropped OpenSSH binary [T1048].

Incident response investigations revealed that the actors would take steps to locate and exfiltrate lists of Office 365 users and set up sustained email collection. The actors used manipulation of mailbox permissions [T1098.002] to establish sustained email collection at compromised logistics entities, as detailed in a Polish Cybercommand blog. [6]

After initial authentication, unit 26165 actors would change accounts’ folder permissions and enroll compromised accounts in MFA mechanisms to increase the trust-level of compromised accounts and enable sustained access [T1556.006]. The actors leveraged python scripts to retrieve plaintext passwords via Group Policy Preferences [T1552.006] using Get-GPPPassword.py and a modified ldap-dump.py to enumerate the Windows environment [T1087.002] and conduct a brute force password spray [T1110.003] via Lightweight Directory Access Protocol (LDAP). The actors would additionally delete event logs through the wevtutil utility [T1070.001].

After gaining initial access to the network, the actors pursued further access to accounts with access to sensitive information on shipments, such as train schedules and shipping manifests. These accounts contained information on aid shipments to Ukraine, including:

sender,
recipient,
train/plane/ship numbers,
point of departure,
destination,
container registration numbers,
travel route, and
cargo contents.

In at least one instance, the actors attempted to use voice phishing [T1566.004] to gain access to privileged accounts by impersonating IT staff.

Malware

Unit 26165’s use of malware in this campaign ranged from gaining initial access to establishing persistence and exfiltrating data. In some cases, the attack chain resulted in multiple pieces of malware being deployed in succession. The actors used dynamic link library (DLL) search order hijacking [T1574.001] to facilitate malware execution. There were a number of known malware variants tied to this campaign against logistics sector victims, including:

HEADLACE [7]
MASEPIE [8]

While other malware variants, such as OCEANMAP and STEELHOOK, [8] were not directly observed targeting logistics or IT entities, their deployment against victims in other sectors in Ukraine and other Western countries suggest that they could be deployed against logistics and IT entities should the need arise.

Persistence

In addition to the abovementioned mailbox permissions abuse, unit 26165 actors also used scheduled tasks [T1053.005], run keys [T1547.001], and placed malicious shortcuts [T1547.009] in the startup folder to establish persistence.

Exfiltration

GRU unit 26165 actors used a variety of methods for data exfiltration that varied based on the victim environment, including both malware and living off the land binaries. PowerShell commands [T1059.001] were often used to prepare data for exfiltration; for example, the actors prepared zip archives [T1560.001] for upload to their own infrastructure.

The actors also used server data exchange protocols and Application Programming Interfaces (APIs) such as Exchange Web Services (EWS) and Internet Message Access Protocol (IMAP) [T1114.002] to exfiltrate data from email servers. In multiple instances, the actors used periodic EWS queries [T1119] to collect new emails sent and received since the last data exfiltration [T1029]. The actors typically used infrastructure in close geographic proximity to the victim. Long gaps between exfiltration, the use of trusted and legitimate protocols, and the use of local infrastructure allowed for long-term collection of sensitive data to go undetected.

Connections to Targeting of IP Cameras

In addition to targeting logistics entities, unit 26165 actors likely used access to private cameras at key locations, such as near border crossings, military installations, and rail stations, to track the movement of materials into Ukraine. The actors also used legitimate municipal services, such as traffic cams.

The actors targeted Real Time Streaming Protocol (RTSP) servers hosting IP cameras primarily located in Ukraine as early as March 2022 in a large-scale campaign, which included attempts to enumerate devices [T1592] and gain access to the cameras’ feeds [T1125]. Actor-controlled servers sent RTSP DESCRIBE requests destined for RTSP servers, primarily hosting IP cameras [T1090.002]. The DESCRIBE requests were crafted to obtain access to IP cameras located on logically distinct networks from that of the routers that received the request. The requests included Base64-encoded credentials for the RTSP server, which included publicly documented default credentials and likely generic attempts to brute force access to the devices [T1110]. An example of an RTSP request is shown in Figure 3.

DESCRIBE rtsp://[IP ADDRESS] RTSP/1.0

CSeq: 1

Authorization: Basic

User-Agent: WebClient

Accept: application/sdp

DESCRIBE rtsp://[IP ADDRESS] RTSP/1.0

CSeq: 2

Authorization: Digest username="admin", realm="[a-f0-9]{12}", algorithm="MD5", nonce="[a-f0-9]{32}", uri="", response="[a-f0-9]{32}"

User-Agent: WebClient

Accept: application/sdp

Figure 3: Example RTSP request

Successful RTSP 200 OK responses contained a snapshot of the IP camera’s image and IP camera metadata such as video codec, resolution, and other properties depending on the IP camera’s configuration.

From a sample available to the authoring agencies of over 10,000 cameras targeted via this effort, the geographic distribution of victims showed a strong focus on cameras in Ukraine and border countries, as shown in Table 1:

Table 1: Geographic distribution of targeted IP cameras
Country	Percentage of Total Attempts
Ukraine	81.0%
Romania	9.9%
Poland	4.0%
Hungary	2.8%
Slovakia	1.7%
Others	0.6%

Mitigation Actions

General Security Mitigations

Architecture and Configuration

Employ appropriate network segmentation [D3-NI] and restrictions to limit access and utilize additional attributes (such as device information, environment, and access path) when making access decisions [D3-AMED].
- Consider Zero Trust principles when designing systems. Base product choices on how those products can solve specific risks identified as part of the end-to-end design. [9]
Ensure that host firewalls and network security appliances (e.g., firewalls) are configured to only allow legitimately needed data flows between devices and servers to prevent lateral movement [D3-ITF]. Alert on attempts to connect laterally between host devices or other unusual data flows.
Use automated tools to audit access logs for security concerns and identify anomalous access requests [D3-RAPA].
For organizations using on-premises authentication and email services, block and alert on NTLM/SMB requests to external infrastructure [D3-OTF].
Utilize endpoint, detection, and response (EDR) and other cybersecurity solutions on all systems, prioritizing high value systems with large amounts of sensitive data such as mail servers and domain controllers [D3-PM] first.
- Perform threat and attack modeling to understand how sensitive systems may be compromised within an organization’s specific architecture and security controls. Use this to develop a monitoring strategy to detect compromise attempts and select appropriate products to enact this strategy.
Collect and monitor Windows logs for certain events, especially for events that indicate that a log was cleared unexpectedly [D3-SFA].
Enable optional security features in Windows to harden endpoints and mitigate initial access techniques [D3-AH]:
- Enable attack surface reduction rules to prevent executable content from email [D3-ABPI].
- Enable attack surface reduction rules to prevent execution of files from globally writeable directories, such as Downloads or %APPDATA% [D3-EAL].
- Unless users are involved in the development of scripts, limit the local execution of scripts (such as batch scripts, VBScript, JScript/JavaScript, and PowerShell [10]) to known scripts [D3-EI], and audit execution attempts.
- Disable Windows Host Scripting functionality and configure PowerShell to run in Constrained mode [D3-ACH].
Where feasible, implement allowlisting for applications and scripts to limit execution to only those needed for authorized activities, blocking all others by default [D3-EAL].
Consider using open source SIGMA rules as a baseline for detecting and alerting on suspicious file execution or command parameters [D3-PSA].
Use services that provide enhanced browsing services and safe link checking [D3-URA]. Significant reductions in successful spearphishing attempts were noted when email providers began offering link checking and automatic file detonation to block malicious content.
Where possible, block logins from public VPNs, including exit nodes in the same country as target systems, or, if they need to be allowed, alert on them for further investigation. Most organizations should not need to allow incoming traffic, especially logins to systems, from VPN services [D3-NAM].
Educate users to only use approved corporate systems for relevant government and military business and avoid the use of personal accounts on cloud email providers to conduct official business. Network administrators should also audit both email and web request logs to detect such activity.

Many organizations may not need to allow outgoing traffic to hosting and API mocking services, which are frequently used by GRU unit 26165. Organizations should consider alerting on or blocking the following services, with exceptions allowlisted for legitimate activity [D3-DNSDL].

*.000[.]pe
*.1cooldns[.]com
*.42web[.]io
*.4cloud[.]click
*.accesscan[.]org
*.bumbleshrimp[.]com
*.camdvr[.]org
*.casacam[.]net
*.ddnsfree[.]com
*.ddnsgeek[.]com
*.ddnsguru[.]com
*.dynuddns[.]com
*.dynuddns[.]net
*.free[.]nf
*.freeddns[.]org
*.frge[.]io
*.glize[.]com
*.great-site[.]net
*.infinityfreeapp[.]com
*.kesug[.]com
*.loseyourip[.]com
*.lovestoblog[.]com
*.mockbin[.]io
*.mockbin[.]org
*.mocky[.]io
*.mybiolink[.]io
*.mysynology[.]net
*.mywire[.]org
*.ngrok[.]io
*.ooguy[.]com
*.pipedream[.]net
*.rf[.]gd
*.urlbae[.]com
*.webhook[.]site
*.webhookapp[.]com
*.webredirect[.]org
*.wuaze[.]com

Heuristic detections for web requests to new subdomains, including of the above providers, may uncover malicious phishing activity [D3-DNRA]. Logging the requests for each sub-domain requested by users on a network, such as in DNS or firewall logs, may enable system administrators to identify new targeting and victims.

Identity and Access Management

Organizations should take measures to ensure strong access controls and mitigate against common credential theft techniques:

Use MFA with strong factors, such as passkeys or PKI smartcards, and require regular re-authentication [D3-MFA]. [11], [12] Strong authentication factors are not guessable using dictionary techniques, so they resist brute force attempts.
Implement other mitigations for privileged accounts: including limiting the number of admin accounts, considering using hardware MFA tokens, and regularly reviewing all privileged user accounts [D3-JFAPA].
Separate privileged accounts by role and alert on misuse of privileged accounts [D3-UAP]. For example, email administrator accounts should be different from domain administrator accounts.
Reduce reliance on passwords; instead, consider using services like single sign-on [D3-TBA].
- For organizations using on-premises authentication and email services, plan to disable NTLM entirely and migrate to more robust authentication processes such as PKI certificate authentication.
Do not store passwords in Group Policy Preferences (GPP). Remove all passwords previously included in GPP and change all passwords on the corresponding accounts [D3-CH]. [13]
Use account throttling or account lockout [D3-ANET]:
- Throttling is preferred to lockout. Throttling progressively increases time delay between successive login attempts.
- Account lockout can leave legitimate users unable to access their accounts and requires access to an account recovery process.
- Account lockout can provide a malicious actor with an easy way to launch a Denial of Service (DoS).
- If using lockout, then allowing 5 to 10 attempts before lockout is recommended.
Use a service to check for compromised passwords before using them [D3-SPP]. For example, “Have I Been Pwned” can be used to check whether a password has been previously compromised without disclosing the potential password.
Change all default credentials [D3-CRO] and disable protocols that use weak authentication (e.g., clear-text passwords or outdated and vulnerable authentication or encryption protocols) or do not support multi-factor authentication [D3-ACH] [D3-ET]. Always configure access controls carefully to ensure that only well-maintained and well-authenticated accounts have access. [13]

IP Camera Mitigations

The following mitigation techniques for IP cameras can be used to defend against this type of malicious activity:

Ensure IP cameras are currently supported. Replace devices that are out of support.
Apply security patches and firmware updates to all IP cameras [D3-SU].
Disable remote access to the IP camera, if unnecessary [D3-ITF].
Ensure cameras are protected by a security appliance, if possible, such as by using a firewall to prevent communication with the camera from IP addresses not on an allowlist [D3-NAM].
If remote access to IP camera feeds is required, ensure authentication is enabled [D3-AA] and use a VPN to connect remotely [D3-ET]. Use MFA for management accounts if supported [D3-MFA].
Disable Universal Plug and Play (UPnP), Peer-to-Peer (P2P), and Anonymous Visit features on IP cameras and routers [D3-NI].
Turn off other ports/services not in use (e.g., FTP, web interface, etc.) [D3-ACH].
If supported, enable authenticated RTSP access only [D3-AA].
Review all authentication activity for remote access to make sure it is valid and expected [D3-UBA]. Investigate any unexpected or unusual activity.
Audit IP camera user accounts to ensure they are an accurate reflection of your organization and that they are being used as expected [D3-UAP].
Configure, tune, and monitor logging—if available—on the IP camera.

Indicators of Compromise (IOCs)

Note: Specific IoCs may no longer be actor controlled, may themselves be compromised infrastructure or email accounts, or may be shared infrastructure such as public VPN or Tor exit nodes. Care should be taken when basing triaging logs or developing detection rules on these indicators. GRU unit 26165 almost certainly uses extensive further infrastructure and TTPs not specifically listed in this report.

Utilities and scripts

Legitimate utilities

Unauthorized or unusual use of the following legitimate utilities can be an indication of a potential compromise:

ntdsutil – A legitimate Windows executable used by threat actors to export contents of Active Directory
wevtutil – A legitimate Windows executable used by threat actors to delete event logs
vssadmin – A legitimate Windows executable possibly used by threat actors to make a copy of the server’s C: drive
ADexplorer – A legitimate window executable to view, edit, and backup Active Directory Certificate Services
OpenSSH – The Windows version of a legitimate open source SSH client
schtasks – A legitimate Windows executable used to create persistence using scheduled tasks
whoami – A legitimate Windows executable used to retrieve the name of the current user
tasklist – A legitimate Windows executable used to retrieve the list of running processes
hostname – A legitimate Windows executable used to retrieve the device name
arp – A legitimate Windows executable used to retrieve the ARP table for mapping the network environment
systeminfo – A legitimate Windows executable used to retrieve a comprehensive summary of device and operating system information
net – A legitimate Windows executable used to retrieve detailed user information
wmic – A legitimate Windows executable used to interact with Windows Management Instrumentation (WMI), such as to retrieve letters assigned to logical partitions on storage drives
cacls – A legitimate Windows executable used to modify permissions on files
icacls – A legitimate Windows executable used to modify permissions to files and handle integrity levels and ownership
ssh – A legitimate Windows executable used to establish network shell connections
reg – A legitimate Windows executable used to add to or modify the system registry

Note: Additional heuristics are needed for effective hunting for these and other living off the land (LOTL) binaries to avoid being overwhelmed by false positives if these legitimate management tools are used regularly. See the joint guide, Identifying and Mitigating Living Off the Land Techniques, for guidance on developing a multifaceted cybersecurity strategy that enables behavior analytics, anomaly detection, and proactive hunting, which are part of a comprehensive approach to mitigating cyber threats that employ LOTL techniques.

Malicious scripts

Certipy – An open source python tool for enumerating and abusing Active Directory Certificate Services
Get-GPPPassword.py – An open source python script for finding insecure passwords stored in Group Policy Preferences
ldap-dump.py – A script for enumerating user accounts and other information in Active Directory
Hikvision backdoor string: “YWRtaW46MTEK”

Suspicious command lines

While the following utilities are legitimate, and using them with the command lines shown may also be legitimate, these command lines are often used during malicious activities and could be an indication of a compromise:

edge.exe “-headless-new -disable-gpu”
ntdsutil.exe “activate instance ntds” ifm “create full C:temp[a-z]{3}” quit quit
ssh -Nf
schtasks /create /xml

Outlook CVE Exploitation IOCs

md-shoeb@alfathdoor[.]com[.]sa
jayam@wizzsolutions[.]com
accounts@regencyservice[.]in
m.salim@tsc-me[.]com
vikram.anand@4ginfosource[.]com
mdelafuente@ukwwfze[.]com
sarah@cosmicgold469[.]co[.]za
franch1.lanka@bplanka[.]com
commerical@vanadrink[.]com
maint@goldenloaduae[.]com
karina@bhpcapital[.]com
tv@coastalareabank[.]com
ashoke.kumar@hbclife[.]in
213[.]32[.]252[.]221
124[.]168[.]91[.]178
194[.]126[.]178[.]8
159[.]196[.]128[.]120

Commonly Used Webmail Providers

portugalmail[.]pt
mail-online[.]dk
email[.]cz
seznam[.]cz

Malicious Archive Filenames Involving CVE-2023-38831

calc.war.zip
news_week_6.zip
Roadmap.zip
SEDE-PV-2023-10-09-1_EN.zip
war.zip
Zeyilname.zip

Brute Forcing IP Addresses

Disclaimer: These IP addresses date June 2024 through August 2024. The authoring agencies recommend organizations investigate or vet these IP addresses prior to taking action, such as blocking.

June 2024	July 2024	August 2024
192[.]162[.]174[.]94	207[.]244[.]71[.]84	31[.]135[.]199[.]145	79[.]184[.]25[.]198	91[.]149[.]253[.]204
103[.]97[.]203[.]29	162[.]210[.]194[.]2	31[.]42[.]4[.]138	79[.]185[.]5[.]142	91[.]149[.]254[.]75
209[.]14[.]71[.]127		46[.]112[.]70[.]252	83[.]10[.]46[.]174	91[.]149[.]255[.]122
109[.]95[.]151[.]207		46[.]248[.]185[.]236	83[.]168[.]66[.]145	91[.]149[.]255[.]19
		64[.]176[.]67[.]117	83[.]168[.]78[.]27	91[.]149[.]255[.]195
		64[.]176[.]69[.]196	83[.]168[.]78[.]31	91[.]221[.]88[.]76
		64[.]176[.]70[.]18	83[.]168[.]78[.]55	93[.]105[.]185[.]139
		64[.]176[.]70[.]238	83[.]23[.]130[.]49	95[.]215[.]76[.]209
		64[.]176[.]71[.]201	83[.]29[.]138[.]115	138[.]199[.]59[.]43
		70[.]34[.]242[.]220	89[.]64[.]70[.]69	147[.]135[.]209[.]245
		70[.]34[.]243[.]226	90[.]156[.]4[.]204	178[.]235[.]191[.]182
		70[.]34[.]244[.]100	91[.]149[.]202[.]215	178[.]37[.]97[.]243
		70[.]34[.]245[.]215	91[.]149[.]203[.]73	185[.]234[.]235[.]69
		70[.]34[.]252[.]168	91[.]149[.]219[.]158	192[.]162[.]174[.]67
		70[.]34[.]252[.]186	91[.]149[.]219[.]23	194[.]187[.]180[.]20
		70[.]34[.]252[.]222	91[.]149[.]223[.]130	212[.]127[.]78[.]170
		70[.]34[.]253[.]13	91[.]149[.]253[.]118	213[.]134[.]184[.]167
		70[.]34[.]253[.]247	91[.]149[.]253[.]198
		70[.]34[.]254[.]245	91[.]149[.]253[.]20

Detections

Customized NTLM listener

rule APT28_NTLM_LISTENER {

meta:

description = "Detects NTLM listeners including APT28's custom one"

strings:

$command_1 = "start-process powershell.exe -WindowStyle hidden"

$command_2 = "New-Object System.Net.HttpListener"

$command_3 = "Prefixes.Add('http://localhost:8080/')"

$command_4 = "-match 'Authorization'"

$command_5 = "GetValues('Authorization')"

$command_6 = "Request.RemoteEndPoint.Address.IPAddressToString"

$command_7 = "@(0x4e,0x54,0x4c,0x4d, 0x53,0x53,0x50,0x00,0x02,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x28,0x00,0x00,0x01,0x82,0x00,0x00,0x11,0x22,0x33,0x44,0x55,0x66,0x77,0x88,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00)"

$command_8 = ".AllKeys"

$variable_1 = "$NTLMAuthentication" nocase

$variable_2 = "$NTLMType2" nocase

$variable_3 = "$listener" nocase

$variable_4 = "$hostip" nocase

$variable_5 = "$request" nocase

$variable_6 = "$ntlmt2" nocase

$variable_7 = "$NTLMType2Response" nocase

$variable_8 = "$buffer" nocase

condition:

5 of ($command_*)

or

all of ($variable_*)

}

HEADLACE shortcut

rule APT28_HEADLACE_SHORTCUT {

meta:

description = "Detects the HEADLACE backdoor shortcut dropper. Rule is meant for threat hunting."

strings:

$type = "[InternetShortcut]" ascii nocase

$url = "file://"

$edge = "msedge.exe"

$icon = "IconFile"

condition:

all of them

}

HEADLACE credential dialogbox phishing

rule APT28_HEADLACE_CREDENTIALDIALOG {

meta:

description = "Detects scripts used by APT28 to lure user into entering credentials"

strings:

$command_1 = "while($true)"

$command_2 = "Get-Credential $(whoami)"

$command_3 = "Add-Content"

$command_4 = ".UserName"

$command_5 = ".GetNetworkCredential().Password"

$command_6 = "GetNetworkCredential().Password.Length -ne 0"

condition:

5 of them

}

HEADLACE core script

rule APT28_HEADLACE_CORE {

meta:

description = "Detects HEADLACE core batch scripts"

strings:

$chcp = "chcp 65001" ascii

$headless = "start "" msedge --headless=new --disable-gpu" ascii

$command_1 = "taskkill /im msedge.exe /f" ascii

$command_2 = "whoami>"%programdata%" ascii

$command_3 = "timeout" ascii

$command_4 = "copy "%programdata%" ascii

$non_generic_del_1 = "del /q /f "%programdata%" ascii

$non_generic_del_3 = "del /q /f "%userprofile%Downloads" ascii

$generic_del = "del /q /f" ascii

condition:

(

$chcp

and

$headless

)

and

(

1 of ($non_generic_del_*)

or

($generic_del)

or

3 of ($command_*)

)

}

MASEPIE

rule APT28_MASEPIE {

meta:

description = "Detects MASEPIE python script"

strings:

$masepie_unique_1 = "os.popen('whoami').read()"

$masepie_unique_2 = "elif message == 'check'"

$masepie_unique_3 = "elif message == 'send_file':"

$masepie_unique_4 = "elif message == 'get_file'"

$masepie_unique_5 = "enc_mes('ok'"

$masepie_unique_6 = "Bad command!'.encode('ascii'"

$masepie_unique_7 = "{user}{SEPARATOR}{k}"

$masepie_unique_8 = "raise Exception("Reconnect"

condition:

3 of ($masepie_unique_*)

}

STEELHOOK

rule APT28_STEELHOOK {

meta:

description = "Detects APT28's STEELHOOK powershell script"

strings:

$s_1 = "$($env:LOCALAPPDATAGoogleChromeUser DataLocal State)"

$s_2 = "$($env:LOCALAPPDATAGoogleChromeUser DataDefaultLogin Data)"

$s_3 = "$($env:LOCALAPPDATAMicrosoftEdgeUser DataLocal State)"

$s_4 = "$($env:LOCALAPPDATAMicrosoftEdgeUser DataDefaultLogin Data)"

$s_5 = "os_crypt.encrypted_key"

$s_6 = "System.Security.Cryptography.DataProtectionScope"

$s_7 = "[system.security.cryptography.protectdata]::Unprotect"

$s_8 = "Invoke-RestMethod"

condition:

all of them

}

PSEXEC

rule GENERIC_PSEXEC {

meta:

description = "Detects SysInternals PSEXEC executable"

strings:

$sysinternals_1 = "SYSINTERNALS SOFTWARE LICENCE TERMS"

$sysinternals_2 = "/accepteula"

$sysinternals_3 = "SoftwareSysinternals"

$network_1 = "%sIPC$"

$network_2 = "%sADMIN$%s"

$network_3 = "DeviceLanmanRedirector%sipc$"

$psexec_1 = "PSEXESVC"

$psexec_2 = "PSEXEC-{}-"

$psexec_3 = "Copying %s to %s..."

$psexec_4 = "gPSINFSVC"

condition:

(

( uint16( 0x0 ) ==0x5a4d )

and

( uint16( uint32( 0x3c )) == 0x4550 )

)

and

filesize < 1024KB

and

(

( any of ($sysinternals_*) and any of ($psexec_*) )

or

( 2 of ($network_*) and 2 of ($psexec_*))

)

}

The cybersecurity industry provides overlapping cyber threat intelligence, IOCs, and mitigation recommendations related to GRU unit 26165 cyber actors. While not all encompassing, the following are the most notable threat group names related under MITRE ATT&CK G0007 and commonly used within the cybersecurity community:

APT28 [14]
Fancy Bear [14]
Forest Blizzard [14]
Blue Delta [15]

Note: Cybersecurity companies have different methods of tracking and attributing cyber actors, and this may not be a 1:1 correlation to the U.S. government’s understanding for all activity related to these groupings.

Further Reference

To search for the presence of malicious email messages targeting CVE-2023-23397, network defenders may consider using the script published by Microsoft: https://aka.ms/CVE-2023-23397ScriptDoc.

For the Impacket TTP, network defenders may consider using the following publicly available Impacket YARA detection rule:
https://github.com/Neo23x0/signature-base/blob/master/yara/gen_impacket_tools.yar

Works Cited

[1] Microsoft. Defending Ukraine: Early Lessons from the Cyber War. 2022. https://blogs.microsoft.com/on-the-issues/2022/06/22/defending-ukraine-early-lessons-from-the-cyber-war/
[2] FBI et al. Russian Cyber Actors Use Compromised Routers to Facilitate Cyber Operations. 2024. https://media.defense.gov/2024/Feb/27/2003400753/-1/-1/0/CSA-Russian-Actors-Use-Routers-Facilitate-Cyber_Operations.PDF
[3] NSA et al. Russian GRU Conducting Global Brute Force Campaign to Compromise Enterprise and Cloud Environments. 2021. https://media.defense.gov/2021/Jul/01/2002753896/-1/-1/0/CSA_GRU_GLOBAL_BRUTE_FORCE_CAMPAIGN_UOO158036-21.PDF
[4] ANSSI. Campagnes d'attaques du mode opératoire APT28 depuis 2021. 2023. https://cert.ssi.gouv.fr/cti/CERTFR-2023-CTI-009/
[5] ANSSI. Targeting and compromise of french entities using the APT28 intrusion set. 2025. https://cert.ssi.gouv.fr/cti/CERTFR-2025-CTI-007/
[6] Polish Cyber Command. Detecting Malicious Activity Against Microsoft Exchange Servers. 2023. https://www.wojsko-polskie.pl/woc/articles/aktualnosci-w/detecting-malicious-activity-against-microsoft-exchange-servers/
[7] IBM. Israel-Hamas Conflict Lures to Deliver Headlace Malware. 2023. https://securityintelligence.com/x-force/itg05-ops-leverage-israel-hamas-conflict-lures-to-deliver-headlace-malware/
[8] CERT-UA. APT28: From Initial Attack to Creating Domain Controller Threats in an Hour. 2023. https://cert.gov.ua/article/6276894
[9] NSA. Embracing a Zero Trust Security Model. 2021. https://media.defense.gov/2021/Feb/25/2002588479/-1/-1/0/CSI_EMBRACING_ZT_SECURITY_MODEL_UOO115131-21.PDF
[10] NSA et al. Keeping PowerShell: Security Measures to Use and Embrace. 2022. https://media.defense.gov/2022/Jun/22/2003021689/-1/-1/0/CSI_KEEPING_POWERSHELL_SECURITY_MEASURES_TO_USE_AND_EMBRACE_20220622.PDF
[11] National Institute of Standards and Technology (NIST). Special Publication 800-63B: Digital Identity Guidelines – Authentication and Lifecycle Management. 2020. https://pages.nist.gov/800-63-3/sp800-63b.html
[12] NSA. Selecting Secure Multi-factor Authentication Solutions. October 16, 2020. https://media.defense.gov/2024/Jul/31/2003515137/-1/-1/0/MULTIFACTOR_AUTHENTICATION_SOLUTIONS_UOO17091520.PDF
[13] NSA and CSA. NSA and CISA Red and Blue Teams Share Top Ten Cybersecurity Misconfigurations. 2023. https://media.defense.gov/2023/Oct/05/2003314578/-1/-1/0/JOINT_CSA_TOP_TEN_MISCONFIGURATIONS_TLP-CLEAR.PDF

[14] Department of Justice. Justice Department Conducts Court-Authorized Disruption of Botnet Controlled by the Russian Federation’s Main Intelligence Directorate of the General Staff (GRU). 2024. https://www.justice.gov/archives/opa/pr/justice-department-conducts-court-authorized-disruption-botnet-controlled-russian
[15] Recorded Future. GRU’s BlueDelta Targets Key Networks in Europe with Multi-Phase Espionage Campaigns. 2024. https://go.recordedfuture.com/hubfs/reports/CTA-RU-2024-0530.pdf

Disclaimer of endorsement

The information and opinions contained in this document are provided "as is" and without any warranties or guarantees. Reference herein to any specific commercial products, process, or service by trade name, trademark, manufacturer, or otherwise, does not constitute or imply its endorsement, recommendation, or favoring by the United States Government, and this guidance shall not be used for advertising or product endorsement purposes.

Purpose

This document was developed in furtherance of the authoring agencies’ cybersecurity missions, including their responsibilities to identify and disseminate threats and to develop and issue cybersecurity specifications and mitigations. This information may be shared broadly to reach all appropriate stakeholders.

Contact

United States organizations

National Security Agency (NSA)
Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI)
- U.S. organizations are encouraged to reporting suspicious or criminal activity related to information in this advisory to CISA via the agency’s Incident Reporting System, its 24/7 Operations Center (report@cisa.gov or 888-282-0870), or your local FBI field office. When available, please include the following information regarding the incident: date, time, and location of the incident; type of activity; number of people affected; type of equipment user for the activity; the name of the submitting company or organization; and a designated point of contact.
Department of Defense Cyber Crime Center (DC3)

United Kingdom organizations

Germany organizations

Czech Republic organizations

Poland organizations

Australian organizations

Visit cyber.gov.au or call 1300 292 371 (1300 CYBER 1) to report cybersecurity incidents and access alerts and advisories.

Canadian organizations

Estonia organizations

French organizations

French organizations are encouraged to report suspicious activity or incident related to information found in this advisory by contacting ANSSI/CERT-FR by email at cert-fr@ssi.gouv.fr or by phone at: 3218 or +33 9 70 83 32 18.

See Table 2 through Table 14 for all the threat actor tactics and techniques referenced in this advisory.

Table 2: Reconnaissance
Tactic/Technique Title	ID	Use
Reconnaissance	TA0043	Conducted reconnaissance on at least one entity involved in the production of ICS components for railway management.
Gather Victim Identity Information: Email Addresses	T1589.002	Conducted contact information reconnaissance to identify additional targets in key positions.
Gather Victim Org Information	T1591	Conducted reconnaissance of the cybersecurity department.
Gather Victim Org Information: Identify Roles	T1591.004	Conducted reconnaissance of individuals responsible for coordinating transport.
Gather Victim Org Information: Business Relationships	T1591.002	Conducted reconnaissance of other companies cooperating with the victim entity.
Gather Victim Host Information	T1592	Attempted to enumerate Real Time Streaming Protocol (RTSP) servers hosting IP cameras.

Table 3: Resource development
Tactic/Technique Title	ID	Use
Compromise Accounts: Email Accounts	T1586.002	Sent phishing emails using compromised accounts.
Compromise Accounts: Cloud Accounts	T1586.003	Sent phishing emails using compromised accounts.

Table 4: Initial Access
Tactic/Technique Title	ID	Use
Trusted Relationship	T1199	Conducted follow-on targeting of additional entities in the transportation sector that had business ties to the primary target, exploiting trust relationships to attempt to gain additional access.
Phishing	T1566	Used spearphishing for credentials and delivering malware to gain initial access to targeted entities.
Phishing: Spearphishing Attachment	T1566.001	Sent emails with malicious attachments.
Phishing: Spearphishing Link	T1566.002	Used spearphishing with included links to fake login pages. Sent emails with embedded hyperlinks that downloaded a malicious archive.
Phishing: Spearphishing Voice	T1566.004	Attempted to use voice phishing to gain access to privileged accounts by impersonating IT staff.
External Remote Services	T1133	Exploited Internet-facing infrastructure, including corporate VPNs, to gain initial access to targeted entities.
Exploit Public-Facing Application	T1190	Exploited public vulnerabilities and SQL injection to gain initial access to targeted entities.
Content Injection	T1659	Leveraged a WinRAR vulnerability allowing for the execution of arbitrary code embedded in an archive.

Table 5: Execution
Tactic/Technique Title	ID	Use
User Execution: Malicious Link	T1204.001	Used malicious links to hosted shortcuts in spearphishing.
User Execution: Malicious File	T1204.002	Delivered malware executables via spearphishing.
Scheduled Task/Job: Scheduled Task	T1053.005	Used scheduled tasks to establish persistence.
Command and Scripting Interpreter	T1059	Delivered scripts in spearphishing. Executed arbitrary shell commands.
Command and Scripting Interpreter: PowerShell	T1059.001	PowerShell commands were often used to prepare data for exfiltration.
Command and Scripting Interpreter: Windows Command Shell	T1059.003	Used BAT script in spearphishing.
Command and Scripting Interpreter: Visual Basic	T1059.005	Used VBScript in spearphishing.
Command and Scripting Interpreter: Python	T1059.006	Installed python on infected machines to enable the execution of Certipy.

Table 6: Persistence
Tactic/Technique Title	ID	Use
Account Manipulation: Additional Email Delegate Permissions	T1098.002	Used manipulation of mailbox permissions to establish sustained email collection.
Modify Authentication Process: Multi-Factor Authentication	T1556.006	Enrolled compromised accounts in MFA mechanisms to increase the trust-level of compromised accounts and enable sustained access.
Hijack Execution Flow: DLL Search Order Hijacking	T1574.001	Used DLL search order hijacking to facilitate malware execution.
Boot or Logon Autostart Execution: Registry Run Keys / Startup Folder	T1547.001	Used run keys to establish persistence.
Boot or Logon Autostart Execution: Shortcut Modification	T1547.009	Placed malicious shortcuts in the startup folder to establish persistence.

Table 7: Defense Evasion
Tactic/Technique Title	ID	Use
Indicator Removal: Clear Windows Event Logs	T1070.001	Deleted event logs through the wevtutil utility.

Table 8: Credential access
Tactic/Technique Title	ID	Use
Brute Force		Sent requests with Base64-encoded credentials for the RTSP server, which included publicly documented default credentials, and likely were generic attempts to brute force access to the devices.
Brute Force: Password Guessing	T1110.001	Used credential guessing to gain initial access to targeted entities.
Brute Force: Password Spraying	T1110.003	Used brute force to gain initial access to targeted entities. Conducted a brute force password spray via LDAP.
Multi-Factor Authentication Interception		Used multi-stage redirectors to provide MFA relaying capabilities in some campaigns.
Input Capture		Used multi-stage redirectors to provide CAPTCHA relaying capabilities in some campaigns.
Forced Authentication		Used an Outlook NTLM vulnerability to collect NTLM hashes and credentials via specially crafted Outlook calendar appointment invitations.
OS Credential Dumping: NTDS	T1003.003	Attempted to dump Active Directory NTDS.dit domain databases.
Unsecured Credentials: Group Policy Preferences	T1552.006	Retrieved plaintext passwords via Group Policy Preferences using Get-GPPPassword.py.

Table 9: Discovery
Tactic/Technique Title	ID	Use
Account Discovery: Domain Account	T1087.002	Used a modified ldap-dump.py to enumerate the Windows environment.

Table 10: Command and Control
Tactic/Technique Title	ID	Use
Hide Infrastructure	T1665	Abused SOHO devices to facilitate covert cyber operations, as well as proxy malicious activity, via devices with geolocation in proximity to the target.
Proxy: External Proxy	T1090.002	Actor-controlled servers sent RTSP DESCRIBE requests destined for RTSP servers.
Proxy: Multi-hop Proxy	T1090.003	Used Tor and commercial VPNs as part of their anonymization infrastructure
Encrypted Channel	T1573	Connected to victim infrastructure using encrypted TLS.
Multi-Stage Channels	T1104	Used multi-stage redirectors for campaigns.

Table 11: Defense evasion (mobile framework)
Tactic/Technique Title	ID	Use
Execution Guardrails		Used multi-stage redirectors to verify browser fingerprints in some campaigns.
Execution Guardrails: Geofencing	T1627.001	Used multi-stage redirectors to verify IP-geolocation in some campaigns.

Table 12: Lateral movement
Tactic/Technique Title	ID	Use
Lateral Movement		Used native commands and open source tools, such as Impacket and PsExec, to move laterally within the environment.
Remote Services: Remote Desktop Protocol	T1021.001	Moved laterally within the network using RDP.

Table 13: Collection
Tactic/Technique Title	ID	Use
Email Collection		Retrieved sensitive data from email servers.
Email Collection: Remote Email Collection	T1114.002	Used server data exchange protocols and APIs such as Exchange Web Services (EWS) and IMAP to exfiltrate data from email servers.
Automated Collection		Used periodic EWS queries to collect new emails.
Video Capture		Attempted to gain access to the cameras’ feeds.
Archive Collected Data		Accessed files were archived in .zip files prior to exfiltration.
Archive Collected Data: Archive via Utility	T1560.001	Prepared zip archives for upload to the actors’ infrastructure.

Table 14: Exfiltration
Tactic/Technique Title	ID	Use
Exfiltration Over Alternative Protocol		Attempted to exfiltrate archived data via a previously dropped OpenSSH binary.
Scheduled Transfer		Used periodic EWS queries to collect new emails sent and received since the last data exfiltration.

Appendix B: CVEs exploited

Table 15: Exploited CVE information
CVE	Vendor/Product	Details
CVE-2023-38831	RARLAB WinRAR	Allows execution of arbitrary code when a user attempts to view a benign file within a ZIP archive.
CVE-2023-23397	Microsoft Outlook	External actors could send specially crafted emails that cause a connection from the victim to an untrusted location of the actor’s control, leaking the Net-NTLMv2 hash of the victim that the actor could then relay to another service to authenticate as the victim.
CVE-2021-44026	Roundcube Webmail	Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to a potential SQL injection via search or search params.
CVE-2020-35730	Roundcube Webmail	An XSS issue was discovered in Roundcube Webmail before 1.2.13, 1.3.x before 1.3.16 and 1.4.x before 1.4.10, where a plaintext email message with JavaScript in a link reference element is mishandled by linkref_addindex in rcube_string_replacer.php.
CVE-2020-12641	Roundcube Webmail	Roundcube Webmail before 1.4.4 allows arbitrary code execution via shell metacharacters in a configuration setting for im_convert_path or im_identify_path in rcube_image.php.

Appendix C: MITRE D3FEND Countermeasures

Table 16: MITRE D3FEND countermeasures
Countermeasure Title	ID	Details
Network Isolation		Employ appropriate network segmentation. Disable Universal Plug and Play (UPnP), Peer-to-Peer (P2P), and Anonymous Visit features on IP cameras and routers.
Access Mediation		Limit access and utilize additional attributes (such as device information, environment, and access path) when making access decisions. Configure access controls carefully to ensure that only well-maintained and well-authenticated accounts have access.
Inbound Traffic Filtering		Implement host firewall rules to block connections from other devices on the network, other than from authorized management devices and servers, to prevent lateral movement.
Resource Access Pattern Analysis		Use automated tools to audit access logs for security concerns and identify anomalous access requests.
Outbound Traffic Filtering		Block NTLM/SMB requests to external infrastructure.
Platform Monitoring		Install EDR/logging/cybersecurity solutions onto high value systems with large amounts of sensitive data such as mail servers and domain controllers.
System File Analysis		Collect and monitor Windows logs for certain events, especially for events that indicate that a log was cleared unexpectedly.
Application Hardening		Enable optional security features in Windows to harden endpoints and mitigate initial access techniques.
Application-based Process Isolation		Enable attack surface reduction rules to prevent executable content from email.
Executable Allowlisting		Enable attack surface reduction rules to prevent execution of files from globally writeable directories, such as Downloads or %APPDATA%.
Execution Isolation		Unless users are involved in the development of scripts, limit the execution of scripts (such as batch, JavaScript, and PowerShell) to known scripts.
Application Configuration Hardening		Disable Windows Host Scripting functionality and configure PowerShell to run in Constrained mode. Disable protocols that use weak authentication (e.g., clear-text passwords, or outdated and vulnerable authentication or encryption protocols) or do not support multi-factor authentication. Turn off other ports/services not in use (e.g., FTP, web interface, etc.).
Process Spawn Analysis		Use open source SIGMA rules as a baseline for detecting and alerting on suspicious file execution or command parameters.
URL Reputation Analysis		Use services that provide enhanced browsing services and safe link checking.
Network Access Mediation		Do not allow incoming traffic, especially logins to systems, from public VPN services. Where possible, logins from public VPNs, including exit nodes in the same country as target systems, should be blocked or, if allowed, alerted on for further investigation. Ensure cameras and other Internet of Things devices are protected by a security appliance, if possible.
DNS Denylisting	D3-DNSDL	Do not allow outgoing traffic to hosting and API mocking services frequently used by malicious actors.
Domain Name Reputation Analysis		Heuristic detections for web requests to new subdomains may uncover malicious phishing activity. Logging the requests for each sub-domain requested by users on a network, such as in DNS or firewall logs, may enable system administrators to identify new targeting and victims.
Multi-factor Authentication		Use MFA with strong factors and require regular re-authentication, especially for management accounts.
Job Function Access Pattern Analysis	D3-JFAPA	Implement other mitigations for privileged accounts: including limiting the number of admin accounts, considering using hardware MFA tokens, and regularly reviewing all privileged user accounts.
User Account Permissions		Separate privileged accounts by role and alert on misuse of privileged accounts. Audit user accounts on all devices to ensure they are an accurate reflection of your organization and that they are being used as expected.
Token-based Authentication		Reduce reliance on passwords; instead, consider using services like single sign-on.
Credential Hardening		Do not store passwords in Group Policy Preferences (GPP). Remove all passwords previously included in GPP and change all passwords on the corresponding accounts.
Authentication Event Threshholding		Use account throttling or account lockout. Throttling progressively increases time delay between successive login attempts. If using account lockout, allow between 5 to 10 attempts before lockout.
Strong Password Policy		Use a service to check for compromised passwords before using them.
Credential Rotation		Change all default credentials.
Encrypted Tunnels		Disable protocols that use weak authentication (e.g., clear-text passwords, or outdated and vulnerable authentication or encryption protocols). Use a VPN for remote connections to devices.
Software Update		Apply security patches and firmware updates to all devices. Ensure devices are currently supported. Replace devices that are end-of-life.
Agent Authentication		Ensure authentication is enabled for remote access to devices. If supported on IP cameras, enable authenticated RTSP access only.
User Behavior Analysis		Review all authentication activity for remote access to make sure it is valid and expected. Investigate any unexpected or unusual activity.

MIL OSI USA News -

May 22, 2025

MIL-OSI USA: Lt. Gov. Luke – VNR – Hawaiʻi Schools Win ‘Super Sleuth’ Award in Internet Speeds Mapping Effort

Source: US State of Hawaii

Lt. Gov. Luke – VNR – Hawaiʻi Schools Win ‘Super Sleuth’ Award in Internet Speeds Mapping Effort

Posted on May 20, 2025 in Latest Department News, Newsroom

STATE OF HAWAIʻI
KA MOKU ʻĀINA O HAWAIʻI

SYLVIA LUKE
LIEUTENANT GOVERNOR
KE KEʻENA O KA HOPE KIAʻĀINA

FOR IMMEDIATE RELEASE

May 20, 2025

Hawaiʻi Schools Win ‘Super Sleuth’ Award in Internet Speeds Mapping Effort

Connect Kākou’s Digital Detectives Initiative included 6,000 participants statewide

Lt. Gov. Luke with Robert Louis Stevenson Middle School (left) and Kona Pacific Charter School (right).

(Videos/Photos Courtesy: Connect Kākou)

HONOLULU – Lieutenant Governor Sylvia Luke announced today that more than 6,000 Hawaiʻi residents, many of them students, participated in the Digital Detectives campaign to map internet speeds across the state. Part of the Connect Kākou initiative, Digital Detectives aimed to close the digital divide by identifying areas in need of urgent broadband infrastructure improvements.

By taking a simple 30-second internet speed test last October, residents provided valuable data to help ensure federal funding is directed where it is most needed. Classes from Robert Louis Stevenson Middle School and Kona Pacific Charter School received the top Digital Detectives Super Sleuth Awards for student participation and classroom reporting. The classes received a visit from Lieutenant Governor Luke and a gift card for classroom supplies.

“Thanks to the thousands of students and their teachers who participated in Digital Detectives, we now have a clearer picture of Hawaiʻi’s internet speeds and where improvements are most needed,” said Lieutenant Governor Luke. “Reliable internet is crucial for education, future careers, and so much more. We were thrilled to see so many students taking part in shaping a more connected future for our state.

“Digital Detectives encouraged our students to become active participants in expanding internet access for their communities,” said Ken Hiraki, executive director of the Public Schools Foundation. “By turning a simple classroom activity into meaningful data for our state, students had a front row seat to civic engagement and real-world impact.”

Results from the internet speed tests have been aggregated to provide a more comprehensive view of connectivity across the state. Construction of fiber-optic internet lines in underserved areas is expected to begin as early as this year.

Connect Kākou is a State of Hawai‘i initiative led by Lieutenant Governor Luke, in collaboration with the Hawai‘i Broadband and Digital Equity Office (HBDEO), the University of Hawai‘i, the Department of Hawaiian Home Lands (DHHL), and multiple state and county agencies. Connect Kākou is working to ensure people from all walks of life have reliable access to high-speed internet and the tools and knowledge to safely and confidently use the internet. Visit www.connectkakou.org to learn more.

# # #

Media Contact:

Shari Nishijima

Communications Director

Office of the Lieutenant Governor

Cell: (808) 978-0867

Jordan Ozaki

iQ 360 Inc.

Cell: (808) 294-7712

MIL OSI USA News –

May 22, 2025
MIL-OSI: Raj Judge Joins Zscaler’s Board of Directors and as EVP of Corporate Strategy & Ventures

Source: GlobeNewswire (MIL-OSI)

SAN JOSE, Calif., May 21, 2025 (GLOBE NEWSWIRE) — Zscaler, Inc. (NASDAQ: ZS), the leader in cloud security, is pleased to announce that Raj Judge has been appointed to the company’s Board of Directors and joined as Executive Vice President of Corporate Strategy and Ventures. In this role, Judge will lead the company’s growth strategy, business development, and venture investment initiatives to drive Zscaler to $5 billion in ARR and beyond.

Judge brings over 25 years of experience in the tech legal and venture capital space, having previously served at Wilson Sonsini as Senior Partner and Co-Chair of the firm’s core practice, Emerging Companies and Venture Capital. Throughout his career, he has been instrumental in driving strategic growth, identifying emerging market opportunities, and creating solutions that have led to significant business growth for his clients.

“Raj’s deep expertise in corporate strategy and investment, combined with his track record of success, makes him the ideal leader to drive Zscaler’s growth and innovation agenda,” said Jay Chaudhry, Chairman and CEO of Zscaler. “We are excited to welcome Raj to our leadership team and we look forward to the impact he will have on shaping the future of our company.”

Judge will be responsible for key growth and investment opportunities as well as forging strategic initiatives. He will work closely with internal and external stakeholders to accelerate innovation and substantially broaden the company’s platform for Zscaler’s customers. The appointment of Judge to the Board further demonstrates the company’s dedication to advancing its corporate strategy and long-term vision.

“I am excited to join Zscaler at such a pivotal time in its growth journey,” said Raj. “I look forward to bringing my experience and strategic skills to drive new initiatives and investments that will accelerate its continued success.”

Forward-Looking Statements
This press release contains forward-looking statements that are based on our management’s beliefs and assumptions and on information currently available to our management. These forward-looking statements include the potential impact of the executive appointment to Zscaler’s future strategic investments and our ability to grow and scale. These forward-looking statements are subject to the safe harbor provisions created by the Private Securities Litigation Reform Act of 1995. A significant number of factors could cause actual results to differ materially from statements made in this press release. Additional risks and uncertainties are set forth in our most recent Annual Report on Form 10-Q filed with the Securities and Exchange Commission (“SEC”) on May 29, 2025, which is available on our website at ir.zscaler.com and on the SEC’s website at www.sec.gov. Any forward-looking statements in this release are based on the limited information currently available to Zscaler as of the date hereof, which is subject to change, and Zscaler will not necessarily update the information, even if new information becomes available in the future.

About Zscaler
Zscaler (NASDAQ: ZS) accelerates digital transformation so customers can be more agile, efficient, resilient, and secure. The Zscaler Zero Trust Exchange protects thousands of customers from cyberattacks and data loss by securely connecting users, devices, and applications in any location. Distributed across more than 150 data centers globally, the SASE-based Zero Trust Exchange is the world’s largest in-line cloud security platform.

Zscaler™, Zscaler Zero Trust Exchange™, Zscaler Internet Access™, and Zscaler Private Access™, ZIA™, and ZPA™ and Zscaler B2B™ are either (i) registered trademarks or service marks or (ii) trademarks or service marks of Zscaler, Inc. in the United States and/or other countries. Any other trademarks are the properties of their respective owners.

Media Contact
Pavel Radda
press@zscaler.com

Investor Relations Contact
Ashwin Kesireddy
ir@zscaler.com

A photo accompanying this announcement is available at https://www.globenewswire.com/NewsRoom/AttachmentNg/96cf5114-9019-4fa0-abd7-c9d7346123a6

The MIL Network –

May 22, 2025
MIL-OSI: Raj Judge Joins Zscaler’s Board of Directors and as EVP of Corporate Strategy & Ventures

Source: GlobeNewswire (MIL-OSI)

SAN JOSE, Calif., May 21, 2025 (GLOBE NEWSWIRE) — Zscaler, Inc. (NASDAQ: ZS), the leader in cloud security, is pleased to announce that Raj Judge has been appointed to the company’s Board of Directors and joined as Executive Vice President of Corporate Strategy and Ventures. In this role, Judge will lead the company’s growth strategy, business development, and venture investment initiatives to drive Zscaler to $5 billion in ARR and beyond.

Judge brings over 25 years of experience in the tech legal and venture capital space, having previously served at Wilson Sonsini as Senior Partner and Co-Chair of the firm’s core practice, Emerging Companies and Venture Capital. Throughout his career, he has been instrumental in driving strategic growth, identifying emerging market opportunities, and creating solutions that have led to significant business growth for his clients.

“Raj’s deep expertise in corporate strategy and investment, combined with his track record of success, makes him the ideal leader to drive Zscaler’s growth and innovation agenda,” said Jay Chaudhry, Chairman and CEO of Zscaler. “We are excited to welcome Raj to our leadership team and we look forward to the impact he will have on shaping the future of our company.”

Judge will be responsible for key growth and investment opportunities as well as forging strategic initiatives. He will work closely with internal and external stakeholders to accelerate innovation and substantially broaden the company’s platform for Zscaler’s customers. The appointment of Judge to the Board further demonstrates the company’s dedication to advancing its corporate strategy and long-term vision.

“I am excited to join Zscaler at such a pivotal time in its growth journey,” said Raj. “I look forward to bringing my experience and strategic skills to drive new initiatives and investments that will accelerate its continued success.”

Forward-Looking Statements
This press release contains forward-looking statements that are based on our management’s beliefs and assumptions and on information currently available to our management. These forward-looking statements include the potential impact of the executive appointment to Zscaler’s future strategic investments and our ability to grow and scale. These forward-looking statements are subject to the safe harbor provisions created by the Private Securities Litigation Reform Act of 1995. A significant number of factors could cause actual results to differ materially from statements made in this press release. Additional risks and uncertainties are set forth in our most recent Annual Report on Form 10-Q filed with the Securities and Exchange Commission (“SEC”) on May 29, 2025, which is available on our website at ir.zscaler.com and on the SEC’s website at www.sec.gov. Any forward-looking statements in this release are based on the limited information currently available to Zscaler as of the date hereof, which is subject to change, and Zscaler will not necessarily update the information, even if new information becomes available in the future.

About Zscaler
Zscaler (NASDAQ: ZS) accelerates digital transformation so customers can be more agile, efficient, resilient, and secure. The Zscaler Zero Trust Exchange protects thousands of customers from cyberattacks and data loss by securely connecting users, devices, and applications in any location. Distributed across more than 150 data centers globally, the SASE-based Zero Trust Exchange is the world’s largest in-line cloud security platform.

Zscaler™, Zscaler Zero Trust Exchange™, Zscaler Internet Access™, and Zscaler Private Access™, ZIA™, and ZPA™ and Zscaler B2B™ are either (i) registered trademarks or service marks or (ii) trademarks or service marks of Zscaler, Inc. in the United States and/or other countries. Any other trademarks are the properties of their respective owners.

Media Contact
Pavel Radda
press@zscaler.com

Investor Relations Contact
Ashwin Kesireddy
ir@zscaler.com

A photo accompanying this announcement is available at https://www.globenewswire.com/NewsRoom/AttachmentNg/96cf5114-9019-4fa0-abd7-c9d7346123a6

The MIL Network –

May 22, 2025
MIL-OSI Europe: Answer to a written question – Review of the EU Cybersecurity Act – timeline and strategic priorities – E-001364/2025(ASW)
Source: European Parliament
The Commission is in the process of reviewing the Cybersecurity Act ( Regulation (EU) 2019/881[1]). To support this review and gather views of interested stakeholders, on 11 April 2025, the Commission opened a call for evidence and a public consultation, available on the Have Your Say portal[2]^,, both open until 20 June 2025. The Commission aims to publish an evaluation of the Cybersecurity Act, as well as an impact assessment and a proposal for a revised Cybersecurity Act, in 2025, as announced in the ProtectEU Strategy[3].

In the review process, the Commission is taking into account the current cybersecurity threats landscape. The Commission is assessing the need to amend the mandate of the European Union Agency for Cybersecurity (ENISA) and its role in the cybersecurity ecosystem, to ensure it is fit for purpose. The Commission is also assessing the European cybersecurity certification framework (ECCF) and considering the options that would contribute to a better integration of the EU cybersecurity market and improve efficiency of the ECCF, including addressing information and communications technology (ICT) supply chain security challenges . The Commission is also looking at simplification possibilities, in particular as regards reporting obligations.

Setting out and implementing a robust cybersecurity framework is imperative to ensure economic stability, cyber resilience and security of critical infrastructures. The Commission refers the Honourable Member to the 2024 State of the Digital Decade package[4] and the Seventh Progress Report on the implementation of the EU Security Union Strategy[5], which outline the progress in implementing cybersecurity policies in the internal market.

[1] https://eur-lex.europa.eu/eli/reg/2019/881/oj/eng .

[2] https://ec.europa.eu/info/law/better-regulation/have-your-say/initiatives/14578-The-EU-Cybersecurity-Act_en .

[3] COM(2025)0148.

[4] 2024 State of the Digital Decade package https://digital-strategy.ec.europa.eu/en/policies/2024-state-digital-decade-package .

[5] COM(2024)0198.
Last updated: 21 May 2025
MIL OSI Europe News –
May 22, 2025
MIL-OSI: KGN Cloud Launches Intelligent Cloud Mining Platform AI Reshapes Crypto Landscape
Source: GlobeNewswire (MIL-OSI)

New York City, NY, May 21, 2025 (GLOBE NEWSWIRE) —

Following never-before-seen crypto rises, KGN Cloud, the innovative digital mining venture of KGN Investing Limited, has rolled out an AI-integrated, ready framework for legislation and an environment-friendly cloud mining platform. Major nations are speeding up their regulatory frameworks for digital assets ,when Bitcoin is already above $80,000, and KGN Cloud, now made available to individuals and businesses, facilitates the mining of top cryptocurrencies without owning physical rigs or dealing with complicated setups.

New users get an automatic bonus of $100 after registration, which they can use to start mining in minutes.

“The alignment of AI, energy sustainability, and global regulatory convergence has created a perfect milieu for intelligent mining,” said Rachel M. Jones, Chief Product Officer, KGN Cloud. “This is a platform we created to bring everyone—from the freshers in crypto to hedge funds—a trusted entry point into blockchain mining.”

Crypto’s Historic 2025 Rally: The Numbers Behind the Boom

Bitcoin hit $80,000 on May 10th, 2025, according to CoinMetrics and Messari, as a result of a combination of spot ETF approvals in the US, Hong Kong, and the UAE, as well as increasing interest for Ethereum Layer 2 solutions and institutional DeFi.

Key market trends fueling demand for mining:
- Spot Bitcoin ETF inflows exceeded $14B in April 2025 alone
- Ethereum (ETH) surged 30% in Q2 as staking rewards hit record highs
- Solana (SOL) and Avalanche (AVAX) are seeing adoption across real-world asset (RWA) tokenization
- Global mining hash rate hit a new high of 660 EH/s post-halving, pushing smaller miners toward cloud-based options
As a result, cloud mining is seeing an unprecedented surge in demand.

Enter KGN Cloud: Mining Powered by AI, Sustainability, and Simplicity

Traditionally, mining is beset with the barriers of hardware costs, inefficient use of energy, and absence of technical expertise; KGN Cloud deals with all these issues. There will be no capital costs because the platform will allow on-demand, Web-based access to the mining of Bitcoin, Ethereum, and other proof-of-work coins, using AI-enabled optimization—all this from anywhere with an Internet connection.

Platform Highlights:
- AI Predictive Allocation: Algorithmic intelligence predicts block difficulty shifts and reallocates hash power accordingly
- Green Mining Infrastructure: Partnerships with hydro and solar-powered data centers in Canada, Norway, and Iceland
- Zero Maintenance: KGN handles all technical configurations, upgrades, and storage
- 24/7 Dashboard Access: Monitor earnings, switch coins, and reinvest profits instantly
- Daily Payouts in BTC/ETH/USDT: Users can withdraw earnings anytime
Real-Time Plan Examples (as of May 2025):
- Starter AI Plan – $300, 3-day contract, return: ~$330
- Optimized Yield Plan – $1,200, 5-day contract, return: ~$1,350
- AI Green Plan – $5,000, 10-day contract, return: ~$6,050
- Institutional Pro Plan – $10,000, 14-day contract, return: ~$12,800
All plans include automated reinvestment options and 100% uptime guarantees.

Crypto Goes Green: Cloud Mining’s Carbon Pivot

The recently released G20 Digital Finance Taskforce aims to ensure that by 2026, 80% of all crypto mining operations will be tasked to meet net-zero emissions goals in key jurisdictions such as the EU, UAE, and Canada.

In anticipation of said regulatory shift, KGN Cloud was built with low-emission data centers using renewable energy integrations. It is one of the few platforms already poised for full ESG compliance.

“Regulatory alignment isn’t a threat—it’s the future…Our eco-first mining platform helps investors stay ahead of compliance curves without compromising on profitability,” stated Jones.

AI + Crypto: From Trend to Necessity

AI is no longer a buzzword—it’s defining the mining landscape in 2025. KGN Cloud’s proprietary AI engine analyzes:
- Real-time token volatility
- Network congestion
- Global mining pool saturation
- Gas fees and reward difficulty across BTC, ETH, LTC, etc.
With the above input arriving every couple of hours, KGN Cloud reestablishes its mining focus, thereby maximizing yields for its users even when the market conditions are hostile.

Referral Ecosystem: Earn More by Sharing

In an effort to encourage community growth, KGN Cloud is running a Referral Earnings Program whereby users earn a commission of 5%-7% on each mining contract purchased through their link.

Top affiliates are given access to exclusive “Pro Contracts,” which include advanced features like auto-compounding strategies and enhanced daily rewards.

New Markets, New Users: Global Access & Regulation-Ready

Currently functional in over 160 nations, KGN Cloud also runs its exclusive infrastructure through regulation-friendly hubs including Switzerland, Singapore, and Estonia.

The said platform conforms to the FATF travel rule standard; UK financial oversight requirements; and the data protections of GDPR.

“This is what KGN Cloud is for-the globe,” Jones said. “If you’re in Tokyo, you’re in Dubai, you’re in São Paulo-you’re mining securely, legally, and profitably.”

What’s Ahead for KGN Cloud in 2025?

KGN Cloud has announced several upcoming product expansions:
- L2 Mining Pools: Coming Q3, users will be able to mine tokens on Ethereum Layer 2 solutions like Base and Arbitrum
- Mobile App Launch: A native iOS and Android app is slated for June 2025
- KGN Tokenized Contracts: Smart contract-based mining with yield-trading will launch via Polygon later this year
- Enterprise Mining APIs: For hedge funds, DeFi projects, and NFT games needing scalable backend compute power
Join the Future of AI-Powered Crypto Mining

Defunct incorporates the aspect of being an old treasure; however, KGN Cloud is mocking the defunct aspect with accessible means of engagement that are compliant and sharp in terms of crypto. With a bulk of retail and institutional investors seeking reasonably easy reach to yield, KGN Cloud indeed opens the gates to the trust formerly established to secure the future of digital finance.

Register now to receive your $100 bonus and start mining instantly. Start Mining Smarter

Join thousands earning from digital assets without the complexity.
Sign up at: https://www.kgncloud.com

Support: info@kgncloud.com

MEDIA Contact:
Name: Joy Bennett
Position: Manager
City: London
Country: United Kingdom

Attachment

The MIL Network –
May 22, 2025
MIL-OSI USA: SPC Tornado Watch 310

Source: US National Oceanic and Atmospheric Administration

Note: The expiration time in the watch graphic is amended if the watch is replaced, cancelled or extended.Note: Click for Watch Status Reports.
SEL0

URGENT – IMMEDIATE BROADCAST REQUESTED
Tornado Watch Number 310
NWS Storm Prediction Center Norman OK
240 PM EDT Wed May 21 2025

The NWS Storm Prediction Center has issued a

* Tornado Watch for portions of
Eastern Ohio
Western Pennsylvania
Far Northern West Virginia

* Effective this Wednesday afternoon and evening from 240 PM
until 800 PM EDT.

* Primary threats include…
A couple tornadoes possible
Scattered damaging wind gusts to 65 mph possible
Isolated large hail events to 1.5 inches in diameter possible

SUMMARY…Low-topped supercell and related hail/wind and tornado
potential should focus in a narrow zone regionally near a warm front
this afternoon until around sunset.

The tornado watch area is approximately along and 50 statute miles
east and west of a line from 35 miles north northwest of Pittsburgh
PA to 30 miles west southwest of Morgantown WV. For a complete
depiction of the watch see the associated watch outline update
(WOUS64 KWNS WOU0).

PRECAUTIONARY/PREPAREDNESS ACTIONS…

REMEMBER…A Tornado Watch means conditions are favorable for
tornadoes and severe thunderstorms in and close to the watch
area. Persons in these areas should be on the lookout for
threatening weather conditions and listen for later statements
and possible warnings.

&&

AVIATION…Tornadoes and a few severe thunderstorms with hail
surface and aloft to 1.5 inches. Extreme turbulence and surface wind
gusts to 55 knots. A few cumulonimbi with maximum tops to 500. Mean
storm motion vector 23025.

…Guyer

Note: The Aviation Watch (SAW) product is an approximation to the watch area. The actual watch is depicted by the shaded areas.
SAW0
WW 310 TORNADO OH PA WV 211840Z – 220000Z
AXIS..50 STATUTE MILES EAST AND WEST OF LINE..
35NNW PIT/PITTSBURGH PA/ – 30WSW MGW/MORGANTOWN WV/
..AVIATION COORDS.. 45NM E/W /15WNW EWC – 37SSE AIR/
HAIL SURFACE AND ALOFT..1.5 INCHES. WIND GUSTS..55 KNOTS.
MAX TOPS TO 500. MEAN STORM MOTION VECTOR 23025.

LAT…LON 40967953 39487950 39488137 40968144

THIS IS AN APPROXIMATION TO THE WATCH AREA. FOR A
COMPLETE DEPICTION OF THE WATCH SEE WOUS64 KWNS
FOR WOU0.

Watch 310 Status Report Message has not been issued yet.

Note: Click for Complete Product Text.Tornadoes

Probability of 2 or more tornadoes

Mod (30%)

Probability of 1 or more strong (EF2-EF5) tornadoes

Low (10%)

Wind

Probability of 10 or more severe wind events

Mod (40%)

Probability of 1 or more wind events > 65 knots

Low (10%)

Hail

Probability of 10 or more severe hail events

Low (20%)

Probability of 1 or more hailstones > 2 inches

Low (

MIL OSI USA News –

May 22, 2025
MIL-OSI USA: Justice Department Seizes Domains Behind Major Information-Stealing Malware Operation

Source: US State of North Dakota

Coordinated Microsoft Actions and Court-Authorized Domain Seizures Disrupt LummaC2 Malware Infrastructure Used to Target Millions

The Justice Department announced today the unsealing of two warrants authorizing the seizure of five internet domains used by malicious cyber actors to operate the LummaC2 information-stealing malware service.

“The Department will continue to use its unique tools, authorities, and partnerships to disrupt malicious cyber operations and criminal networks,” said Sue J. Bai, head of the Justice Department’s National Security Division. “Today’s disruption is another instance where our prosecutors, agents, and private sector partners came together to protect us from the persistent cybersecurity threats targeting our country. We are grateful for their work and dedication.”

“Malware like LummaC2 is deployed to steal sensitive information such as user login credentials from millions of victims in order to facilitate a host of crimes, including fraudulent bank transfers and cryptocurrency theft,” said Matthew R. Galeotti, Head of the Justice Department’s Criminal Division. “Today’s announcement demonstrates that the Justice Department is resolved to use court-ordered disruptions like this one to protect the public from the theft of their personal information and their assets. The Department is also committed to working with and appreciates the efforts of the private sector to safeguard the public from cybercrime.”

“The FBI is committed to disrupting the key services that cyber criminals rely on,” said Assistant Director Bryan Vorndran of FBI’s Cyber Division. “That’s why, with our partners, we took action against the most popular infostealer service available in online criminal markets, which is responsible for millions of attacks against victims. Thanks to partnerships with the private sector, we were able to disrupt the LummaC2 infrastructure and seize user panels. Together, we are making it harder, and more painful, for cyber criminals to operate.”

As alleged in the affidavits filed in support of the government’s seizure warrants, the administrators of LummaC2 used the seized websites to distributeLummaC2, an information-stealing malware, to their affiliates and other cyber criminals. According to court documents, common targets for cybercriminals using malware like LummaC2 include browser data, autofill information, login credentials for accessing email and banking services, as well as cryptocurrency seed phrases, which permit access to virtual currency wallets. As alleged in the affidavits, the FBI has identified at least 1.7 million instances where LummaC2 was used to steal this type of information.

The government’s affidavit further alleges that the seized domains, also referred to as user panels, served as login pages for the LummaC2 malware, allowing credentialed users and administrators to access and deploy LummaC2. On May 19, 2025, the government seized two domains. On May 20, 2025, as detailed in court documents, the LummaC2 administrators informed their users of three new domains that they had set up to host the user panel. The next day, the government then seized those three domains.

The seizure of these domains by the government will prevent the owners and cybercriminals from using the websites to access LummaC2 to compromise computers and steal victim information. Individuals who now visit the websites will see a message indicating that the site has been seized by the Justice Department, including the FBI.

Concurrent with today’s actions and consistent with the Department’s approach to public-private operational coordination, Microsoft announced an independent civil action to take down 2,300 internet domains also claimed to be used by the LummaC2 actors or their proxies.

FBI’s Dallas Field Office is investigating the case.

The U.S. Attorney’s Office for the Northern District of Texas, the National Security Division’s National Security Cyber Section, and the Criminal Division’s Computer Crime and Intellectual Property Section are handling the case.

The U.S. Department of State’s Rewards for Justice (RFJ) program, which is administered by the Diplomatic Security Service, offers a reward of up to $10 million for information on foreign government-linked individuals participating in certain malicious cyber activities against U.S. critical infrastructure in violation of the Computer Fraud and Abuse Act.

Anyone with information on any other foreign government-linked malicious cyber actors or activity targeting U.S. critical infrastructure should contact Rewards for Justice via the RFJ Tor-based tip line at: he5dybnt7sr6cm32xt77pazmtm65flqy6irivtflruqfc5ep7eiodiad.onion (Tor browser required). Learn more about Rewards for Justice and their reward offers at RewardsforJustice.net.

If you believe you have a compromised computer or device, please visit the FBI’s Internet Crime Complaint Center (IC3). You may also contact your local FBI field office directly.

MIL OSI USA News –

May 22, 2025
MIL-OSI Security: Justice Department Seizes Domains Behind Major Information-Stealing Malware Operation

Source: United States Attorneys General 13

Coordinated Microsoft Actions and Court-Authorized Domain Seizures Disrupt LummaC2 Malware Infrastructure Used to Target Millions

The Justice Department announced today the unsealing of two warrants authorizing the seizure of five internet domains used by malicious cyber actors to operate the LummaC2 information-stealing malware service.

“The Department will continue to use its unique tools, authorities, and partnerships to disrupt malicious cyber operations and criminal networks,” said Sue J. Bai, head of the Justice Department’s National Security Division. “Today’s disruption is another instance where our prosecutors, agents, and private sector partners came together to protect us from the persistent cybersecurity threats targeting our country. We are grateful for their work and dedication.”

“Malware like LummaC2 is deployed to steal sensitive information such as user login credentials from millions of victims in order to facilitate a host of crimes, including fraudulent bank transfers and cryptocurrency theft,” said Matthew R. Galeotti, Head of the Justice Department’s Criminal Division. “Today’s announcement demonstrates that the Justice Department is resolved to use court-ordered disruptions like this one to protect the public from the theft of their personal information and their assets. The Department is also committed to working with and appreciates the efforts of the private sector to safeguard the public from cybercrime.”

“The FBI is committed to disrupting the key services that cyber criminals rely on,” said Assistant Director Bryan Vorndran of FBI’s Cyber Division. “That’s why, with our partners, we took action against the most popular infostealer service available in online criminal markets, which is responsible for millions of attacks against victims. Thanks to partnerships with the private sector, we were able to disrupt the LummaC2 infrastructure and seize user panels. Together, we are making it harder, and more painful, for cyber criminals to operate.”

As alleged in the affidavits filed in support of the government’s seizure warrants, the administrators of LummaC2 used the seized websites to distributeLummaC2, an information-stealing malware, to their affiliates and other cyber criminals. According to court documents, common targets for cybercriminals using malware like LummaC2 include browser data, autofill information, login credentials for accessing email and banking services, as well as cryptocurrency seed phrases, which permit access to virtual currency wallets. As alleged in the affidavits, the FBI has identified at least 1.7 million instances where LummaC2 was used to steal this type of information.

The government’s affidavit further alleges that the seized domains, also referred to as user panels, served as login pages for the LummaC2 malware, allowing credentialed users and administrators to access and deploy LummaC2. On May 19, 2025, the government seized two domains. On May 20, 2025, as detailed in court documents, the LummaC2 administrators informed their users of three new domains that they had set up to host the user panel. The next day, the government then seized those three domains.

The seizure of these domains by the government will prevent the owners and cybercriminals from using the websites to access LummaC2 to compromise computers and steal victim information. Individuals who now visit the websites will see a message indicating that the site has been seized by the Justice Department, including the FBI.

Concurrent with today’s actions and consistent with the Department’s approach to public-private operational coordination, Microsoft announced an independent civil action to take down 2,300 internet domains also claimed to be used by the LummaC2 actors or their proxies.

FBI’s Dallas Field Office is investigating the case.

The U.S. Attorney’s Office for the Northern District of Texas, the National Security Division’s National Security Cyber Section, and the Criminal Division’s Computer Crime and Intellectual Property Section are handling the case.

The U.S. Department of State’s Rewards for Justice (RFJ) program, which is administered by the Diplomatic Security Service, offers a reward of up to $10 million for information on foreign government-linked individuals participating in certain malicious cyber activities against U.S. critical infrastructure in violation of the Computer Fraud and Abuse Act.

Anyone with information on any other foreign government-linked malicious cyber actors or activity targeting U.S. critical infrastructure should contact Rewards for Justice via the RFJ Tor-based tip line at: he5dybnt7sr6cm32xt77pazmtm65flqy6irivtflruqfc5ep7eiodiad.onion (Tor browser required). Learn more about Rewards for Justice and their reward offers at RewardsforJustice.net.

If you believe you have a compromised computer or device, please visit the FBI’s Internet Crime Complaint Center (IC3). You may also contact your local FBI field office directly.

MIL Security OSI –

May 22, 2025
MIL-OSI USA: DOJ Press releases at OCI (Prior Years)

Source: US Department of Health and Human Services – 3

05/21/2019
December 10, 2018: Olympus Medical Systems Corporation, Former Senior Executive Plead Guilty to Distributing Endoscopes After Failing to File FDA-Required Adverse Event Reports of Serious Infections

03/26/2019
March 30, 2018: KC Paramedic Indicted for Stealing Fentanyl, Morphine from Ambulances

03/26/2019
March 30, 2018: Counterfeit Cigarette Smuggler Sentenced to Prison

03/20/2019
April 4, 2018: Canadian Pharmacist Sentenced for Distributing Counterfeit and Adulterated Botox to Local Doctors

03/20/2019
March 27, 2018: Compounding Pharmacy Owner Sentenced to Five Years in Prison for $10.5 Million Health Care Fraud

03/20/2019
March 27, 2018: Federal Jury Finds Three Guilty in Fentanyl Distribution Conspiracy

03/20/2019
April 4, 2018: Fences Indicted in Multi-Million Dollar, Multi-State Criminal Theft Operations

03/19/2019
March 30, 2018: Lynn Man Sentenced to Over 10 Years in Prison for Role in Counterfeit Steroid Conspiracy

03/05/2019
October 1, 2018: AmerisourceBergen Corp. to Pay $625 Million to Settle Civil Fraud Allegations Resulting from Its Repackaging and Sale of Adulterated Drugs and Unapproved New Drugs, Double Billing and Providing Kickbacks

03/05/2019
October 18, 2018: Pharmacist Indicted for Taking Drugs, Carrying Firearm in Violation of Court Order

03/05/2019
October 15, 2018: Leader of Fraudulent Prescription Conspiracy Sentenced to Six Years in Prison

03/05/2019
November 29, 2018: Two Practitioners Sentenced for Drug Crimes in Connection with HOPE Clinic

03/05/2019
December 4, 2018: Medical Device Maker ev3 Agrees to Plead Guilty and Pay $17.9 Million for Distributing Adulterated Device

03/05/2019
November 20, 2018: Rochester Man Pleads Guilty to Smuggling Counterfeit Cialis and Viagra into the United States

03/05/2019
November 19, 2018: Georgia Man Charged with Social Security and Wire Fraud

03/05/2019
October 22, 2018: Medical Equipment Company Agrees to Pay $5.25 Million to Resolve Allegations of Fraudulent Claims for Compounded Medical Creams

03/05/2019
October 15, 2018: Four Men and Seven Companies Indicted for Billion-Dollar Telemedicine Fraud Conspiracy, Telemedicine Company and CEO Plead Guilty in Two Fraud Schemes

03/05/2019
November 5, 2018: Nurse Sentenced for Taking Fentanyl for Personal Use

03/05/2019
November 28, 2018: Former Vice President of Insys Pharmaceuticals Pleads Guilty to Racketeering Scheme

03/05/2019
October 18, 2018: Grand Jury Returns Superseding Indictment In Shamo Case; Adds Distribution Of Fentanyl Count Resulting In Death

03/05/2019
November 29, 2018: Dietary Supplement Ingredient Importers Arrested in Connection with Large-Scale Smuggling and Money Laundering Scheme

03/05/2019
December 4, 2018: Memphis Man Pleads Guilty to Tampering with Consumer Products

03/05/2019
October 22, 2018: Oklahoma Orthopedic Company to Pay $455,000 to Settle Claims of False Medical Billing

02/25/2019
December 13, 2018: Floridian Pleads Guilty in Complex Fraud Scheme Related to the Processing of Credit Card Payments

02/25/2019
December 13, 2018: Owner and Four Former Employees of New England Compounding Center Convicted Following Trial

02/25/2019
December 7, 2018: VA Nurse Admits to Fraudulently Obtaining and Tampering with Opioid Prescriptions

02/25/2019
December 4, 2018: Des Moines Residents Sentenced for Felony Federal Food, Drug, and Cosmetic Act Offense

02/13/2019
October 11, 2018: Two Companies Ordered to Pay More Than $7 Million for Adulterated and Misbranded Pet Food Ingredients

02/13/2019
October 4, 2018: Troutdale Doctor Sentenced for Purchasing and Administering Foreign-Sourced Botox and Juvaderm

09/25/2018
September 24, 2018: Board Certified Ophthalmologist Agrees to Civil Fraud Settlement in Medicare Fraud Investigation

09/19/2018
September 19, 2018: Springfield Doctor Sentenced for Illegally Sharing Patient Medical Files

09/17/2018
September 11, 2018: Columbus Pharmacist Sentenced for Health Care Fraud Scheme

09/17/2018
September 8, 2017: Galena Biopharma Inc. to Pay More than $7.55 Million to Resolve Alleged False Claims Related to Opioid Drug

09/10/2018
September 6, 2018: Cattle Company and Veterinarian Indicted for False Health Certificates on Livestock

09/06/2018
August 31, 2018: Former Home Health Nurse Pleads Guilty to Tampering with Patients’ Drugs

09/04/2018
August 30, 2018: Massachusetts Man Pleads Guilty to Conspiracy to Distribute Misbranded Prescription Horse Drugs

08/30/2018
August 28, 2018: Providence Nurse Sentenced for Tampering with Oxycodone

08/23/2018
August 22, 2018: Louisiana Pharmacist Convicted of Trafficking and Selling Stolen Medication

08/20/2018
August 17, 2018: Unlicensed Pharmacy Technician Pleads Guilty to Working at New England Compounding Center

08/16/2018
August 16, 2018: Genesee County Physician and Two Others Charged with Health Care Fraud

08/16/2018
August 15, 2018: Florida Man Pleads Guilty to Scheme to Market Dietary Supplements

08/06/2018
August 3, 2018: Northwest ENT Associates, P.C. to Pay Approximately $1.2 Million to Resolve False Claims Act Allegations

08/01/2018
July 31, 2018: Three Canadians and their Company Sentenced for Wholesale Distribution of Misbranded Prescription Drugs and Money Laundering

07/31/2018
July 30, 2018: Two People Guilty of Distributing Tramadol Pills

07/30/2018
July 26, 2018: Miami-Dade Resident Charged in Connection with Performance of Illicit Silicone Injections

07/24/2018
July 23, 2018: Springfield EMT/Paramedic Pleads Guilty to Stealing Fentanyl, Morphine

07/19/2018
July 18, 2018: Medical Device Maker AngioDynamics Agrees to Pay $12.5 Million to Resolve False Claims Act Allegations

07/17/2018
July 17, 2018: Former President of Cumberland Distribution, Inc. Sentenced to 15 Years in Federal Prison for $50 Million Drug Diversion Scheme

07/12/2018
July 10, 2018: Pawtucket Woman Sentenced for Participation in Opioid Prescription Conspiracy

07/11/2018
July 10, 2018: VA Medical Center Nurse Indicted, Arraigned for Allegedly Tampering with and Stealing Prescription Opioids

07/11/2018
July 10, 2018: Former Des Moines Pharmacy Technician Sentenced for Illegally Tampering with Fentanyl

07/11/2018
July 10: 2018: Former Pharmacy Technician Indicted for Stealing Fentanyl, Morphine

07/09/2018
July 6, 2018: Vero Beach Orthopedic Surgeon Sentenced to Life in Prison Following Conviction for Fentanyl Analog Drug Conspiracy Resulting in Death

07/09/2018
July 6, 2018: Internet Business Owner Pleads Guilty to Selling $2.3 Million Worth of Non-FDA Approved and Misbranded Botox and Juvederm-Related Products

07/05/2018
July 3, 2018: Canton Man Indicted on Fentanyl and Firearms Charges

06/28/2018
June 28, 2018: Southern District of Florida Charges 124 Individuals Responsible for $337 Million in False Billing as Part of National Healthcare Fraud Takedown

06/22/2018
June 20, 2018: Fitchburg Woman and Saugus Man Sentenced for Roles in Counterfeit Steroid Conspiracy

06/18/2018
June 15, 2018: Theranos Founder and Former Chief Operating Officer Charged in Alleged Wire Fraud Schemes

06/05/2018
June 5, 2018: Opioid Prescription Conspiracy Leader Pleads Guilty

05/31/2018
May 31, 2018: Notification of Stolen Fertility Drugs: Gonal-f® RFF Redi-ject® and Gonal-f® Multi-Dose

05/21/2018
May 21, 2018: Mississippi Man Pleads Guilty to Fraud Scheme Involving the Reselling of Food Products That Were to Be Destroyed

05/08/2018
May 8, 2018: Notification of Stolen Octagam

04/19/2018
April 13, 2018: Canadian Drug Firm Admits Selling Counterfeit and Misbranded Prescription Drugs Throughout the United States

04/19/2018
April 12, 2018: Chinese Citizen Pleads Guilty to Mail Fraud Related to Dietary Supplement Scheme

04/19/2018
April 6, 2018: New Hampshire Residents Sentenced for Participating in Scheme to Distribute Misbranded Drugs

03/15/2018
March 14, 2018: Meridian Nurse Practitioner Pleads Guilty to Obtaining Controlled Substances by Fraud

03/14/2018
March 12, 2018: Champaign, Illinois, Resident Sentenced to One Year in Prison for Producing and Selling Over 80,000 Homemade Tramadol Capsules to Customers without Verifying Prescriptions

03/13/2018
March 12, 2018: Pharmacist and Pharmacy Employee Sentenced for Involvement in Over $30 Million Health Care Fraud

03/08/2018
March 6, 2018: Monterey Park Woman Sentenced to Two Years in Prison for Injecting Foreign Substance into Woman for Buttocks Enhancement

03/08/2018
March 8, 2018: Four Individuals Indicted for Trafficking in Counterfeit Goods

03/05/2018
March 2, 2018: Woman Sentenced for Injecting Adulterated Liquid Silicone

03/05/2018
February 23, 2018: Lake Charles Veterinarian, Pharmacy Sentenced for In-Race Horse Doping Conspiracy

03/01/2018
February 28, 2018: Two Doctors Arrested Pursuant to Federal Indictment That Alleges Bogus Sleep Studies Helped 1-800-Get-Thin Fraudulently Bill Insurance Programs Over $250 Million Related to Lap-Band Surgeries

02/27/2018
February 27, 2018: Former President of Houston-Based Drug Company Convicted in $50 Million Drug Diversion Scheme

02/22/2018
February 21, 2018: Pharmacy Tech Sentenced to Five Years in Prison for Tampering with Opioids for IV Fluid

02/21/2018
February 20, 2018: U.S. Attorney Announces 69-count Indictment Charging Owners, Managers and Physicians Associated with Hope Clinic

02/21/2018
February 14, 2018: Palmer Man Sentenced for Conspiring to Import Prescription Drugs from Pakistan

02/20/2018
August 19, 2016: Pharmacy Owner and Medical Doctor Charged in an Internet Scheme to Dispense Medications to Customers without Valid Prescriptions

02/14/2018
February 14, 2018: Two Indian Citizens and India-based Corporation Sentenced for Conspiring to Smuggle Counterfeit Cigarettes

02/12/2018
February 8, 2018: Queensbury Oncologist and Spouse to Pay $500,000 for Submitting False Claims to Medicare for the Administration of Unapproved Cancer Drugs

02/12/2018
February 9, 2018: Tampa Resident Convicted for Involvement with Tricare Health Care Fraud Scheme

02/05/2018
February 5, 2018: Pennsylvania Firearms Dealer Sentenced To 100 Months Imprisonment

02/05/2018
November 25, 2018: Nevada Man Indicted for Distribution of Anabolic Steroids and Drug Misbranding

02/05/2018
February 5, 2018: Three Florida Residents Sentenced for Operating an Illegal Steroid and Counterfeit Prescription Drug Lab

01/31/2018
January 31, 2018: New England Compounding Center Pharmacist Sentenced for Role in Nationwide Fungal Meningitis Outbreak

01/24/2018
September 25, 2017: U.S. Attorney Charges Pharmacy Tech for Tampering with Opioids

01/24/2018
January 13, 2017: Two Louisiana Men Sentenced for Roles in On-line Pharmacy Scheme

01/24/2018
May 17, 2017: Gardner Man Charged with Conspiracy to Traffic Counterfeit Steroids

01/24/2018
December 6, 2016: Two Sentenced for Trafficking in Counterfeit Viagra and Cialis

01/24/2018
September 11, 2017: Knoxville Man Pleads Guilty to Conspiring to Defraud the FDA

01/24/2018
December 9, 2016: Carroll County Man Pleads Guilty to Federal Conspiracy Charge

01/24/2018
July 18, 2016: Cincinnati Man Sentenced for Illegally Importing Drugs into U.S.

01/24/2018
July 7, 2016: Johnston Resident Charged with Drug Trafficking, Money Laundering

01/24/2018
January 7, 2016: Former Nurse Pleads Guilty to Stealing Narcotics from Hospital

01/24/2018
February 15, 2017: Hampton-Based Spice Dealer Sentenced to 17 Years in Prison

01/24/2018
July 13, 2017: Four Charged in Counterfeit Body Building Steroid Conspiracy

01/24/2018
December 8, 2016: Pharmaceutical Executives Charged in Racketeering Scheme

01/24/2018
December 2, 2016: Woman Arrested For Injecting Adulterated Liquid Silicone

01/24/2018
September 20, 2017: Registered Nurse Sentenced for Tampering with Fentanyl

01/24/2018
June 28, 2017: Registered Nurse Pleads Guilty to Tampering with Fentanyl

01/24/2018
June 27, 2016: Hampton-Based Spice Retailer and Wholesaler Pleads Guilty

01/24/2018
May 31, 2016: Worcester Nurse Indicted on Federal Drug Tampering Charges

01/24/2018
August 7, 2017: Notification of Stolen Sterile Prescription Injectable Products

01/23/2018
January 23, 2018: Two Indian Citizens and India-based Corporation Plead Guilty to Conspiring to Smuggle Counterfeit Cigarettes

01/17/2018
January 12, 2018: Owner of Seafood Company Charged in Atlantic Blue Crab Scam

01/17/2018
September 22, 2017: Drug Maker Aegerion Agrees to Plead Guilty; Will Pay More Than $35 Million to Resolve Criminal Charges and Civil False Claims Allegations

01/16/2018
June 30, 2017: Bath County Man Sentenced For Misbranding Drugs and Obstructing Justice

01/16/2018
June 21, 2017: Gardner Man Pleads Guilty to Conspiracy to Traffic Counterfeit Steroids

01/16/2018
August 28, 2017: Costa Rican Defendant Appears in Federal Court to Face Fraud Charges

01/16/2018
July 17, 2017: Leader of $17 Million Health Insurance Fraud Scheme Ordered to Prison

01/16/2018
October 11, 2016: Foreign National Pleads Guilty To International Wire Fraud Scheme

01/16/2018
August 30, 2017: Two Charged in Federal Court with Smuggling Counterfeit Cigarettes

01/16/2018
May 31, 2017: Men Sentenced to Combined 60 Years for Selling Spice in Hampton Roads

01/12/2018
December 20, 2016: New England Compounding Center’s National Sales Director Pleads Guilty

01/12/2018
July 19, 2017: Texas Man Sentenced to Prison for Conspiring to Import Prescription Drugs

01/12/2018
March 13, 2017: Vice-President of SK Labs Found Guilty of Conspiracy, Mail Fraud Charges

01/12/2018
December 27, 2016: Providence Nurse Charged in Connection with Tampering with Oxycodone

01/12/2018
January 20, 2016: Businessman Sentenced for Marketing and Selling Unapproved Remedies for Cancer

01/12/2018
March 2, 2017: Bath County Man Convicted of Obstructing Justice and Selling Misbranded Products

01/12/2018
February 6, 2017: Arizona Man Sentenced for Trafficking in Pet Products with Counterfeit Labels

01/12/2018
January 17, 2017: Tampa-Area Medical Device Salesman Guilty of Selling Expired Lap-Band Devices

01/12/2018
August 1, 2017: Two Kansans Sentenced for Operating Multimillion-Dollar Designer Drug Business

01/12/2018
June 2, 2016: Additional Criminal Charges Brought Against Indicted Penn National Horse Trainer

01/12/2018
June 15, 2017: Gloucester Woman Charged with Conspiracy to Traffic Steroids and Launder Money

01/12/2018
June 15, 2017: Two Kansans Sentenced for Operating Multimillion-Dollar Designer Drug Business

01/12/2018
May 15, 2017: Vitamin Shop Owner Guilty of Selling Misbranded Drugs and Controlled Substance

01/12/2018
August 15, 2016: Second Trafficker Convicted of Distributing Dangerous Counterfeit Viagra and Cialis

01/12/2018
July 17, 2017: Gloucester Woman Pleads Guilty to Her Role in Counterfeit Steroid Trafficking Scheme

01/12/2018
October 12, 2016: Colombian National Charged for Unlawfully Injecting Silicone into Victims Bodies

01/12/2018
July 28, 2017: Westerly Resident to Plead Guilty to Trafficking Steroids, Money Laundering Charges

01/12/2018
September 22, 2016: Hoover Man Charged for Marketing Misbranded Male Enhancement Drugs from China

01/12/2018
September, 22, 2016 Hoover Man Charged for Marketing Misbranded Male Enhancement Drugs from China

01/12/2018
August 2, 2016: Colombian National Charged for Unlawfully Injecting Silicone into Victims’ Bodies

01/12/2018
December 13, 2016: Tampa Resident Indicted for Involvement with Tricare Health Care Fraud Scheme

01/12/2018
September 5, 2017: New Hampshire Residents Plead Guilty to Conspiracy Involving Misbranded Drugs

01/12/2018
April 3, 2017: Printing and Packaging CEO Pleads Guilty to Trafficking in Counterfeit Labels and Packaging

01/12/2018
March 14, 2017: Woman Admits to Causing the Death of Another Person by Injecting Her with Liquid Silicone

01/12/2018
April 12, 2017: Former Medical Product Distributor Charged with False Statements about Hormone Shipments

01/12/2018
September 29, 2016: New York Man Pleads Guilty To Conspiring To Illegally Manufacture Designer Steroids

01/12/2018
July 1, 2016: New Hampshire Couple Indicted On Two Counts Of Illegal Distribution Of Prescription Drugs

01/12/2018
September 22, 2017:Woman Admits to Illegally Selling Prescription Drugs Not Approved for Use in the US

01/12/2018
June 22, 2016: Former Nurse Sentenced to 82 Months for Stealing and Tampering with Patient Medications

01/12/2018
June 13, 2017: Cherry Hill Doctor and Son Admit Defrauding Medicare, Agree To $1.78 Million Settlement

01/12/2018
December 19, 2016: New York Man Sentenced to Lengthy Prison Term for Selling Unsafe Dietary Supplements Online

01/12/2018
September 25, 2017: Pharmacy Manager Pleads Guilty to Illegal Prescription Drug Diversion and Money Laundering

01/12/2018
July 28, 2017: Tampa Woman Sentenced to Prison For Misbranded Drugs Used in Connection with Buttocks Injection

01/12/2018
March 28, 2017: Former Atlantic County, New Jersey, Man Charged with Smuggling and Dispensing Misbranded Drugs

01/12/2018
September 12, 2017: Former Paramedic Pleads Guilty to Stealing Pain-killing Drugs, Replacing Vials with Water

01/12/2018
July 29, 2016: Majority Owner of NECC and Husband Plead Guilty to Illegal Cash Withdrawals Following Outbreak

01/12/2018
May 15, 2017: Printing and Packaging Business Owner Convicted of Trafficking in Counterfeit Veterinary Labels

01/12/2018
July 14, 2017: Senior Executives of Medical Drug Re-Packager Plead Guilty to Defrauding Healthcare Providers

01/12/2018
July 20, 2016: Former Acclarent, Inc. Executives Convicted of Crimes Related to the Sale of Medical Devices

01/12/2018
June 6, 2016: Pharmaceutical Companies To Pay $67 Million To Resolve False Claims Act Allegations Relating To Tarceva

01/12/2018
February 16, 2017: Atlanta Man Convicted of Illegally Importing and Distributing Male Enhancement Products from China

01/11/2018
January 11, 2018: Former New Hampshire Pharmacist Pleads Guilty for Tampering with Narcotics at Bedford Pharmacy

01/11/2018
July 22, 2016: Medical Device Manufacturer Acclarent Inc. to Pay $18 Million to Settle False Claims Act Allegations

01/11/2018
November 15, 2016: Miami-Dade Resident Sentenced to Fifteen Months in Prison for Distributing Contaminated Cheese

01/11/2018
September 25, 2017: Millions of Medicines Seized in Largest INTERPOL Operation Against Illicit Online Pharmacies

01/11/2018
January 3, 2017: Notification of Stolen Reckitt Benckiser Retail, Non-Prescription, Consumer Healthcare Products

01/09/2018
August 1, 2017: Radford Nurse Who Tampered with Liquid Morphine Intended for Nursing Home Patients Sentenced in Federal Court

01/09/2018
November 4, 2016: Two Pakistani Nationals Sentenced for Conspiring to Illegally Ship Pharmaceuticals into the United States

01/09/2018
November 29, 2016: Eight Defendants Convicted For Conspiracy to Manufacture and Distribute Counterfeit 5-Hour Energy Drink

01/09/2018
September 11, 2017: Three Florida Residents Arrested After Law Enforcement Discover Steroid and Fake Prescription Drug Lab

01/09/2018
June 21, 2017: Counterfeiters Sentenced for Convictions in Nationwide Conspiracy to Distribute Fake 5-Hour Energy Drink

01/09/2018
May 31, 2017: Drug Trafficking Organization Faces Indictment For Involvment In Manufacturing Fake Prescriptions Drugs With Fentanyl

01/09/2018
July 6, 2016: New Jersey Medical Device Manufacturer Admits Selling Contaminated Ultrasound Gel; Court Orders Permanent Injunction

01/09/2018
June 26, 2017: Owner of New England Compounding Center Sentenced for Racketeering Leading to Nationwide Fungal Meningitis Outbreak

01/09/2018
June 21, 2016: Two Pharmacists Sentenced to Prison for Adulteration of Drugs in Connection with Alabama-Based Compounding Pharmacy

01/09/2018
February 14, 2017: Two Miami-Dade Women Charged in Connection with Their Operation of a Spa Performing Illicit Silicone Injections

01/09/2018
June 22, 2017: Pharmacy Owner and Director of Compliance Charged with Defrauding United States and Distributing Adulterated Drugs

01/09/2018
April 12, 2017: Owners of Two Los Angeles-Area Drug Wholesale Companies Arrested in $20 Million Federal ‘Structuring’ Conspiracy

01/09/2018
December 2, 2016: Former Police Officer Sentenced in White Plains Federal Court to 8 Years in Prison for Selling Date Rape Drug

01/09/2018
February 7, 2017: Randallstown Woman Pleads Guilty to Injecting Non-Medical Grade Silicone into the Bodies of Victim Customers

01/09/2018
August 30, 2017: Miami-Dade Resident Sentenced to More Than 6 Years in Prison for Operating a Miami Spa Performing Illicit Silicone Injections

01/09/2018
March 28, 2017: 3 Canadians and their Vancouver Company Charged with Conspiring to Sell Foreign-Made Drugs to Western Pennsylvania Pharmacists

01/09/2018
March 9, 2017: Internet Business Owner Indicted for Selling Non-FDA Approved and Misbranded Versions of Botox and Juvederm Related Products

01/09/2018
June 8, 2017: Houston, Texas Man convicted of Smuggling Korean Human Growth Hormone Drugs to Local Patients and Professional Wrestlers

01/09/2018
February 16, 2017: Oncology Practice, Doctor and Practice Manager Pay $1.7 Million to Resolve Allegations They Billed Medicare for Illegally Imported Drugs

01/09/2018
June 27, 2017: Physician and Wife to Pay $1.2 Million to Settle False Claims Act Allegations That They Billed Medicare and Medicaid for Unapproved Drugs

01/09/2018
December 13, 2016: O.C. Man Charged with Selling Pet Meds Without a Prescription, Some of Which Were Not Approved for Distribution in the United States

01/09/2018
September 6, 2017: Bronx Pharmacist Pleads Guilty To Illegally Selling Millions Of Prescription Pills On The Internet And Agrees To Forfeit $9 Million

01/09/2018
November 10, 2016: Nurse Who Operated Spa in Laguna Niguel Agrees to Plead Guilty to Illegally Dispensing Botox Not Approved for Use in United States

01/09/2018
March 30, 2017: Lincoln Mother and Son Convicted of Conspiracy to Distribute Misbranded Substances, Drug Paraphernalia, and Related Financial Crimes

01/09/2018
January 12, 2017: Baxter Healthcare Corporation to Pay More than $18 Million to Resolve Criminal and Civil Liability Relating to Sterile Products

01/09/2018
September 20, 2017: Miami-Dade Resident Sentenced to More Than 4 Years in Prison for Managing a Miami Spa Performing Illicit Silicone Injections

01/09/2018
May 23, 2017: Citizen of Pakistan and United Kingdom Sentenced For International Wire Fraud Scheme That Sold False Cures For Multiple Illnesses

01/09/2018
April 18, 2017: SCM True Air Technologies, of Ohio and Kentucky, and Its Former Company President – Guilty of Delivering Misbranded Medical Devices from Unregistered Facilities to a Georgia V.A. Medical Center and Obstructing an FDA Investigation into their Conduct

01/09/2018
November 28, 2016: Iowa Cancer Clinic and Oncologist to Pay More Than $176,000 To Settle False Claims Act Allegations They Recklessly Billed for Cancer Drugs That Were Unapproved, Misbranded, or Counterfeit and Improperly Upcoded Office Visit Claims

01/09/2018
September 9, 2016: Owner of Major Online Colored Contact Lens Business Pleads Guilty in Largest-Ever Investigation of Counterfeit and Misbranded Contact Lenses in the United States

01/09/2018
November 7, 2016: Medical Device Maker Biocompatibles Pleads Guilty to Misbranding and Agrees to Pay $36 Million to Resolve Criminal Liability and False Claims Act Allegations

01/09/2018
September 26, 2017: Houston, Texas Man Sentenced to 40 Months and a $95,000 Fine for Smuggling Korean Human Growth Hormone Drugs to Local Patients and Professional Wrestlers

01/09/2018
December 7, 2016: GNC Enters Into Agreement with Department of Justice to Improve Its Practices and Keep Potentially Illegal Dietary Supplements Out of the Marketplace

01/09/2018
September 27, 2017: Amerisourcebergen Specialty Group Pleads Guilty to Distributing Misbranded Drugs and is Sentenced to Pay $260 Million to Resolve Criminal Liability

01/09/2018
December 5, 2016: Medical Device Saleswoman Sentenced to Three Years in Prison for Charges Relating to the Transport of Stolen Medical Devices and Money Laundering

01/09/2018
May 26, 2017: Florida Woman Sentenced to Federal Prison for Causing the Death of One Victim and Hospitalization of Others by Injecting them With Liquid Silicone

01/09/2018
September 11, 2017: Owner of O.C. Pet Products Company Pleads Guilty to Selling Pet Meds without Prescriptions, Some of Which Were Not Approved for U.S. Sale

09/17/2018
September 8, 2017: Galena Biopharma Inc. to Pay More than $7.55 Million to Resolve Alleged False Claims Related to Opioid Drug

01/24/2018
September 25, 2017: U.S. Attorney Charges Pharmacy Tech for Tampering with Opioids

01/24/2018
January 13, 2017: Two Louisiana Men Sentenced for Roles in On-line Pharmacy Scheme

01/24/2018
May 17, 2017: Gardner Man Charged with Conspiracy to Traffic Counterfeit Steroids

01/24/2018
September 11, 2017: Knoxville Man Pleads Guilty to Conspiring to Defraud the FDA

01/24/2018
February 15, 2017: Hampton-Based Spice Dealer Sentenced to 17 Years in Prison

01/24/2018
July 13, 2017: Four Charged in Counterfeit Body Building Steroid Conspiracy

01/24/2018
September 20, 2017: Registered Nurse Sentenced for Tampering with Fentanyl

01/24/2018
June 28, 2017: Registered Nurse Pleads Guilty to Tampering with Fentanyl

01/24/2018
August 7, 2017: Notification of Stolen Sterile Prescription Injectable Products

01/17/2018
September 22, 2017: Drug Maker Aegerion Agrees to Plead Guilty; Will Pay More Than $35 Million to Resolve Criminal Charges and Civil False Claims Allegations

01/16/2018
June 30, 2017: Bath County Man Sentenced For Misbranding Drugs and Obstructing Justice

01/16/2018
June 21, 2017: Gardner Man Pleads Guilty to Conspiracy to Traffic Counterfeit Steroids

01/16/2018
August 28, 2017: Costa Rican Defendant Appears in Federal Court to Face Fraud Charges

01/16/2018
July 17, 2017: Leader of $17 Million Health Insurance Fraud Scheme Ordered to Prison

01/16/2018
August 30, 2017: Two Charged in Federal Court with Smuggling Counterfeit Cigarettes

01/16/2018
May 31, 2017: Men Sentenced to Combined 60 Years for Selling Spice in Hampton Roads

01/12/2018
July 19, 2017: Texas Man Sentenced to Prison for Conspiring to Import Prescription Drugs

01/12/2018
March 13, 2017: Vice-President of SK Labs Found Guilty of Conspiracy, Mail Fraud Charges

01/12/2018
March 2, 2017: Bath County Man Convicted of Obstructing Justice and Selling Misbranded Products

01/12/2018
February 6, 2017: Arizona Man Sentenced for Trafficking in Pet Products with Counterfeit Labels

01/12/2018
January 17, 2017: Tampa-Area Medical Device Salesman Guilty of Selling Expired Lap-Band Devices

01/12/2018
August 1, 2017: Two Kansans Sentenced for Operating Multimillion-Dollar Designer Drug Business

01/12/2018
June 15, 2017: Gloucester Woman Charged with Conspiracy to Traffic Steroids and Launder Money

01/12/2018
June 15, 2017: Two Kansans Sentenced for Operating Multimillion-Dollar Designer Drug Business

01/12/2018
May 15, 2017: Vitamin Shop Owner Guilty of Selling Misbranded Drugs and Controlled Substance

01/12/2018
July 17, 2017: Gloucester Woman Pleads Guilty to Her Role in Counterfeit Steroid Trafficking Scheme

01/12/2018
July 28, 2017: Westerly Resident to Plead Guilty to Trafficking Steroids, Money Laundering Charges

01/12/2018
September 5, 2017: New Hampshire Residents Plead Guilty to Conspiracy Involving Misbranded Drugs

01/12/2018
April 3, 2017: Printing and Packaging CEO Pleads Guilty to Trafficking in Counterfeit Labels and Packaging

01/12/2018
March 14, 2017: Woman Admits to Causing the Death of Another Person by Injecting Her with Liquid Silicone

01/12/2018
April 12, 2017: Former Medical Product Distributor Charged with False Statements about Hormone Shipments

01/12/2018
September 22, 2017:Woman Admits to Illegally Selling Prescription Drugs Not Approved for Use in the US

01/12/2018
June 13, 2017: Cherry Hill Doctor and Son Admit Defrauding Medicare, Agree To $1.78 Million Settlement

01/12/2018
September 25, 2017: Pharmacy Manager Pleads Guilty to Illegal Prescription Drug Diversion and Money Laundering

01/12/2018
July 28, 2017: Tampa Woman Sentenced to Prison For Misbranded Drugs Used in Connection with Buttocks Injection

01/12/2018
March 28, 2017: Former Atlantic County, New Jersey, Man Charged with Smuggling and Dispensing Misbranded Drugs

01/12/2018
September 12, 2017: Former Paramedic Pleads Guilty to Stealing Pain-killing Drugs, Replacing Vials with Water

01/12/2018
May 15, 2017: Printing and Packaging Business Owner Convicted of Trafficking in Counterfeit Veterinary Labels

01/12/2018
July 14, 2017: Senior Executives of Medical Drug Re-Packager Plead Guilty to Defrauding Healthcare Providers

01/12/2018
February 16, 2017: Atlanta Man Convicted of Illegally Importing and Distributing Male Enhancement Products from China

01/11/2018
September 25, 2017: Millions of Medicines Seized in Largest INTERPOL Operation Against Illicit Online Pharmacies

01/11/2018
January 3, 2017: Notification of Stolen Reckitt Benckiser Retail, Non-Prescription, Consumer Healthcare Products

01/09/2018
August 1, 2017: Radford Nurse Who Tampered with Liquid Morphine Intended for Nursing Home Patients Sentenced in Federal Court

01/09/2018
September 11, 2017: Three Florida Residents Arrested After Law Enforcement Discover Steroid and Fake Prescription Drug Lab

01/09/2018
June 21, 2017: Counterfeiters Sentenced for Convictions in Nationwide Conspiracy to Distribute Fake 5-Hour Energy Drink

01/09/2018
May 31, 2017: Drug Trafficking Organization Faces Indictment For Involvment In Manufacturing Fake Prescriptions Drugs With Fentanyl

01/09/2018
June 26, 2017: Owner of New England Compounding Center Sentenced for Racketeering Leading to Nationwide Fungal Meningitis Outbreak

01/09/2018
February 14, 2017: Two Miami-Dade Women Charged in Connection with Their Operation of a Spa Performing Illicit Silicone Injections

01/09/2018
June 22, 2017: Pharmacy Owner and Director of Compliance Charged with Defrauding United States and Distributing Adulterated Drugs

01/09/2018
April 12, 2017: Owners of Two Los Angeles-Area Drug Wholesale Companies Arrested in $20 Million Federal ‘Structuring’ Conspiracy

01/09/2018
February 7, 2017: Randallstown Woman Pleads Guilty to Injecting Non-Medical Grade Silicone into the Bodies of Victim Customers

01/09/2018
August 30, 2017: Miami-Dade Resident Sentenced to More Than 6 Years in Prison for Operating a Miami Spa Performing Illicit Silicone Injections

01/09/2018
March 28, 2017: 3 Canadians and their Vancouver Company Charged with Conspiring to Sell Foreign-Made Drugs to Western Pennsylvania Pharmacists

01/09/2018
March 9, 2017: Internet Business Owner Indicted for Selling Non-FDA Approved and Misbranded Versions of Botox and Juvederm Related Products

01/09/2018
June 8, 2017: Houston, Texas Man convicted of Smuggling Korean Human Growth Hormone Drugs to Local Patients and Professional Wrestlers

01/09/2018
February 16, 2017: Oncology Practice, Doctor and Practice Manager Pay $1.7 Million to Resolve Allegations They Billed Medicare for Illegally Imported Drugs

01/09/2018
June 27, 2017: Physician and Wife to Pay $1.2 Million to Settle False Claims Act Allegations That They Billed Medicare and Medicaid for Unapproved Drugs

01/09/2018
September 6, 2017: Bronx Pharmacist Pleads Guilty To Illegally Selling Millions Of Prescription Pills On The Internet And Agrees To Forfeit $9 Million

01/09/2018
March 30, 2017: Lincoln Mother and Son Convicted of Conspiracy to Distribute Misbranded Substances, Drug Paraphernalia, and Related Financial Crimes

01/09/2018
January 12, 2017: Baxter Healthcare Corporation to Pay More than $18 Million to Resolve Criminal and Civil Liability Relating to Sterile Products

01/09/2018
September 20, 2017: Miami-Dade Resident Sentenced to More Than 4 Years in Prison for Managing a Miami Spa Performing Illicit Silicone Injections

01/09/2018
May 23, 2017: Citizen of Pakistan and United Kingdom Sentenced For International Wire Fraud Scheme That Sold False Cures For Multiple Illnesses

01/09/2018
April 18, 2017: SCM True Air Technologies, of Ohio and Kentucky, and Its Former Company President – Guilty of Delivering Misbranded Medical Devices from Unregistered Facilities to a Georgia V.A. Medical Center and Obstructing an FDA Investigation into their Conduct

01/09/2018
September 26, 2017: Houston, Texas Man Sentenced to 40 Months and a $95,000 Fine for Smuggling Korean Human Growth Hormone Drugs to Local Patients and Professional Wrestlers

01/09/2018
September 27, 2017: Amerisourcebergen Specialty Group Pleads Guilty to Distributing Misbranded Drugs and is Sentenced to Pay $260 Million to Resolve Criminal Liability

01/09/2018
May 26, 2017: Florida Woman Sentenced to Federal Prison for Causing the Death of One Victim and Hospitalization of Others by Injecting them With Liquid Silicone

01/09/2018
September 11, 2017: Owner of O.C. Pet Products Company Pleads Guilty to Selling Pet Meds without Prescriptions, Some of Which Were Not Approved for U.S. Sale

12/21/2017
December 19, 2017: Senior Executives of Medical Drug Repackager Sentenced for Defrauding Healthcare Providers

12/21/2017
December 20, 2017: Fitchburg Woman Pleads Guilty to Role in Counterfeit Steroid Conspiracy

12/18/2017
December 18, 2017: Cherry Hill Doctor and Son Sentenced to Prison for Defrauding Medicare

12/14/2017
December 12, 2017: Iserve Technologies, Inc. Pled Guilty in Connection with Guilty Pleas of Former Exec and Manager of Med-Fast Pharmacy Inc.

12/04/2017
November 30, 2017: Lynn Man Pleads Guilty to Counterfeit Steroid Conspiracy

12/04/2017
November 30, 2017: Paramedic Sentenced for Stealing Fentanyl from Ambulance Company

12/04/2017
November 28, 2017: Champaign, Illinois, Resident Guilty of Producing and Selling Over 80,000 Homemade Tramadol Capsules to Customers Without Verifying Prescriptions

12/04/2017
November 29, 2017: Knoxville Man Sentenced for Conspiring to Defraud the FDA

11/27/2017
November 21, 2017: Williamsville Couple Pleads Guilty

11/27/2017
November 22, 2017: Former Pharmacy Compliance Director Pleads Guilty to Introducing Adulterated Drugs into Interstate Commerce and Conspiracy to Defraud the United States

11/27/2017
November 20, 2017: Vitamin Shop Owner Sentenced for Misbranded Drugs and Controlled Substance Conviction

11/21/2017
November 20, 2017:Queensbury Oncologist and Office Manager Plead Guilty in Connection with Administering Unapproved Drugs

11/21/2017
November 16, 2017: Palmer Man Pleads Guilty to Conspiring to Import Prescription Drugs from Pakistan

11/20/2017
November 7, 2017: Federal Jury Convicts Lake Charles Veterinarian, Pharmacy in Race Horse Doping Conspiracy

11/06/2017
November 3, 2017: Vero Beach Orthopedic Surgeon Charged in Drug Conspiracy Resulting in Death

11/06/2017
November 3, 2017: Five Charged in Alleged Opioid Prescription, Healthcare Fraud Scheme

11/06/2017
November 1, 2017: New York Man Pleads Guilty to Selling Misbranded Animal Drugs Containing Steroids

11/01/2017
November 1, 2017: FDA Supervisor and Local Businessman Charged in Bribery Scheme

11/01/2017
November 1, 2017: Pair Sentenced on Federal Conspiracy

10/31/2017
October 31, 2017: South Korean Maker of Contact Lenses, Company CEO Charged with Smuggling Products into U.S. by Failing to Declare Full Value

10/31/2017
March 28, 2017: Oakland Man Pleads Guilty to Role in Conspiracy to Manufacture Counterfeit Drugs

10/30/2017
October 27, 2017: Central Kentucky Pharmacist Sentenced for Conspiracy to Distribute Oxycodone and Money Laundering

10/26/2017
October 26, 2017: Founder and Owner of Pharmaceutical Company Insys Arrested and Charged with Racketeering

10/26/2017
October 25, 2017: Five Chinese Citizens and Four Chinese Companies Indicted in Scheme to Sell Mislabeled Dietary Supplements

10/26/2017
October 25, 2017: Supervisory Pharmacist of New England Compounding Center Convicted of Racketeering Leading to Nationwide Fungal Meningitis Outbreak

10/17/2017
October 16, 2017: Omak, Washington Nurse Sentenced to Federal Prison for Adulterating and Misbranding Pain Medications

10/10/2017
October 4, 2017: Med-Fast Pharmacy Inc. and Former Exec Agree to Resolve Criminal and Civil Charges

10/03/2017
October 2, 2017: Compounding Pharmacy Owner Charged with $10 Million Health Care Fraud

10/02/2017
September 29, 2017: Randallstown Woman Sentenced To 2 Years In Prison For Injecting Non-Medical Grade Silicone Into The Bodies Of Victim Customers

09/28/2017
September 20, 2017: Pair Plead Guilty to Federal Conspiracy Charge

08/29/2017
August 28, 2017: Shrewsbury Man Pleads Guilty to Operating Counterfeit Steroid Scheme

08/18/2017
August 18, 2017: Former Police Officer Pleads Guilty to Trafficking Steroids, Money Laundering

07/18/2017
July 6, 2017: North Olmsted Man Charged with Selling Misbranded Drugs

07/03/2017
June 28, 2017: Former VA Nurse Re-Sentenced for Stealing and Tampering with Patient Medications

07/03/2017
June 28, 2017: Distributor of Counterfeit Medications Arrested

06/28/2017
June 23, 2017: Monterey Park Woman Arrested on Federal Charges after Allegedly Injecting Foreign Substances into Woman for Buttocks Enhancement

06/26/2017
June 22, 2017: Paramedic Pleads Guilty to Removing Liquid Fentanyl from Ambulance

06/19/2017
June 16, 2017: Leawood Woman Charged With Importing Misbranded Drugs

06/09/2017
June 9, 2017: Providence Nurse Pleads Guilty to Tampering with Oxycodone

04/24/2017
April 19, 2017: Radford Nurse, Who Tampered with Liquid Morphine Intended for Nursing Home Patients, Pleads Guilty

04/13/2017
April 12, 2017: Six Charged with Trafficking Counterfeit Steroids

04/06/2017
April 5, 2017: Worcester Nurse Sentenced for Drug Tampering

03/30/2017
March 22, 2017: Diamond Bar Man Pleads Guilty to Smuggling ED Drugs that Were Sold as ‘Herbal Enhancement’ Products without Prescriptions

03/27/2017
March 22, 2017: Owner of New England Compounding Center Convicted of Racketeering Leading to Nationwide Fungal Meningitis Outbreak

01/19/2017
January 18, 2017: Owner of Major Online Colored Contact Lens Business Sentenced to 46 Months in Prison in Largest-Ever Scheme to Import and Sell Counterfeit and Misbranded Contact Lenses Prosecuted in the United States

01/19/2017
January 13, 2017: Paramedic Pleads Guilty to Tampering with Drugs

01/17/2017
January 11, 2017: Worcester Nurse Pleads Guilty to Drug Tampering

02/20/2018
August 19, 2016: Pharmacy Owner and Medical Doctor Charged in an Internet Scheme to Dispense Medications to Customers without Valid Prescriptions

01/24/2018
December 6, 2016: Two Sentenced for Trafficking in Counterfeit Viagra and Cialis

01/24/2018
December 9, 2016: Carroll County Man Pleads Guilty to Federal Conspiracy Charge

01/24/2018
July 18, 2016: Cincinnati Man Sentenced for Illegally Importing Drugs into U.S.

01/24/2018
July 7, 2016: Johnston Resident Charged with Drug Trafficking, Money Laundering

01/24/2018
January 7, 2016: Former Nurse Pleads Guilty to Stealing Narcotics from Hospital

01/24/2018
December 8, 2016: Pharmaceutical Executives Charged in Racketeering Scheme

01/24/2018
December 2, 2016: Woman Arrested For Injecting Adulterated Liquid Silicone

01/24/2018
June 27, 2016: Hampton-Based Spice Retailer and Wholesaler Pleads Guilty

01/24/2018
May 31, 2016: Worcester Nurse Indicted on Federal Drug Tampering Charges

01/16/2018
October 11, 2016: Foreign National Pleads Guilty To International Wire Fraud Scheme

01/12/2018
December 20, 2016: New England Compounding Center’s National Sales Director Pleads Guilty

01/12/2018
December 27, 2016: Providence Nurse Charged in Connection with Tampering with Oxycodone

01/12/2018
January 20, 2016: Businessman Sentenced for Marketing and Selling Unapproved Remedies for Cancer

01/12/2018
June 2, 2016: Additional Criminal Charges Brought Against Indicted Penn National Horse Trainer

01/12/2018
August 15, 2016: Second Trafficker Convicted of Distributing Dangerous Counterfeit Viagra and Cialis

01/12/2018
October 12, 2016: Colombian National Charged for Unlawfully Injecting Silicone into Victims Bodies

01/12/2018
September 22, 2016: Hoover Man Charged for Marketing Misbranded Male Enhancement Drugs from China

01/12/2018
September, 22, 2016 Hoover Man Charged for Marketing Misbranded Male Enhancement Drugs from China

01/12/2018
August 2, 2016: Colombian National Charged for Unlawfully Injecting Silicone into Victims’ Bodies

01/12/2018
December 13, 2016: Tampa Resident Indicted for Involvement with Tricare Health Care Fraud Scheme

01/12/2018
September 29, 2016: New York Man Pleads Guilty To Conspiring To Illegally Manufacture Designer Steroids

01/12/2018
July 1, 2016: New Hampshire Couple Indicted On Two Counts Of Illegal Distribution Of Prescription Drugs

01/12/2018
June 22, 2016: Former Nurse Sentenced to 82 Months for Stealing and Tampering with Patient Medications

01/12/2018
December 19, 2016: New York Man Sentenced to Lengthy Prison Term for Selling Unsafe Dietary Supplements Online

01/12/2018
July 29, 2016: Majority Owner of NECC and Husband Plead Guilty to Illegal Cash Withdrawals Following Outbreak

01/12/2018
July 20, 2016: Former Acclarent, Inc. Executives Convicted of Crimes Related to the Sale of Medical Devices

01/12/2018
June 6, 2016: Pharmaceutical Companies To Pay $67 Million To Resolve False Claims Act Allegations Relating To Tarceva

01/11/2018
July 22, 2016: Medical Device Manufacturer Acclarent Inc. to Pay $18 Million to Settle False Claims Act Allegations

01/11/2018
November 15, 2016: Miami-Dade Resident Sentenced to Fifteen Months in Prison for Distributing Contaminated Cheese

01/09/2018
November 4, 2016: Two Pakistani Nationals Sentenced for Conspiring to Illegally Ship Pharmaceuticals into the United States

01/09/2018
November 29, 2016: Eight Defendants Convicted For Conspiracy to Manufacture and Distribute Counterfeit 5-Hour Energy Drink

01/09/2018
July 6, 2016: New Jersey Medical Device Manufacturer Admits Selling Contaminated Ultrasound Gel; Court Orders Permanent Injunction

01/09/2018
June 21, 2016: Two Pharmacists Sentenced to Prison for Adulteration of Drugs in Connection with Alabama-Based Compounding Pharmacy

01/09/2018
December 2, 2016: Former Police Officer Sentenced in White Plains Federal Court to 8 Years in Prison for Selling Date Rape Drug

01/09/2018
December 13, 2016: O.C. Man Charged with Selling Pet Meds Without a Prescription, Some of Which Were Not Approved for Distribution in the United States

01/09/2018
November 10, 2016: Nurse Who Operated Spa in Laguna Niguel Agrees to Plead Guilty to Illegally Dispensing Botox Not Approved for Use in United States

01/09/2018
November 28, 2016: Iowa Cancer Clinic and Oncologist to Pay More Than $176,000 To Settle False Claims Act Allegations They Recklessly Billed for Cancer Drugs That Were Unapproved, Misbranded, or Counterfeit and Improperly Upcoded Office Visit Claims

01/09/2018
September 9, 2016: Owner of Major Online Colored Contact Lens Business Pleads Guilty in Largest-Ever Investigation of Counterfeit and Misbranded Contact Lenses in the United States

01/09/2018
November 7, 2016: Medical Device Maker Biocompatibles Pleads Guilty to Misbranding and Agrees to Pay $36 Million to Resolve Criminal Liability and False Claims Act Allegations

01/09/2018
December 7, 2016: GNC Enters Into Agreement with Department of Justice to Improve Its Practices and Keep Potentially Illegal Dietary Supplements Out of the Marketplace

01/09/2018
December 5, 2016: Medical Device Saleswoman Sentenced to Three Years in Prison for Charges Relating to the Transport of Stolen Medical Devices and Money Laundering

12/15/2016
December 13, 2016: Conagra Subsidiary Sentenced in Connection with Outbreak of Salmonella Poisoning Related to Peanut Butter

12/13/2016
December 9, 2016: Two South Florida Residents Charged with Conspiring to Misbrand and Sell Expired Gastric Banding Systems

11/21/2016
November 18, 2016: Palm Harbor Oncologist Convicted Of Buying Unapproved Cancer Medications From Foreign Sources And Defrauding Medicare

11/08/2016
November 4, 2016: University Hospital Nurse Arrested Following Grand Jury Indictment for Illegally Obtaining and Tampering with Fentanyl and Hydomorphone

10/17/2016
October 11, 2016: Florida Man Pleads Guilty to Manufacturing, Distributing Performance Enhancing Drugs

09/26/2016
September 9, 2016: Medical Device Saleswoman Convicted on Charges of Conspiring to Transport Stolen Medical Devices in Interstate Commerce, Money Laundering and Other Charges

08/19/2016
August 19,2016: North Carolina Man Sentenced to 14 Years in Federal Prison for Providing Silicone Buttocks Injections Resulting in the Death of a Client

07/26/2016
July 25, 2016: Three Charged with Manufacturing, Distributing Performance Enhancing Drugs

06/20/2016
June 20, 2016: R.I. Businessman Pleads Guilty to Running International Scheme to Label and Sell Misbranded Drugs

06/08/2016
June 2, 2016: President of Pharmaceutical Companies Sentenced to 60 Months in Prison for Long-Running Scheme to Sell Misbranded and Unapproved Chemotherapy and Other Prescription Drugs

05/27/2016
May 26, 2016: Owner of “The Wholesale Source” Convicted for Selling Unsafe Dietary Supplements Online

05/27/2016
May 27, 2016: North Carolina Man Admits Receiving and Selling Misbranded Silicone for Buttocks Injections Resulting in the Death of a Client

05/23/2016
May 9, 2016: California Man Pleads Guilty to Selling Unapproved Drug in Rhode Island

05/19/2016
May 18, 2016: Woman Charged with Illegally Administering Silicone Injections

05/16/2016
May 13, 2016: Two Key Players in Illegal Online Pharmacy Scheme Sentenced to Prison

05/16/2016
May 12, 2016: Windsor Mill Woman Indicted for Allegedly Injecting Non-Medical Grade Silicone into the Bodies of Victim Customers

05/09/2016
May 9, 2016: Owner of Bodybuilding Drug Companies Sentenced for Selling Misbranded Drugs

05/09/2016
May 9, 2016: Lodi Oncologist and Office Administrator Pay $300,000 to Settle False Claims Act Allegations

05/06/2016
May 5, 2016: Florida Man Sentenced To Prison For Illegal Diet Pill Scheme

05/05/2016
May 4, 2016: Former Buffalo Nurse Sentenced For Stealing Pain Medications Intended For Patients From Local Hospital

05/04/2016
April 28, 2016: Jury Convicts Former Police Officer For Selling Date Rape Drug

05/04/2016
May 3, 2016: Gainesville Physician Convicted of 162 Counts of Health Care Fraud

05/02/2016
April 29, 2016: Manhattan U.S. Attorney Announces Arrest Of Black Market Distributor Of Diverted HIV Medications Worth Approximately $4 Million

04/20/2016
April 20, 2016: Norfolk Man Pleads Guilty to Illegally Distributing Insulin

04/14/2016
April 7, 2016: Former Nurse Sentenced for Stealing Narcotics from Hospital

04/06/2016
April 4, 2016: Former Carlsbad Resident Jailed for Sale of Unapproved “Energy Wave” Medical Devices

03/24/2016
March 23, 2016: Federal Jury Convicts Destrehan Woman in Scheme to Sell Illegal and Mislabelled Diet Pills

03/24/2016
March 23, 2016: Detroit-Area Physician Sentenced to 45 Months in Prison for Role in $5.7 Million Medicare Fraud Scheme

03/21/2016
March 18, 2016: Bookkeeper for Online Pharmacy Sentenced to Five Years in Prison for Money Laundering

03/11/2016
March 8, 2016: Cincinnati Man Pleads Guilty to Illegally Importing Drugs into U.S.

03/08/2016
March 7, 2016: Tehachapi Doctor Sentenced to 6 Months in Prison for Defrauding Patients and Insurers by Implanting Unapproved IUDs

03/08/2016
March 4, 2016: First of Seven Defendants Who Operated Illegal Online Pharmacy Sentenced to Prison

03/04/2016
March 4, 2016: Mumbai, India, Man Sentenced on Misbranding Charge

03/03/2016
March 1, 2016: Principal of Dietary Ingredient Companies Pleads Guilty to Multi-Million Dollar Fraud and Meth Precursor Scheme

02/29/2016
February 26, 2016: Florence Man Sentenced for Smuggling and Distributing Prescription Drugs

02/25/2016
February 17, 2016: Danville Man Pleads Guilty to Manufacturing and Distributing Illegal Dietary Supplements

02/24/2016
February 24, 2016: Former VA Nurse Pleads Guilty To Stealing Controlled Substance From Hospital Syringes

02/24/2016
February 17, 2016: Two Men Sentenced For Involvement in Scheme to Distribute Misbranded Drugs

02/23/2016
February 10, 2016: Las Vegas Resident Indicted For Running Counterfeit and Misbranded Contact Lens Operation

02/19/2016
February 17, 2016: United States And Vermont Doctor Resolve Matter Involving Non-FDA Approved Drugs And False Claims

02/19/2016
February 16, 2016: Swedish Medical Center Surgical Tech/Technologist Indicted by Federal Grand Jury in Denver on Charges of Tampering with a Consumer Product and Obtaining a Controlled Substance by Deceit

02/19/2016
February 10, 2016: Owner of Cancer Treatment Clinic Convicted of Providing Fraudulent Medical Treatments to Patients

02/04/2016
January 28, 2016: Federal Criminal Charges Filed Against Two Pharmacists for Adulteration of Drugs in Connection with Alabama-Based Compounding Pharmacy

02/02/2016
February 1, 2016: Pakistani Man Makes Appearance in U.S. District Court in Denver Following Indictment and Arrest for Sale and Distribution of New, Misbranded and Counterfeit Prescription Drugs

02/02/2016
February 1, 2016: Worcester Nurse Sentenced for Stealing Oxycodone from Patients

02/02/2016
January 22, 2016: Counterfeit Cigarette Smuggler Receives Jail Sentence

02/02/2016
January 5, 2016: Two Defendants Sentenced to Prison in Conspiracy to Distribute Over $6.6 Million in Contraband Cigarettes

MIL OSI USA News –

May 22, 2025

MIL-OSI Security: Threat Actors Deploy LummaC2 Malware to Exfiltrate Sensitive Data from Organizations

Source: US Department of Homeland Security

Summary

The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) are releasing this joint advisory to disseminate known tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) associated with threat actors deploying the LummaC2 information stealer (infostealer) malware. LummaC2 malware is able to infiltrate victim computer networks and exfiltrate sensitive information, threatening vulnerable individuals’ and organizations’ computer networks across multiple U.S. critical infrastructure sectors. According to FBI information and trusted third-party reporting, this activity has been observed as recently as May 2025. The IOCs included in this advisory were associated with LummaC2 malware infections from November 2023 through May 2025.

The FBI and CISA encourage organizations to implement the recommendations in the Mitigations section of this advisory to reduce the likelihood and impact of LummaC2 malware.

Download the PDF version of this report:

For a downloadable copy of IOCs, see:

Technical Details

Note: This advisory uses the MITRE ATT&CK^® Matrix for Enterprise framework, version 17. See the MITRE ATT&CK Tactics and Techniques section of this advisory for threat actor activity mapped to MITRE ATT&CK tactics and techniques.

Overview

LummaC2 malware first appeared for sale on multiple Russian-language speaking cybercriminal forums in 2022. Threat actors frequently use spearphishing hyperlinks and attachments to deploy LummaC2 malware payloads [T1566.001, T1566.002]. Additionally, threat actors rely on unsuspecting users to execute the payload by clicking a fake Completely Automated Public Turing Test to tell Computers and Humans Apart (CAPTCHA). The CAPTCHA contains instructions for users to then open the Windows Run window (Windows Button + R) and paste clipboard contents (“CTRL + V”). After users press “enter” a subsequent Base64-encoded PowerShell process is executed.

To obfuscate their operations, threat actors have embedded and distributed LummaC2 malware within spoofed or fake popular software (i.e., multimedia player or utility software) [T1036]. The malware’s obfuscation methods allow LummaC2 actors to bypass standard cybersecurity measures, such as Endpoint Detection and Response (EDR) solutions or antivirus programs, designed to flag common phishing attempts or drive-by downloads [T1027].

Once a victim’s computer system is infected, the malware can exfiltrate sensitive user information, including personally identifiable information, financial credentials, cryptocurrency wallets, browser extensions, and multifactor authentication (MFA) details without immediate detection [TA0010, T1119]. Private sector statistics indicate there were more than 21,000 market listings selling LummaC2 logs on multiple cybercriminal forums from April through June of 2024, a 71.7 percent increase from April through June of 2023.

File Execution

Upon execution, the LummaC2.exe file will enter its main routine, which includes four sub-routines (see Figure 1).

Figure 1. LummaC2 Main Routine

The first routine decrypts strings for a message box that is displayed to the user (see Figure 2).

Figure 2. Message Box

If the user selects No, the malware will exit. If the user selects Yes, the malware will move on to its next routine, which decrypts its callback Command and Control (C2) domains [T1140]. A list of observed domains is included in the Indicators of Compromise section.

After each domain is decoded, the implant will attempt a POST request [T1071.001] (see Figure 3).

Figure 3. Post Request

If the POST request is successful, a pointer to the decoded domain string is saved in a global variable for later use in the main C2 routine used to retrieve JSON formatted commands (see Figure 4).

Figure 4. Code Saving Successful Callback Request

Once a valid C2 domain is contacted and saved, the malware moves on to the next routine, which queries the user’s name and computer name utilizing the Application Programming Interfaces (APIs) GetUserNameW and GetComputerNameW respectively [T1012]. The returned data is then hashed and compared against a hard-coded hash value (see Figure 5).

Figure 5. User and Computer Name Check

The hashing routine was not identified as a standard algorithm; however, it is a simple routine that converts a Unicode string to a 32-bit hexadecimal value.

If the username hash is equal to the value 0x56CF7626, then the computer name is queried. If the computer name queried is seven characters long, then the name is hashed and checked against the hard-coded value of 0xB09406C7. If both values match, a final subroutine will be called with a static value of the computer name hash as an argument. If this routine is reached, the process will terminate. This is most likely a failsafe to prevent the malware from running on the attacker’s system, as its algorithms are one-way only and will not reveal information on the details of the attacker’s own hostname and username.

If the username and hostname check function returns zero (does not match the hard-coded values), the malware will enter its main callback routine. The LummaC2 malware will contact the saved hostname from the previous check and send the following POST request (see Figure 6).

Figure 6. Second POST Request

The data returned from the C2 server is encrypted. Once decoded, the C2 data is in a JSON format and is parsed by the LummaC2 malware. The C2 uses the JSON configuration to parse its browser extensions and target lists using the ex key, which contains an array of objects (see Figure 7).

Figure 7. Parsing of ex JSON Value

Parsing the c key contains an array of objects, which will give the implant its C2 (see Figure 8).

Figure 8. Parsing of c JSON Value

C2 Instructions

Each array object that contains the JSON key value of t will be evaluated as a command opcode, resulting in the C2 instructions in the subsections below.

1. Opcode `0` – Steal Data Generic

This command allows five fields to be defined when stealing data, offering the most flexibility. The Opcode O command option allows LummaC2 affiliates to add their custom information gathering details (see Table 1).

*Table 2. Opcode* `1` *Options*
Key	Value
p	Path to steal from
m	File extensions to read
z	Output directory to store stolen data
d	Depth of recursiveness
fs	Maximum file size

2. Opcode `1` – Steal Browser Data

This command only allows for two options: a path and the name of the output directory. This command, based on sample configuration downloads, is used for browser data theft for everything except Mozilla [T1217] (see Table 2).

*Table 2. Opcode* `1` *Options*
Key	Value
p	Path to steal from
z	Name of Browser – Output

3. Opcode `2` – Steal Browser Data (Mozilla)

This command is identical to Opcode 1; however, this option seems to be utilized solely for Mozilla browser data (see Table 3).

*Table 3. Opcode* `2` *Options*
Key	Value
p	Path to steal from
z	Name of Browser – Output

4. Opcode `3` – Download a File

This command contains three options: a URL, file extension, and execution type. The configuration can specify a remote file with u to download and create the extension specified in the ft key [T1105] (see Table 4).

*Table 4. Opcode* `3` *Options*
Key	Value
u	URL for Download
ft	File Extension
e	Execution Type

The e value can take two values: 0 or 1. This specifies how to execute the downloaded file either with the LoadLibrary API or via the command line with rundll32.exe [T1106] (see Table 5).

*Table 5. Execution Types*
Key	Value
e=0	Execute with `LoadLibraryW()`
e=1	Executive with `rund1132.exe`

5. Take Screenshot

If the configuration JSON file has a key of “se” and its value is “true,” the malware will take a screenshot in BMP format and upload it to the C2 server.

6. Delete Self

If the configuration JSON file has a key of “ad” and its value is “true,” the malware will enter a routine to delete itself.

The command shown in Figure 9 will be decoded and executed for self-deletion.

Figure 9. Self-Deletion Command Line

Figure 10 depicts the above command line during execution.

Figure 10. Decoded Command Line in Memory

Host Modifications

Without any C2 interactions, the LummaC2 malware does not create any files on the infected drive. It simply runs in memory, gathers system information, and exfiltrates it to the C2 server [T1082]. The commands returned from the C2 server could indicate that it drops additional files and/or saves data to files on the local hard drive. This is variable, as these commands come from the C2 server and are mutable.

Decrypted Strings

Below is a list of hard-coded decrypted strings located in the binary (see Figure 11).

Figure 11. Decoded Strings

Indicators of Compromise

See Table 6 and Table 7 for LummaC2 IOCs obtained by the FBI and trusted third parties.

Disclaimer: The authoring agencies recommend organizations investigate and vet these indicators of compromise prior to taking action, such as blocking.

*Table 6. LummaC2 Executable Hashes*
Executables	Type
4AFDC05708B8B39C82E60ABE3ACE55DB (`LummaC2.exe` from November 2023)	MD5
E05DF8EE759E2C955ACC8D8A47A08F42 (`LummaC2.exe` from November 2023)	MD5
C7610AE28655D6C1BCE88B5D09624FEF	MD5
1239288A5876C09D9F0A67BCFD645735168A7C80 (`LummaC2.exe` from November 2023)	SHA1
B66DA4280C6D72ADCC68330F6BD793DF56A853CB (`LummaC2.exe` from November 2023)	SHA1
3B267FA5E1D1B18411C22E97B367258986E871E5	TLSH
19CC41A0A056E503CC2137E19E952814FBDF14F8D83F799AEA9B96ABFF11EFBB (November 2023)	SHA256
2F31D00FEEFE181F2D8B69033B382462FF19C35367753E6906ED80F815A7924F (`LummaC2.exe` from November 2023)	SHA256
4D74F8E12FF69318BE5EB383B4E56178817E84E83D3607213160276A7328AB5D	SHA256
325daeb781f3416a383343820064c8e98f2e31753cd71d76a886fe0dbb4fe59a	SHA256
76e4962b8ccd2e6fd6972d9c3264ccb6738ddb16066588dfcb223222aaa88f3c	SHA256
7a35008a1a1ae3d093703c3a34a21993409af42eb61161aad1b6ae4afa8bbb70	SHA256
a9e9d7770ff948bb65c0db24431f75dd934a803181afa22b6b014fac9a162dab	SHA256
b287c0bc239b434b90eef01bcbd00ff48192b7cbeb540e568b8cdcdc26f90959	SHA256
ca47c8710c4ffb4908a42bd986b14cddcca39e30bb0b11ed5ca16fe8922a468b	SHA256

*Table 7. LummaC2 DLL Binaries*
DLL Binaries	Type
iphlpapi.dll	IP Helper API
winhttp.dll	Windows HTTP Services

The following are domains observed deploying LummaC2 malware.

Disclaimer: The domains below are historical in nature and may not currently be malicious.

Pinkipinevazzey[.]pw
Fragnantbui[.]shop
Medicinebuckerrysa[.]pw
Musicallyageop[.]pw
stogeneratmns[.]shop
wallkedsleeoi[.]shop
Tirechinecarpet[.]pw
reinforcenh[.]shop
reliabledmwqj[.]shop
Musclefarelongea[.]pw
Forbidstow[.]site
gutterydhowi[.]shop
Fanlumpactiras[.]pw
Computeryrati[.]site
Contemteny[.]site
Ownerbuffersuperw[.]pw
Seallysl[.]site
Dilemmadu[.]site
Freckletropsao[.]pw
Opposezmny[.]site
Faulteyotk[.]site
Hemispheredodnkkl[.]pw
Goalyfeastz[.]site
Authorizev[.]site
ghostreedmnu[.]shop
Servicedny[.]site
blast-hubs[.]com
offensivedzvju[.]shop
friendseforever[.]help
blastikcn[.]com
vozmeatillu[.]shop
shiningrstars[.]help
penetratebatt[.]pw
drawzhotdog[.]shop
mercharena[.]biz
pasteflawwed[.]world
generalmills[.]pro
citywand[.]live
hoyoverse[.]blog
nestlecompany[.]pro
esccapewz[.]run
dsfljsdfjewf[.]info
naturewsounds[.]help
travewlio[.]shop
decreaserid[.]world
stormlegue[.]com
touvrlane[.]bet
governoagoal[.]pw
paleboreei[.]biz
calmingtefxtures[.]run
foresctwhispers[.]top
tracnquilforest[.]life
sighbtseeing[.]shop
advennture[.]top
collapimga[.]fun
holidamyup[.]today
pepperiop[.]digital
seizedsentec[.]online
triplooqp[.]world
easyfwdr[.]digital
strawpeasaen[.]fun
xayfarer[.]live
jrxsafer[.]top
quietswtreams[.]life
oreheatq[.]live
plantainklj[.]run
starrynsightsky[.]icu
castmaxw[.]run
puerrogfh[.]live
earthsymphzony[.]today
weldorae[.]digital
quavabvc[.]top
citydisco[.]bet
steelixr[.]live
furthert[.]run
featureccus[.]shop
smeltingt[.]run
targett[.]top
mrodularmall[.]top
ferromny[.]digital
ywmedici[.]top
jowinjoinery[.]icu
rodformi[.]run
legenassedk[.]top
htardwarehu[.]icu
metalsyo[.]digital
ironloxp[.]live
cjlaspcorne[.]icu
navstarx[.]shop
bugildbett[.]top
latchclan[.]shop
spacedbv[.]world
starcloc[.]bet
rambutanvcx[.]run
galxnetb[.]today
pomelohgj[.]top
scenarisacri[.]top
jawdedmirror[.]run
changeaie[.]top
lonfgshadow[.]live
liftally[.]top
nighetwhisper[.]top
salaccgfa[.]top
zestmodp[.]top
owlflright[.]digital
clarmodq[.]top
piratetwrath[.]run
hemispherexz[.]top
quilltayle[.]live
equatorf[.]run
latitudert[.]live
longitudde[.]digital
climatologfy[.]top
starofliught[.]top

MITRE ATT&CK Tactics and Techniques

See Table 8 through Table 13 for all referenced threat actor tactics and techniques in this advisory. For assistance with mapping malicious cyber activity to the MITRE ATT&CK framework, see CISA and MITRE ATT&CK’s Best Practices for MITRE ATT&CK Mapping and CISA’s Decider Tool.

*Table 8. Initial Access*
Technique Title	ID	Use
Phishing	T1566	Threat actors delivered LummaC2 malware through phishing emails.
Phishing: Spearphishing Attachment	T1566.001	Threat actors used spearphishing attachments to deploy LummaC2 malware payloads.
Phishing: Spearphishing Link	T1566.002	Threat actors used spearphishing hyperlinks to deploy LummaC2 malware payloads.

*Table 9. Defense Evasion*
Technique Title	ID	Use
Obfuscated Files or Information	T1027	Threat actors obfuscated the malware to bypass standard cybersecurity measures designed to flag common phishing attempts or drive-by downloads.
Masquerading	T1036	Threat actors delivered LummaC2 malware via spoofed software.
Deobfuscate/Decode Files or Information	T1140	Threat actors used LummaC2 malware to decrypt its callback C2 domains.

*Table 10. Discovery*
Technique Title	ID	Use
Query Registry	T1012	Threat actors used LummaC2 malware to query the user’s name and computer name utilizing the APIs GetUserNameW and GetComputerNameW.
Browser Information Discovery	T1217	Threat actors used LummaC2 malware to steal browser data.

*Table 11. Collection*
Technique Title	ID	Use
Automated Collection	T1119	LummaC2 malware has automated collection of various information including cryptocurrency wallet details.

*Table 12. Command and Control*
Technique Title	ID	Use
Application Layer Protocol: Web Protocols	T1071.001	Threat actors used LummaC2 malware to attempt POST requests.
Ingress Tool Transfer	T1105	Threat actors used LummaC2 malware to transfer a remote file to compromised systems.

*Table 13. Exfiltration*
Technique Title	ID	Use
Exfiltration	TA0010	Threat actors used LummaC2 malware to exfiltrate sensitive user information, including traditional credentials, cryptocurrency wallets, browser extensions, and MFA details without immediate detection.
Native API	T1106	Threat actors used LummaC2 malware to download files with native OS APIs.

Mitigations

The FBI and CISA recommend organizations implement the mitigations below to reduce the risk of compromise by LummaC2 malware. These mitigations align with the Cross-Sector Cybersecurity Performance Goals (CPGs) developed by CISA and the National Institute of Standards and Technology (NIST). The CPGs provide a minimum set of practices and protections that CISA and NIST recommend all organizations implement. CISA and NIST based the CPGs on existing cybersecurity frameworks and guidance to protect against the most common and impactful threats, tactics, techniques, and procedures. Visit CISA’s CPGs webpage for more information on the CPGs, including additional recommended baseline protections. These mitigations apply to all critical infrastructure organizations.

Separate User and Privileged Accounts: Allow only necessary users and applications access to the registry [CPG 2.E].
Monitor and detect suspicious behavior during exploitation [CPG 3.A].
- Monitor and detect suspicious behavior, creation and termination events, and unusual and unexpected processes running.
- Monitor API calls that may attempt to retrieve system information.
- Analyze behavior patterns from process activities to identify anomalies.
- For more information, visit CISA’s guidance on: Enhanced Visibility and Hardening Guidance for Communications Infrastructure.
Implement application controls to manage and control execution of software, including allowlisting remote access programs. Application controls should prevent installation and execution of portable versions of unauthorized remote access and other software. A properly configured application allowlisting solution will block any unlisted application execution. Allowlisting is important because antivirus solutions may fail to detect the execution of malicious portable executables when the files use any combination of compression, encryption, or obfuscation.
Protect against threat actor phishing campaigns by implementing CISA’s Phishing Guidance and Phishing-resistant multifactor authentication. [CPG 2.H]
Log Collection: Regularly monitoring and reviewing registry changes and access logs can support detection of LummaC2 malware [CPG 2.T].
Implement authentication, authorization, and accounting (AAA) systems [M1018] to limit actions users can perform and review logs of user actions to detect unauthorized use and abuse. Apply principles of least privilege to user accounts and groups, allowing only the performance of authorized actions.
Audit user accounts and revoke credentials for departing employees, removing those that are inactive or unnecessary on a routine basis [CPG 2.D]. Limit the ability for user accounts to create additional accounts.
Keep systems up to date with regular updates, patches, hot fixes, and service packs that may minimize vulnerabilities. Learn more by visiting CISA’s webpage: Secure our World Update Software.
Secure network devices to restrict command line access.
Use segmentation to prevent access to sensitive systems and information, possibly with the use of Demilitarized Zone (DMZ) or virtual private cloud (VPC) instances to isolate systems [CPG 2.F].
Monitor and detect API usage, looking for unusual or malicious behavior.

Validate Security Controls

In addition to applying mitigations, the FBI and CISA recommend exercising, testing, and validating your organization’s security program against threat behaviors mapped to the MITRE ATT&CK Matrix for Enterprise framework in this advisory. The FBI and CISA recommend testing your existing security controls inventory to assess performance against the ATT&CK techniques described in this advisory.

To get started:

Select an ATT&CK technique described in this advisory (see Table 8 through Table 13).
Align your security technologies against the technique.
Test your technologies against the technique.
Analyze your detection and prevention technologies’ performance.
Repeat the process for all security technologies to obtain a set of comprehensive performance data.
Tune your security program, including people, processes, and technologies, based on the data generated by this process.

The FBI and CISA recommend continually testing your security program, at scale, in a production environment to ensure optimal performance against the MITRE ATT&CK techniques identified in this advisory.

Reporting

Your organization has no obligation to respond or provide information to the FBI in response to this joint advisory. If, after reviewing the information provided, your organization decides to provide information to the FBI, reporting must be consistent with applicable state and federal laws.

The FBI is interested in any information that can be shared, to include the status and scope of infection, estimated loss, date of infection, date detected, initial attack vector, and host- and network-based indicators.

To report information, please contact the FBI’s Internet Crime Complaint Center (IC3), your local FBI field office, or CISA’s 24/7 Operations Center at report@cisa.gov or (888) 282-0870.

Disclaimer

The information in this report is being provided “as is” for informational purposes only. The FBI and CISA do not endorse any commercial entity, product, company, or service, including any entities, products, or services linked within this document. Any reference to specific commercial entities, products, processes, or services by service mark, trademark, manufacturer, or otherwise, does not constitute or imply endorsement, recommendation, or favor by the FBI and CISA.

Acknowledgements

ReliaQuest contributed to this advisory.

Version History

May 21, 2025: Initial version.

MIL Security OSI –

May 22, 2025

MIL-OSI Economics: RBI Bulletin – May 2025
Source: Reserve Bank of India

Today, the Reserve Bank released the May 2025 issue of its monthly Bulletin. The Bulletin includes two speeches, four articles and current statistics.

The four articles are: I. State of the Economy; II. Economic Activity and Banknotes: New Approaches; III. Digital Footprints: Decoding India’s Inbound Tourism through Internet Searches; and IV. Impact of Weather Anomalies on Vegetable Prices in India.

I. State of the Economy

Persistent trade frictions, heightened policy uncertainty, and weak consumer sentiment continue to create headwinds for global growth. Amidst these challenges, the Indian economy exhibited resilience. Various high frequency indicators of industrial and services sectors sustained their momentum in April. A bumper rabi harvest and higher acreage for summer crops, coupled with favourable southwest monsoon forecasts for 2025, augur well for the agriculture sector. Headline CPI inflation fell for the sixth consecutive month to its lowest since July 2019, primarily driven by the sustained easing in food prices. Domestic financial market sentiments, which remained on edge in April, witnessed a turnaround since the third week of May.

II. Economic Activity and Banknotes: New Approaches

by Gautham Udupa, Pradip Bhuyan, Dileep Kumar Verma and Nirupama Kulkarni

This article investigates the impact of economic activity on banknotes in circulation, with a particular focus on the role of the formal sector. Leveraging high-frequency monthly nightlights data as a proxy for total economic activity and tax collection data as a measure of formal economic activity, the analysis isolates the effect of formalisation on Notes in Circulation (NiC), controlling for aggregate economic output.

Highlights:
- The growth rate in NiC (in value terms) during 2014 – 2024 was significantly lower as compared to that in the previous two decades.
- The growth in NiC was noticeably higher than that in GDP during 1994 – 2004; the gap, however, has significantly reduced in the next two decades.
- There exists positive relationship between nightlights and taxes and also between nightlights and GDP.
- The article finds strong evidence that formal economic activity reduces the use of banknotes.
III. Digital Footprints: Decoding India’s Inbound Tourism through Internet Searches

By Lokesh and A R Jayaraman

This article explores Destination Insights with Google (DIG), a non-traditional high-frequency data source, to track inbound tourism in India. DIG monitors global tourism trends through travel-related searches. The study examines the linkage between foreign tourist arrivals (FTA) and Google searches made for travel to India from the rest of the world.

Highlights:
- There is a strong association between FTA and travel-related search volume index.
- The index captures directional changes in FTA reasonably well.
- The index Granger causes FTA implying its ability to serve as a leading indicator to predict FTA.
IV. Impact of Weather Anomalies on Vegetable Prices in India

By Nishant Singh and Love Kumar Shandilya

Vegetable prices exhibit high volatility and play a major role in driving India’s food and headline inflation. The volatility in vegetable prices is often exacerbated by supply-side disturbances, predominantly driven by weather shocks warranting regular monitoring of evolving weather conditions. This study investigates how weather anomalies, particularly in rainfall and temperature, affect vegetable prices in India.

Highlights:
- After controlling for seasonality in vegetables prices as well as movements in market arrivals and reservoir levels, empirical estimates suggest that weather anomalies add to price pressures in vegetables with temperature anomalies having a more immediate impact.
- Moreover, the impact of temperature anomalies has increased in recent periods, highlighting the need for faster adoption of temperature-resistant crop varieties to support the objective of price stability.
The views expressed in the Bulletin articles are of the authors and do not represent the views of the Reserve Bank of India.

(Puneet Pancholy)
Chief General Manager

Press Release: 2025-2026/384
MIL OSI Economics –
May 22, 2025
MIL-OSI Security: Missouri Man Sentenced to Over 19 Years in Prison for Transporting Minor for Sex

Source: Federal Bureau of Investigation FBI Crime News (b)

ST. LOUIS – U.S. District Henry E. Autrey on Tuesday sentenced a man who admitted transporting a minor across state lines for sex to 230 months in prison.

Scott M. Arnold-Micke, 48, of Rolla, Missouri met the 17-year-old victim in 2021 and took him to Chicago, where they used drugs and engaged in sexual acts. Arnold-Micke engaged in drug use with the victim on an almost daily basis after Arnold-Micke moved from Sullivan, Missouri to Rolla.

Arnold-Micke, 48, pleaded guilty in January to one count of transportation of a minor to engage in a criminal sex act.

The case was investigated by the FBI and the Rolla Police Department with assistance from the Phelps County Sheriff’s Department. Assistant U.S. Attorney Dianna Edwards prosecuted the case.

“The FBI is unrelenting when it comes to protecting children,” said Special Agent in Charge Chris Crocker of the FBI St. Louis Division. “I commend those who brought this crime to light in order to get this child predator off the streets and in prison where he belongs.”

This case was brought as part of Project Safe Childhood, a nationwide initiative to combat the growing epidemic of child sexual exploitation and abuse launched in May 2006 by the Department of Justice. Led by U.S. Attorneys’ Offices and the Department of Justice Criminal Division’s Child Exploitation and Obscenity Section, Project Safe Childhood marshals federal, state and local resources to better locate, apprehend and prosecute individuals who exploit children via the Internet, as well as to identify and rescue victims. For more information about Project Safe Childhood, please visit www.justice.gov/psc.

MIL Security OSI –

May 22, 2025
MIL-OSI Security: Silver Spring Man Pleads Guilty to “Sextortion” of More Than 100 Minors Located Throughout the United States and Abroad

Source: Office of United States Attorneys

Greenbelt, Maryland – Chase William Mulligan, 28, of Silver Spring, Maryland, pled guilty to two counts of producing child sexual abuse material in federal court. The charges are in connection with a scheme in which he met young girls through social media and internet chat rooms and eventually “sextorted” them.

Specifically, through the scheme, Mulligan coerced at least 108 girls — ranging from ages 5-17 — to send him sexually explicit photographs and videos of themselves. When the girls told him they no longer wanted to send him sexually graphic images, Mulligan threatened to post the images online or come to their house.

Kelly O. Hayes, U.S. Attorney for the District of Maryland, announced the guilty plea with Special Agent in Charge William J. DelBagno of the Federal Bureau of Investigation (FBI) – Baltimore Field Office.

“Mulligan used manipulation, fear, and intimidation to exploit over 100 young victims. Now we must ensure that we send a clear message to Mulligan, and others, that those who abuse the most vulnerable members of our communities will pay a steep price,” Hayes said. “We’re committed to working with our law-enforcement partners to relentlessly pursue, prosecute, and bring to justice those who engage in these deplorable acts.”

“Chase Mulligan is a depraved and dangerous predator. He used social media to target, viciously threaten, and horribly abuse more than 100 minor victims – one as young as five years old,” DelBagno said. “His abhorrent behavior is not diminished by the fact he was thousands of miles away and never met his victims, rather, it’s the opposite. Despite his distance, he presents a serious threat to any child he can access through the internet. The FBI works diligently every day to find and arrest predators like Mulligan so they can no longer prey on innocent children.”

As detailed in the plea agreement, between at least 2019 and December 2023, Mulligan used numerous Snapchat, Discord, Roblox, Skype, Omegle, and Instagram accounts to target young girls. He convinced minors living in the United States, Canada, Denmark, Spain, Philippines, Australia, and United Kingdom to produce and send him sexually explicit images.

Mulligan also directed minors to expose their genital areas and engage in sexual conduct. Additionally, Mulligan coerced multiple girls to urinate on camera, insert objects into their genitalia, and participate in sexual acts with dogs.

After some victims informed Mulligan that they no longer wished to send him sexually explicit images, he threatened to publicly post the images or come to their homes. Mulligan wanted the victims to send more images depicting increasingly graphic sexual conduct.

As part of his plea agreement, Mulligan must register as a sex offender in places where he resides, is an employee, and is a student, under the Sex Offender Registration and Notification Act.

Mulligan is facing a mandatory minimum of 15 years and a statutory maximum of 60 years in federal prison. U.S. District Judge Theodore C. Chuang scheduled sentencing for Wednesday, August 27, at 2:30 p.m.

This case was brought as part of Project Safe Childhood, a nationwide initiative launched in May 2006 by the Department of Justice to combat the growing epidemic of child sexual exploitation and abuse. Led by the United States Attorney’s Offices and the Criminal Division’s Child Exploitation and Obscenity Section, Project Safe Childhood marshals federal, state, and local resources to locate, apprehend, and prosecute individuals who sexually exploit children, and to identify and rescue victims. For more information about Project Safe Childhood, visit www.justice.gov/psc. Click the “Resources” tab on the left side of the page to learn about Internet safety education.

U.S. Attorney Hayes commended the FBI for its work in the investigation. Ms. Hayes also thanked Assistant U.S. Attorneys Megan S. McKoy and Elizabeth Wright who are prosecuting the case.

For more information about the Maryland U.S. Attorney’s Office, its priorities, and resources available to help the community, please visit www.justice.gov/usao-md and https://www.justice.gov/usao-md/community-outreach.

# # #

MIL Security OSI –

May 22, 2025
MIL-OSI: $255 Payday Loans: Direct lender, Same Day, No Credit Check – Payday Loans Online Near Me – Wizzay
Source: GlobeNewswire (MIL-OSI)

New York City, NY, May 21, 2025 (GLOBE NEWSWIRE) —

With the world becoming increasingly fast-paced, unexpected bills can crop up at anytime, leaving people in urgent need of cash. For people with impending cash emergencies, $255 payday loans online same day provide a hassle-free and quick solution. The loans are meant to bring immediate financial reprieve, particularly for those with poor credit or those without access to other avenues of conventional credit.

This detailed guide delves into the intricacies of $255 payday loans, such as the benefits of dealing with direct lenders like Wizzay, having in mind the requirements to be eligible, and options for those with varying credit scores.

Wizzay: Best Platform to Get $255 Payday Loans Online with Same Day Approval from Direct Lenders | Instant Approval

Wizzay is a top platform that connects borrowers with direct lenders offering $255 online payday loans with same-day approval. With a simple-to-use interface and an established network of good lenders, Wizzay makes borrowing easier, money available instantly without the red tape involved with normal credit checks.

Wizzay makes it easy for lenders to complete a simple online application, receive the approval decision within seconds, and deposit funds into their bank account, typically on the same business day. Quickness is an ideal feature for those who require fast money.

<<>>

$255 Payday Loans Online Same Day California

When faced with urgent bills like medical or auto emergencies, waiting days for approval of a conventional loan isn’t possible. Same-day approved online $255 payday loans provide the quick cash relief many Americans need.

California residents have their own state regulations on payday loans. The typical maximum cash amount borrowed in California is $255 (after fees), so this is a typical loan amount all over the state. Wizzay connects California borrowers with licensed lenders who work within the state framework.

The main advantages for California residents are:
- Compliance with state laws
- Borrower maximum fee caps
- Simple disclosure requirements
- Licensed lender connections
What Are Payday Loans?

Payday loans are temporary lending options that bring prompt fiscal relief until your next paycheck. Payday loans generally:
- Range from $100 to $1,000 (with $255 being a typical sum, particularly in California)
- Have 2-4 week repayment terms (due on your subsequent payday)
- Come with higher interest rates than regular loans because they’re short-term
- Are low-documentation compared to regular bank loans
- Disburse quickly, often the same day that they approve you
Unlike conventional loans that can take weeks to finalize, payday loans provide succor in times of financial crisis when time is crucial.

<<>>

Why You Should Go For Payday Loans Online?

The advent of the Internet age has revolutionized the payday lending business. Online lenders such as Wizzay have made it easier than ever before by providing:
- 24/7 application access
- Paperless paperwork
- Data encryption security
- Instant approval messages
- Direct fund deposit
Applying for online payday loans avoids going to brick-and-mortar stores, filling out paper forms, or standing in line. The whole process, from funding application, can be done from your couch using any internet-enabled device.

Most Trusted $255 Payday Loan Option Online With No Credit Check – Wizzay

Wizzay has become the most reliable site for $255 online payday loans, especially for credit check worrisome borrowers. Although no genuine lender can provide strictly “no credit check” loans, Wizzay is a partner to direct lenders who:
- Pay more attention to your present income and repayment capability
- Look beyond regular credit ratings
- Make soft credit checks that don’t affect your credit rating
- Approve loans to borrowers from all sections of the credit spectrum
This second option for creditworthiness makes Wizzay a great choice for less-than-stellar credit customers who require money in a hurry.

<<>>

Common Uses for Same Day Payday Loans With Wizzay

Same-day payday loans through Wizzay act as an emergency financial safety net for numerous surprise expenses, like:
- Out-of-pocket medical or dental costs that insurance doesn’t cover
- Emergency car repairs when your vehicle is required for work
- Overdue bills for power to avoid disconnection
- Unforeseen home repairs such as faulty water heaters or AC systems
- Covering small gaps between paychecks when bills are payable
- Preventing costly overdraft or late payment charges
These short-term loans bring peace of mind when working with time-critical financial expenses that cannot wait until your upcoming paycheck.

Advantages of Choosing Wizzay for $255 Payday Loans from Direct Lender California

Selecting Wizzay for your California $255 payday loan requirements has several benefits:
- Easy Application Process: Fill up within minutes from your device
- Large Network of Trustworthy Direct Lenders: Experience several lending opportunities on one platform
- Easy-to-Understand Terms and Conditions: Complete transparency of all charges and repayment information
- Fast Decision: Usually within a few minutes of application submission
- Same-Day Funds: Funds credited to your bank account on the same business day
- Secure Data Protection: Top-level encryption and privacy safeguards
- 24/7 Online Convenience: Use anytime, day or night, weekends included
- No Surcharge Fees: All fees disclosed before you sign up
These advantages make Wizzay the Californians’ first choice for speedy financial solutions without messy processes.

$255 Payday Loans Online Same Day With Wizzay

Wizzay’s site is all about getting $255 online payday loans with same-day processing. This loan amount is especially favored in California, given the state’s regulations.

The process is as follows:
- Fill out the easy online application form with your information
- Get instant pre-qualification feedback
- Compare loan offers from direct lenders
- Choose the best offer with the best terms
- Finish any other verification steps with the lender
- Get money into your bank account, usually on the same business day
The whole procedure is made for ultimate efficiency, so you can tackle your financial crisis without any delay.

<<>>

Who Should Consider a $255 Payday Loan Online?

Payday loans can be a help, but they’re not for everyone. You may want to use a $255 payday loan via Wizzay if you:
- Are in a sudden, short-term financial situation
- Have depleted other lower-cost borrowing sources
- Have a regular income source with future paychecks
- Require money today, and can’t wait for conventional loans
- Can pay back the entire amount on your upcoming payday
- Understand the greater cost of short-term borrowing
Payday loans operate best as a short-term bridge in true financial emergencies, but not as a long-term financial option.

Wizzay Offers No Denial Payday Loans Direct Lenders Only

No lender can possibly approve everybody, but direct tribal loan lenders collaborating with Wizzay approve more people than big financial institutions. “No denial” is used to describe lenders who:
- Approve applications from bad credit borrowers
- Pay less attention to credit history than to income now
- Have numerous loan products to suit various needs
- Give definite reasons if the application cannot be approved
- Dealing with direct lenders bypasses middlemen and results in:
- Quicker processing times
- Lower total costs
- More customized service
- Direct access to the funding source
Wizzay’s $255 Payday Loans Eligibility Criteria: What do You Need to Qualify?

To be eligible for a $255 payday loan with Wizzay’s group of direct lenders, you would usually have to satisfy these minimum requirements:
- Be at least 18 years old
- Be a US citizen or resident alien
- Have a valid government-issued identification
- Have an open checking account in your name
- Provide evidence of steady income (employment, benefits, etc.)
- Give a current email address and telephone number
- Have a minimum monthly income (usually $1,000+)
Unlike bank loans, payday lenders with no credit check usually do not require ideal credit histories or large amounts of financial records, so the application procedure is more convenient.

<<< Bad Credit? No Problem – Wizzay Offers $255 Loans with No Credit Check>>>

How Do Payday Loans Online Work?

Payday loans via online websites like Wizzay function differently from bank loans:
- Application: Fill out your information using an encrypted online application
- Verification: Lenders check your identity and income information
- Approval: Get loan offer with conditions and terms
- Acceptance: Sign loan agreement electronically
- Funding: Funds are credited directly to your bank account
- Repayment: Amount of loan and fees are deducted automatically from your account on the scheduled date
The whole process is fast and easy, doing away with paperwork and physical visits to obtain traditional lending.

What Are 1 Hour Payday Loans Online?

When minutes are of the essence, 1-hour payday loans from Wizzay’s network can bring ultra-rapid relief. While not all applications can be reviewed this rapidly, numerous lenders attempt to:
- Review applications in minutes
- Make instant approval determinations
- Process funding requests instantly
- Deposit funds as soon as possible technically
1 Hour Payday Loans Online from Direct Lenders – Fast Approval Process

Wizzay’s direct lender network is all about quick loan processing, which usually issues approval responses within 1 hour of application. This speedy time frame involves:
- Initial Application: 5-10 minutes to fill out online
- Automated Verification: Seconds to minutes
- Lender Review: 15-60 minutes within business hours
- Final Approval: Often within 1 hour of completing all necessary information
- Fund Transfer: Fund transfer initiated immediately upon approval
Most borrowers get the funds the same business day, especially when approved in the morning.

<<>>

$255 Payday Loans Direct Lender California

California has unique rules covering payday lending, which makes the $255 loan figure popular in the state. When applying for a $255 payday loan in California via Wizzay, you’ll enjoy:
- State-regulated maximum fees and interest rates
- Authorized direct lenders that work within legal parameters
- Transparent disclosure of all loan terms mandated by state law
- Shield from predatory lending
- Uncomplicated repayment terms
- No hidden penalties
Wizzay ensures that all participating lenders are within California’s lending laws, giving borrowers an extra layer of protection and clarity.

How To Get $255 Payday Loans Online Same Day In California?

Getting a $255 payday loan in California via Wizzay is easy:
- Visit Wizzay’s Website: Go to their secure online website
- Start Your Application: Click on the application for loan button
- Enter Personal Information: Enter your basic info and contact info
- Submit Income Details: Enter work details and income proof
- Provide Banking Information: Include your checking account information for transferring funds
- Review and Submit: Make sure all details are correct before submitting
- Receive Approval: Wait for lender approval notice
- Accept Loan Terms: Review and agree to the provided loan agreement
- Get Funds: Look for the deposit in your bank account, usually the same day
Loans for Bad Credit: Why Payday Loans Still Work

Conventional lending companies tend to deny borrowers with bad credit scores, making many lenders have fewer choices when money emergencies arise. Payday loans are still viable options for these people because:
- Credit decisioning based on approval is more driven by current earnings than by credit record
- Loan sizes are fairly low, minimizing lender exposure
- Short-term repayment involves less long-term risk consideration
- Direct deposit confirmation gives lenders payment security
- The emergency nature of these loans makes higher interest charges understandable
Using Wizzay, bad credit borrowers may still have access to emergency cash when conventional doors are shut.

<<>>

Benefits of Payday Loans for Bad Credit Borrowers

For those who have low credit scores, payday loans provide several unique benefits:
- Accessibility: Greater approval rates than conventional loans
- No Credit-Building Requirements: No requirement for existing credit history
- Fast Funding: Instant availability of money with no long approval processes
- Minimal Documentation: Fewer papers needed than traditional loans
- Fixed Fees: Absolute knowledge of total amount to be repaid upfront
- No Collateral Required: No requirement for putting valuable possessions at risk
- Credit Score Protection: Some lenders never report to major credit bureaus
These advantages render payday loans from Wizzay an efficient option for subprime borrowers with timely financial requirements.

Online Application Process for Instant Approval Explained

The application process from Wizzay is optimized for efficiency:
- Enter minimal personal data (address, name, etc.)
- Supply job information and income verification
- Supply banking details for deposit and repayment
- Be given instant initial approval
- Make final checks on terms from participating lenders
- Accept and collect the funds
The majority of applications only take less than 5 minutes to fill out.

Payday Loans Online Without Traditional Credit Checks – Are They Safe?

Lenders in Wizzay’s network of lenders usually conduct alternative verification instead of standard credit checks, such as:
- Employment verification
- Income verification
- Bank account stability checks
- Identity verification
Such lenders have stringent security measures, such as:
- Data encryption
- Secure application websites
- Privacy protection
- Regulatory compliance
<<>>

Risks and Downsides of $255 Payday Loans

Payday loans can offer vital emergency funds, but there are possible disadvantages, such as:
- Higher charges than standard loans
- Short payoff timeframes
- Potential for renewal cycles if not paid on time
- Not ideal for long-term money problems
Responsible borrowers should have a solid repayment plan before taking any loan.

What Does a Direct Lender Do That Other Lenders Don’t?

When you utilize Wizzay, you are matched with direct lenders instead of brokers. This difference provides several benefits:
- No Intermediary Fees: No extra broker fees
- Faster Processing: Direct contact with the true funding source
- More Transparent Terms: Deal directly with the entity setting loan conditions
- Simplified Communication: Single point of contact throughout the loan process
- Greater Security: Less sharing of personal information between multiple parties
- Direct Accountability: The lender is fully responsible for all aspects of your loan
These benefits make direct lenders through Wizzay’s platform preferable to working with loan brokers or matching services that may add costs and complexity.

Comparing the Best Payday Loans and Direct Lenders Online

Wizzay differentiates itself from others by providing:
- Larger lender network for more loan choices
- Higher approval rates for approved applicants
- More fair fee structures
- Improved customer service ratings
- Faster average funding times
<<>>

$255 Payday Loan Direct Lender vs. Broker: Which is Better?

You’ll find both direct lenders and brokers when you’re looking for a $255 payday loan. Knowing the difference makes the right choice:

Direct Lenders (available on Wizzay):
- Advise and finance loans directly from their own funds
- Establish their own terms and interest rates
- Take applications and make approvals
- Service all parts of the loan
- Have direct contact with borrowers
Brokers:
- Match borrowers with several prospective lenders
- Charge fees for matching services
- Disclose your details to many lenders
- May lack insight into final loan terms
- Create an additional step in the communication process
For the majority of borrowers looking for speed and simplicity, direct lenders via Wizzay’s marketplace generally provide an improved experience with less hassle and intermediary fees.

<<< Bad Credit? No Problem – Wizzay Offers $255 Loans with No Credit Check>>>

Alternatives to $255 Payday Loans for Bad Credit Borrowers

Instead of getting a payday loan, try these options:
- Installment loans: Extended repayment schedules with lower payments
- Credit unions or community lenders: Usually provide cheaper emergency loans
- Borrowing from friends/family: Usually interest-free, but can put a strain on relationships
- Payday advance apps: More recent services offering advances on earned wages
What to Know Regarding Payday Loan Direct Lenders

When using direct lenders in collaboration with Wizzay’s platform, note the following guidelines:
- Check if the lender is licensed in your state
- Check your state’s payday loan rate and fee caps
- Check if loan rollovers are permitted in your area
- Get a sense of how a lender handles late or skipped payments
- See how your financial and personal data will be handled
- Compare customer feedback with specific lenders
- Assess responsiveness and quality
Wizzay screens its lending partners, but it’s even better to do your own research.

Tips to Get Same Day Approval and Funding

To get the best opportunity for same-day funding:
- Use early in the morning (before 10 am local time)
- Have all documentation prepared before applying
- Verify all application details for accuracy
- Answer quickly to any verification requests
- Read and accept the terms speedily when approved
<<>>

Payday Loan Same Day Near Me: Where to Find Same Day Payday Loans No Credit Check?

Rather than going to traditional retail stores, Wizzay allows you to access same-day payday loans anywhere in California. Just apply online, get instant matching, and pick up your cash quickly — all from the comfort of your own home.

Final Thoughts – Should You Apply for a $255 Payday Loan Online Today?

$255 direct lender payday loans with Wizzay can be a source of crucial money in times of urgency if used sensibly. These loans are best suited when:
- You are confronting a serious financial crisis
- You have already tried cheaper alternatives
- You have a definite strategy to pay on your subsequent payday
- The effect of not having money immediately would be more expensive
If your case fits the above-mentioned, Wizzay provides a safe, convenient platform through which you can get in touch with reliable direct lenders who can advance the emergency funds you require with same-day approval and disbursement.

Frequently Asked Questions

How can I get $1000 today?

You may take out a $1000 payday loan using online marketplaces such as Wizzay, where you are connected with direct lenders that grant same-day financing upon approval.

Can I borrow money online instantly?

Yes, you can borrow money online with practically instantaneous approval using payday loan sites, although delivery of funds is subject to your bank’s processing period.

Are payday loans legal in California?

Yes, payday loans are legal in California under certain rules capping them at $300 maximum loan value (including fees) and a 15% maximum fee of the face value of the check.

How to get a loan when no one will approve you?

Look to payday lenders that place less emphasis on credit scores than income verification, look into secured loan alternatives, attempt credit unions with less stringent requirements, or look into payday alternative loans.

Where is the easiest place to get a payday loan with bad credit?

Online lending websites such as Wizzay that are designed to match borrowers with direct lenders who care less about credit history and more about income stability are usually the simplest places to obtain payday loans with bad credit.

How to borrow $500 quickly?

To take out a $500 loan fast, request an online payday loan via websites such as Wizzay, opt for cash advance apps, take out pawn loans, or ask for a small personal loan from credit unions with same-day approval.

Do payday loans get denied?

Yes, payday loans can be denied if you fail the fundamental requirements, such as minimum income levels, do not have proper identification, have existing payday loans, or give conflicting information on your form.

Media Details:

https://www.wizzay.com

support@Wizzay.com

Customer Acquisition LLC, Springates Building, Lower Government Road, Charlestown,

Attachment

The MIL Network –
May 22, 2025
MIL-OSI Security: Missouri Registered Sex Offender Charged with Distributing and Receiving Child Pornography

Source: Federal Bureau of Investigation FBI Crime News (b)

KANSAS CITY, Mo. – A Kansas City, Mo., man was indicted by a federal grand jury on charges related to child pornography.

According to an indictment returned this week, Jeffrey Lynn Petrie, 40, of Kansas City, Mo., was charged with one count of distributing child pornography over the internet in May 2024, and one count of receiving child pornography from Dec. 9, 2024, to Dec. 10, 2024.

The indictment replaces a complaint originally filed on Friday, April 25, 2025. According to an affidavit filed in support of the criminal complaint, law enforcement officers received a Cybertip reporting that a user, “kinkypopper69,” was uploading video files depicting child sexual abuse materials. Petrie was later identified as the user “kinkypopper69.”

On April 24, 2025, the FBI conducted a search at Petrie’s residence and seized a cell phone and other electronic devices.

Petrie is a registered sex offender in Missouri based on prior convictions for child molestation in the 2^nd degree.

The charges contained in this indictment are simply accusations, and not evidence of guilt. Evidence supporting the charges must be presented to a federal trial jury, whose duty is to determine guilt or innocence.

Under federal statutes, if convicted of distribution and receipt of child pornography, a prison sentence of not less than 15 years and not more than 40 years and a fine of up to $250,000 is authorized on each count. The maximum statutory sentence is prescribed by Congress and is provided here for informational purposes, as the sentencing of the defendant will be determined by the court based on the advisory sentencing guidelines and other statutory factors. A sentencing hearing will be scheduled after the completion of a presentence investigation by the United States Probation Office.

This case is being prosecuted by Assistant U.S. Attorney Teresa A. Moore. This case was investigated by the Federal Bureau of Investigation, and the Franklin County, Missouri Sheriff’s Office.

Project Safe Childhood

This case was brought as part of Project Safe Childhood, a nationwide initiative launched in May 2006 by the Department of Justice to combat the growing epidemic of child sexual exploitation and abuse. Led by the United States Attorneys’ Offices and the Criminal Division’s Child Exploitation and Obscenity Section, Project Safe Childhood marshals federal, state, and local resources to locate, apprehend, and prosecute individuals who sexually exploit children, and to identify and rescue victims. For more information about Project Safe Childhood, please visit www.usdoj.gov/psc. For more information about Internet safety education, please visit www.usdoj.gov/psc and click on the tab “resources.”

MIL Security OSI –

May 22, 2025

MIL-OSI Security: Russian GRU Targeting Western Logistics Entities and Technology Companies

Source: US Department of Homeland Security

Executive Summary

The following authors and co-sealers are releasing this CSA:

United States National Security Agency (NSA)
United States Federal Bureau of Investigation (FBI)
United Kingdom National Cyber Security Centre (NCSC-UK)
Germany Federal Intelligence Service (BND) Bundesnachrichtendienst
Germany Federal Office for Information Security (BSI) Bundesamt für Sicherheit in der Informationstechnik
Germany Federal Office for the Protection of the Constitution (BfV) Bundesamt für Verfassungsschutz
Czech Republic Military Intelligence (VZ) Vojenské zpravodajství
Czech Republic National Cyber and Information Security Agency (NÚKIB) Národní úřad pro kybernetickou a informační bezpečnost
Czech Republic Security Information Service (BIS) Bezpečnostní informační služba
Poland Internal Security Agency (ABW) Agencja Bezpieczeństwa Wewnętrznego
Poland Military Counterintelligence Service (SKW) Służba Kontrwywiadu Wojskowego
United States Cybersecurity and Infrastructure Security Agency (CISA)
United States Department of Defense Cyber Crime Center (DC3)
United States Cyber Command (USCYBERCOM)
Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC)
Canadian Centre for Cyber Security (CCCS)
Danish Defence Intelligence Service (DDIS) Forsvarets Efterretningstjeneste
Estonian Foreign Intelligence Service (EFIS) Välisluureamet
Estonian National Cyber Security Centre (NCSC-EE) Küberturvalisuse keskus
French Cybersecurity Agency (ANSSI) Agence nationale de la sécurité des systèmes d’information
Netherlands Defence Intelligence and Security Service (MIVD) Militaire Inlichtingen- en Veiligheidsdienst

Download the PDF version of this report:

Russian GRU Targeting Western Logistics Entities and Technology Companies (PDF, 1,081KB)

For a downloadable list of IOCs, visit:

Introduction

Description of Targets

Defense Industry
Transportation and Transportation Hubs (ports, airports, etc.)
Maritime
Air Traffic Management
IT Services

The countries with targeted entities include the following, as illustrated in Figure 1:

Bulgaria
Czech Republic
France
Germany
Greece
Italy
Moldova
Netherlands
Poland
Romania
Slovakia
Ukraine
United States

Figure 1: Countries with Targeted Entities

Initial Access TTPs

To gain initial access to targeted entities, unit 26165 actors used several techniques to gain initial access to targeted entities, including (but not limited to):

Credential Guessing/Brute Force

Spearphishing

Webhook[.]site
FrgeIO
InfinityFree
Dynu
Mocky
Pipedream
Mockbin[.]org

CVE Usage

Post-Compromise TTPs

C:Windowssystem32ntdsutil.exe "activate instance ntds" ifm "create full C:temp[a-z]{3}" quit quit

Figure 2: Example Active Directory Domain Services command

sender,
recipient,
train/plane/ship numbers,
point of departure,
destination,
container registration numbers,
travel route, and
cargo contents.

In at least one instance, the actors attempted to use voice phishing [T1566.004] to gain access to privileged accounts by impersonating IT staff.

Malware

HEADLACE [7]
MASEPIE [8]

Persistence

Exfiltration

Connections to Targeting of IP Cameras

DESCRIBE rtsp://[IP ADDRESS] RTSP/1.0

CSeq: 1

Authorization: Basic

User-Agent: WebClient

Accept: application/sdp

DESCRIBE rtsp://[IP ADDRESS] RTSP/1.0

CSeq: 2

Authorization: Digest username="admin", realm="[a-f0-9]{12}", algorithm="MD5", nonce="[a-f0-9]{32}", uri="", response="[a-f0-9]{32}"

User-Agent: WebClient

Accept: application/sdp

Figure 3: Example RTSP request

Table 1: Geographic distribution of targeted IP cameras
Country	Percentage of Total Attempts
Ukraine	81.0%
Romania	9.9%
Poland	4.0%
Hungary	2.8%
Slovakia	1.7%
Others	0.6%

Mitigation Actions

General Security Mitigations

Architecture and Configuration

Employ appropriate network segmentation [D3-NI] and restrictions to limit access and utilize additional attributes (such as device information, environment, and access path) when making access decisions [D3-AMED].
- Consider Zero Trust principles when designing systems. Base product choices on how those products can solve specific risks identified as part of the end-to-end design. [9]
Ensure that host firewalls and network security appliances (e.g., firewalls) are configured to only allow legitimately needed data flows between devices and servers to prevent lateral movement [D3-ITF]. Alert on attempts to connect laterally between host devices or other unusual data flows.
Use automated tools to audit access logs for security concerns and identify anomalous access requests [D3-RAPA].
For organizations using on-premises authentication and email services, block and alert on NTLM/SMB requests to external infrastructure [D3-OTF].
Utilize endpoint, detection, and response (EDR) and other cybersecurity solutions on all systems, prioritizing high value systems with large amounts of sensitive data such as mail servers and domain controllers [D3-PM] first.
- Perform threat and attack modeling to understand how sensitive systems may be compromised within an organization’s specific architecture and security controls. Use this to develop a monitoring strategy to detect compromise attempts and select appropriate products to enact this strategy.
Collect and monitor Windows logs for certain events, especially for events that indicate that a log was cleared unexpectedly [D3-SFA].
Enable optional security features in Windows to harden endpoints and mitigate initial access techniques [D3-AH]:
- Enable attack surface reduction rules to prevent executable content from email [D3-ABPI].
- Enable attack surface reduction rules to prevent execution of files from globally writeable directories, such as Downloads or %APPDATA% [D3-EAL].
- Unless users are involved in the development of scripts, limit the local execution of scripts (such as batch scripts, VBScript, JScript/JavaScript, and PowerShell [10]) to known scripts [D3-EI], and audit execution attempts.
- Disable Windows Host Scripting functionality and configure PowerShell to run in Constrained mode [D3-ACH].
Where feasible, implement allowlisting for applications and scripts to limit execution to only those needed for authorized activities, blocking all others by default [D3-EAL].
Consider using open source SIGMA rules as a baseline for detecting and alerting on suspicious file execution or command parameters [D3-PSA].
Use services that provide enhanced browsing services and safe link checking [D3-URA]. Significant reductions in successful spearphishing attempts were noted when email providers began offering link checking and automatic file detonation to block malicious content.
Where possible, block logins from public VPNs, including exit nodes in the same country as target systems, or, if they need to be allowed, alert on them for further investigation. Most organizations should not need to allow incoming traffic, especially logins to systems, from VPN services [D3-NAM].
Educate users to only use approved corporate systems for relevant government and military business and avoid the use of personal accounts on cloud email providers to conduct official business. Network administrators should also audit both email and web request logs to detect such activity.

*.000[.]pe
*.1cooldns[.]com
*.42web[.]io
*.4cloud[.]click
*.accesscan[.]org
*.bumbleshrimp[.]com
*.camdvr[.]org
*.casacam[.]net
*.ddnsfree[.]com
*.ddnsgeek[.]com
*.ddnsguru[.]com
*.dynuddns[.]com
*.dynuddns[.]net
*.free[.]nf
*.freeddns[.]org
*.frge[.]io
*.glize[.]com
*.great-site[.]net
*.infinityfreeapp[.]com
*.kesug[.]com
*.loseyourip[.]com
*.lovestoblog[.]com
*.mockbin[.]io
*.mockbin[.]org
*.mocky[.]io
*.mybiolink[.]io
*.mysynology[.]net
*.mywire[.]org
*.ngrok[.]io
*.ooguy[.]com
*.pipedream[.]net
*.rf[.]gd
*.urlbae[.]com
*.webhook[.]site
*.webhookapp[.]com
*.webredirect[.]org
*.wuaze[.]com

Identity and Access Management

Organizations should take measures to ensure strong access controls and mitigate against common credential theft techniques:

Use MFA with strong factors, such as passkeys or PKI smartcards, and require regular re-authentication [D3-MFA]. [11], [12] Strong authentication factors are not guessable using dictionary techniques, so they resist brute force attempts.
Implement other mitigations for privileged accounts: including limiting the number of admin accounts, considering using hardware MFA tokens, and regularly reviewing all privileged user accounts [D3-JFAPA].
Separate privileged accounts by role and alert on misuse of privileged accounts [D3-UAP]. For example, email administrator accounts should be different from domain administrator accounts.
Reduce reliance on passwords; instead, consider using services like single sign-on [D3-TBA].
- For organizations using on-premises authentication and email services, plan to disable NTLM entirely and migrate to more robust authentication processes such as PKI certificate authentication.
Do not store passwords in Group Policy Preferences (GPP). Remove all passwords previously included in GPP and change all passwords on the corresponding accounts [D3-CH]. [13]
Use account throttling or account lockout [D3-ANET]:
- Throttling is preferred to lockout. Throttling progressively increases time delay between successive login attempts.
- Account lockout can leave legitimate users unable to access their accounts and requires access to an account recovery process.
- Account lockout can provide a malicious actor with an easy way to launch a Denial of Service (DoS).
- If using lockout, then allowing 5 to 10 attempts before lockout is recommended.
Use a service to check for compromised passwords before using them [D3-SPP]. For example, “Have I Been Pwned” can be used to check whether a password has been previously compromised without disclosing the potential password.
Change all default credentials [D3-CRO] and disable protocols that use weak authentication (e.g., clear-text passwords or outdated and vulnerable authentication or encryption protocols) or do not support multi-factor authentication [D3-ACH] [D3-ET]. Always configure access controls carefully to ensure that only well-maintained and well-authenticated accounts have access. [13]

IP Camera Mitigations

The following mitigation techniques for IP cameras can be used to defend against this type of malicious activity:

Ensure IP cameras are currently supported. Replace devices that are out of support.
Apply security patches and firmware updates to all IP cameras [D3-SU].
Disable remote access to the IP camera, if unnecessary [D3-ITF].
Ensure cameras are protected by a security appliance, if possible, such as by using a firewall to prevent communication with the camera from IP addresses not on an allowlist [D3-NAM].
If remote access to IP camera feeds is required, ensure authentication is enabled [D3-AA] and use a VPN to connect remotely [D3-ET]. Use MFA for management accounts if supported [D3-MFA].
Disable Universal Plug and Play (UPnP), Peer-to-Peer (P2P), and Anonymous Visit features on IP cameras and routers [D3-NI].
Turn off other ports/services not in use (e.g., FTP, web interface, etc.) [D3-ACH].
If supported, enable authenticated RTSP access only [D3-AA].
Review all authentication activity for remote access to make sure it is valid and expected [D3-UBA]. Investigate any unexpected or unusual activity.
Audit IP camera user accounts to ensure they are an accurate reflection of your organization and that they are being used as expected [D3-UAP].
Configure, tune, and monitor logging—if available—on the IP camera.

Indicators of Compromise (IOCs)

Utilities and scripts

Legitimate utilities

Unauthorized or unusual use of the following legitimate utilities can be an indication of a potential compromise:

ntdsutil – A legitimate Windows executable used by threat actors to export contents of Active Directory
wevtutil – A legitimate Windows executable used by threat actors to delete event logs
vssadmin – A legitimate Windows executable possibly used by threat actors to make a copy of the server’s C: drive
ADexplorer – A legitimate window executable to view, edit, and backup Active Directory Certificate Services
OpenSSH – The Windows version of a legitimate open source SSH client
schtasks – A legitimate Windows executable used to create persistence using scheduled tasks
whoami – A legitimate Windows executable used to retrieve the name of the current user
tasklist – A legitimate Windows executable used to retrieve the list of running processes
hostname – A legitimate Windows executable used to retrieve the device name
arp – A legitimate Windows executable used to retrieve the ARP table for mapping the network environment
systeminfo – A legitimate Windows executable used to retrieve a comprehensive summary of device and operating system information
net – A legitimate Windows executable used to retrieve detailed user information
wmic – A legitimate Windows executable used to interact with Windows Management Instrumentation (WMI), such as to retrieve letters assigned to logical partitions on storage drives
cacls – A legitimate Windows executable used to modify permissions on files
icacls – A legitimate Windows executable used to modify permissions to files and handle integrity levels and ownership
ssh – A legitimate Windows executable used to establish network shell connections
reg – A legitimate Windows executable used to add to or modify the system registry

Malicious scripts

Certipy – An open source python tool for enumerating and abusing Active Directory Certificate Services
Get-GPPPassword.py – An open source python script for finding insecure passwords stored in Group Policy Preferences
ldap-dump.py – A script for enumerating user accounts and other information in Active Directory
Hikvision backdoor string: “YWRtaW46MTEK”

Suspicious command lines

edge.exe “-headless-new -disable-gpu”
ntdsutil.exe “activate instance ntds” ifm “create full C:temp[a-z]{3}” quit quit
ssh -Nf
schtasks /create /xml

Outlook CVE Exploitation IOCs

md-shoeb@alfathdoor[.]com[.]sa
jayam@wizzsolutions[.]com
accounts@regencyservice[.]in
m.salim@tsc-me[.]com
vikram.anand@4ginfosource[.]com
mdelafuente@ukwwfze[.]com
sarah@cosmicgold469[.]co[.]za
franch1.lanka@bplanka[.]com
commerical@vanadrink[.]com
maint@goldenloaduae[.]com
karina@bhpcapital[.]com
tv@coastalareabank[.]com
ashoke.kumar@hbclife[.]in
213[.]32[.]252[.]221
124[.]168[.]91[.]178
194[.]126[.]178[.]8
159[.]196[.]128[.]120

Commonly Used Webmail Providers

portugalmail[.]pt
mail-online[.]dk
email[.]cz
seznam[.]cz

Malicious Archive Filenames Involving CVE-2023-38831

calc.war.zip
news_week_6.zip
Roadmap.zip
SEDE-PV-2023-10-09-1_EN.zip
war.zip
Zeyilname.zip

Brute Forcing IP Addresses

Disclaimer: These IP addresses date June 2024 through August 2024. The authoring agencies recommend organizations investigate or vet these IP addresses prior to taking action, such as blocking.

June 2024	July 2024	August 2024
192[.]162[.]174[.]94	207[.]244[.]71[.]84	31[.]135[.]199[.]145	79[.]184[.]25[.]198	91[.]149[.]253[.]204
103[.]97[.]203[.]29	162[.]210[.]194[.]2	31[.]42[.]4[.]138	79[.]185[.]5[.]142	91[.]149[.]254[.]75
209[.]14[.]71[.]127		46[.]112[.]70[.]252	83[.]10[.]46[.]174	91[.]149[.]255[.]122
109[.]95[.]151[.]207		46[.]248[.]185[.]236	83[.]168[.]66[.]145	91[.]149[.]255[.]19
		64[.]176[.]67[.]117	83[.]168[.]78[.]27	91[.]149[.]255[.]195
		64[.]176[.]69[.]196	83[.]168[.]78[.]31	91[.]221[.]88[.]76
		64[.]176[.]70[.]18	83[.]168[.]78[.]55	93[.]105[.]185[.]139
		64[.]176[.]70[.]238	83[.]23[.]130[.]49	95[.]215[.]76[.]209
		64[.]176[.]71[.]201	83[.]29[.]138[.]115	138[.]199[.]59[.]43
		70[.]34[.]242[.]220	89[.]64[.]70[.]69	147[.]135[.]209[.]245
		70[.]34[.]243[.]226	90[.]156[.]4[.]204	178[.]235[.]191[.]182
		70[.]34[.]244[.]100	91[.]149[.]202[.]215	178[.]37[.]97[.]243
		70[.]34[.]245[.]215	91[.]149[.]203[.]73	185[.]234[.]235[.]69
		70[.]34[.]252[.]168	91[.]149[.]219[.]158	192[.]162[.]174[.]67
		70[.]34[.]252[.]186	91[.]149[.]219[.]23	194[.]187[.]180[.]20
		70[.]34[.]252[.]222	91[.]149[.]223[.]130	212[.]127[.]78[.]170
		70[.]34[.]253[.]13	91[.]149[.]253[.]118	213[.]134[.]184[.]167
		70[.]34[.]253[.]247	91[.]149[.]253[.]198
		70[.]34[.]254[.]245	91[.]149[.]253[.]20

Detections

Customized NTLM listener

rule APT28_NTLM_LISTENER {

meta:

description = "Detects NTLM listeners including APT28's custom one"

strings:

$command_1 = "start-process powershell.exe -WindowStyle hidden"

$command_2 = "New-Object System.Net.HttpListener"

$command_3 = "Prefixes.Add('http://localhost:8080/')"

$command_4 = "-match 'Authorization'"

$command_5 = "GetValues('Authorization')"

$command_6 = "Request.RemoteEndPoint.Address.IPAddressToString"

$command_8 = ".AllKeys"

$variable_1 = "$NTLMAuthentication" nocase

$variable_2 = "$NTLMType2" nocase

$variable_3 = "$listener" nocase

$variable_4 = "$hostip" nocase

$variable_5 = "$request" nocase

$variable_6 = "$ntlmt2" nocase

$variable_7 = "$NTLMType2Response" nocase

$variable_8 = "$buffer" nocase

condition:

5 of ($command_*)

or

all of ($variable_*)

}

HEADLACE shortcut

rule APT28_HEADLACE_SHORTCUT {

meta:

description = "Detects the HEADLACE backdoor shortcut dropper. Rule is meant for threat hunting."

strings:

$type = "[InternetShortcut]" ascii nocase

$url = "file://"

$edge = "msedge.exe"

$icon = "IconFile"

condition:

all of them

}

HEADLACE credential dialogbox phishing

rule APT28_HEADLACE_CREDENTIALDIALOG {

meta:

description = "Detects scripts used by APT28 to lure user into entering credentials"

strings:

$command_1 = "while($true)"

$command_2 = "Get-Credential $(whoami)"

$command_3 = "Add-Content"

$command_4 = ".UserName"

$command_5 = ".GetNetworkCredential().Password"

$command_6 = "GetNetworkCredential().Password.Length -ne 0"

condition:

5 of them

}

HEADLACE core script

rule APT28_HEADLACE_CORE {

meta:

description = "Detects HEADLACE core batch scripts"

strings:

$chcp = "chcp 65001" ascii

$headless = "start "" msedge --headless=new --disable-gpu" ascii

$command_1 = "taskkill /im msedge.exe /f" ascii

$command_2 = "whoami>"%programdata%" ascii

$command_3 = "timeout" ascii

$command_4 = "copy "%programdata%" ascii

$non_generic_del_1 = "del /q /f "%programdata%" ascii

$non_generic_del_3 = "del /q /f "%userprofile%Downloads" ascii

$generic_del = "del /q /f" ascii

condition:

(

$chcp

and

$headless

)

and

(

1 of ($non_generic_del_*)

or

($generic_del)

or

3 of ($command_*)

)

}

MASEPIE

rule APT28_MASEPIE {

meta:

description = "Detects MASEPIE python script"

strings:

$masepie_unique_1 = "os.popen('whoami').read()"

$masepie_unique_2 = "elif message == 'check'"

$masepie_unique_3 = "elif message == 'send_file':"

$masepie_unique_4 = "elif message == 'get_file'"

$masepie_unique_5 = "enc_mes('ok'"

$masepie_unique_6 = "Bad command!'.encode('ascii'"

$masepie_unique_7 = "{user}{SEPARATOR}{k}"

$masepie_unique_8 = "raise Exception("Reconnect"

condition:

3 of ($masepie_unique_*)

}

STEELHOOK

rule APT28_STEELHOOK {

meta:

description = "Detects APT28's STEELHOOK powershell script"

strings:

$s_1 = "$($env:LOCALAPPDATAGoogleChromeUser DataLocal State)"

$s_2 = "$($env:LOCALAPPDATAGoogleChromeUser DataDefaultLogin Data)"

$s_3 = "$($env:LOCALAPPDATAMicrosoftEdgeUser DataLocal State)"

$s_4 = "$($env:LOCALAPPDATAMicrosoftEdgeUser DataDefaultLogin Data)"

$s_5 = "os_crypt.encrypted_key"

$s_6 = "System.Security.Cryptography.DataProtectionScope"

$s_7 = "[system.security.cryptography.protectdata]::Unprotect"

$s_8 = "Invoke-RestMethod"

condition:

all of them

}

PSEXEC

rule GENERIC_PSEXEC {

meta:

description = "Detects SysInternals PSEXEC executable"

strings:

$sysinternals_1 = "SYSINTERNALS SOFTWARE LICENCE TERMS"

$sysinternals_2 = "/accepteula"

$sysinternals_3 = "SoftwareSysinternals"

$network_1 = "%sIPC$"

$network_2 = "%sADMIN$%s"

$network_3 = "DeviceLanmanRedirector%sipc$"

$psexec_1 = "PSEXESVC"

$psexec_2 = "PSEXEC-{}-"

$psexec_3 = "Copying %s to %s..."

$psexec_4 = "gPSINFSVC"

condition:

(

( uint16( 0x0 ) ==0x5a4d )

and

( uint16( uint32( 0x3c )) == 0x4550 )

)

and

filesize < 1024KB

and

(

( any of ($sysinternals_*) and any of ($psexec_*) )

or

( 2 of ($network_*) and 2 of ($psexec_*))

)

}

APT28 [14]
Fancy Bear [14]
Forest Blizzard [14]
Blue Delta [15]

Further Reference

To search for the presence of malicious email messages targeting CVE-2023-23397, network defenders may consider using the script published by Microsoft: https://aka.ms/CVE-2023-23397ScriptDoc.

Works Cited

Disclaimer of endorsement

Purpose

Contact

United States organizations

National Security Agency (NSA)
Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI)
- U.S. organizations are encouraged to reporting suspicious or criminal activity related to information in this advisory to CISA via the agency’s Incident Reporting System, its 24/7 Operations Center (report@cisa.gov or 888-282-0870), or your local FBI field office. When available, please include the following information regarding the incident: date, time, and location of the incident; type of activity; number of people affected; type of equipment user for the activity; the name of the submitting company or organization; and a designated point of contact.
Department of Defense Cyber Crime Center (DC3)

United Kingdom organizations

Germany organizations

Czech Republic organizations

Poland organizations

Australian organizations

Visit cyber.gov.au or call 1300 292 371 (1300 CYBER 1) to report cybersecurity incidents and access alerts and advisories.

Canadian organizations

Estonia organizations

French organizations

French organizations are encouraged to report suspicious activity or incident related to information found in this advisory by contacting ANSSI/CERT-FR by email at cert-fr@ssi.gouv.fr or by phone at: 3218 or +33 9 70 83 32 18.

See Table 2 through Table 14 for all the threat actor tactics and techniques referenced in this advisory.

Table 2: Reconnaissance
Tactic/Technique Title	ID	Use
Reconnaissance	TA0043	Conducted reconnaissance on at least one entity involved in the production of ICS components for railway management.
Gather Victim Identity Information: Email Addresses	T1589.002	Conducted contact information reconnaissance to identify additional targets in key positions.
Gather Victim Org Information	T1591	Conducted reconnaissance of the cybersecurity department.
Gather Victim Org Information: Identify Roles	T1591.004	Conducted reconnaissance of individuals responsible for coordinating transport.
Gather Victim Org Information: Business Relationships	T1591.002	Conducted reconnaissance of other companies cooperating with the victim entity.
Gather Victim Host Information	T1592	Attempted to enumerate Real Time Streaming Protocol (RTSP) servers hosting IP cameras.

Table 3: Resource development
Tactic/Technique Title	ID	Use
Compromise Accounts: Email Accounts	T1586.002	Sent phishing emails using compromised accounts.
Compromise Accounts: Cloud Accounts	T1586.003	Sent phishing emails using compromised accounts.

Table 4: Initial Access
Tactic/Technique Title	ID	Use
Trusted Relationship	T1199	Conducted follow-on targeting of additional entities in the transportation sector that had business ties to the primary target, exploiting trust relationships to attempt to gain additional access.
Phishing	T1566	Used spearphishing for credentials and delivering malware to gain initial access to targeted entities.
Phishing: Spearphishing Attachment	T1566.001	Sent emails with malicious attachments.
Phishing: Spearphishing Link	T1566.002	Used spearphishing with included links to fake login pages. Sent emails with embedded hyperlinks that downloaded a malicious archive.
Phishing: Spearphishing Voice	T1566.004	Attempted to use voice phishing to gain access to privileged accounts by impersonating IT staff.
External Remote Services	T1133	Exploited Internet-facing infrastructure, including corporate VPNs, to gain initial access to targeted entities.
Exploit Public-Facing Application	T1190	Exploited public vulnerabilities and SQL injection to gain initial access to targeted entities.
Content Injection	T1659	Leveraged a WinRAR vulnerability allowing for the execution of arbitrary code embedded in an archive.

Table 5: Execution
Tactic/Technique Title	ID	Use
User Execution: Malicious Link	T1204.001	Used malicious links to hosted shortcuts in spearphishing.
User Execution: Malicious File	T1204.002	Delivered malware executables via spearphishing.
Scheduled Task/Job: Scheduled Task	T1053.005	Used scheduled tasks to establish persistence.
Command and Scripting Interpreter	T1059	Delivered scripts in spearphishing. Executed arbitrary shell commands.
Command and Scripting Interpreter: PowerShell	T1059.001	PowerShell commands were often used to prepare data for exfiltration.
Command and Scripting Interpreter: Windows Command Shell	T1059.003	Used BAT script in spearphishing.
Command and Scripting Interpreter: Visual Basic	T1059.005	Used VBScript in spearphishing.
Command and Scripting Interpreter: Python	T1059.006	Installed python on infected machines to enable the execution of Certipy.

Table 6: Persistence
Tactic/Technique Title	ID	Use
Account Manipulation: Additional Email Delegate Permissions	T1098.002	Used manipulation of mailbox permissions to establish sustained email collection.
Modify Authentication Process: Multi-Factor Authentication	T1556.006	Enrolled compromised accounts in MFA mechanisms to increase the trust-level of compromised accounts and enable sustained access.
Hijack Execution Flow: DLL Search Order Hijacking	T1574.001	Used DLL search order hijacking to facilitate malware execution.
Boot or Logon Autostart Execution: Registry Run Keys / Startup Folder	T1547.001	Used run keys to establish persistence.
Boot or Logon Autostart Execution: Shortcut Modification	T1547.009	Placed malicious shortcuts in the startup folder to establish persistence.

Table 7: Defense Evasion
Tactic/Technique Title	ID	Use
Indicator Removal: Clear Windows Event Logs	T1070.001	Deleted event logs through the wevtutil utility.

Table 8: Credential access
Tactic/Technique Title	ID	Use
Brute Force		Sent requests with Base64-encoded credentials for the RTSP server, which included publicly documented default credentials, and likely were generic attempts to brute force access to the devices.
Brute Force: Password Guessing	T1110.001	Used credential guessing to gain initial access to targeted entities.
Brute Force: Password Spraying	T1110.003	Used brute force to gain initial access to targeted entities. Conducted a brute force password spray via LDAP.
Multi-Factor Authentication Interception		Used multi-stage redirectors to provide MFA relaying capabilities in some campaigns.
Input Capture		Used multi-stage redirectors to provide CAPTCHA relaying capabilities in some campaigns.
Forced Authentication		Used an Outlook NTLM vulnerability to collect NTLM hashes and credentials via specially crafted Outlook calendar appointment invitations.
OS Credential Dumping: NTDS	T1003.003	Attempted to dump Active Directory NTDS.dit domain databases.
Unsecured Credentials: Group Policy Preferences	T1552.006	Retrieved plaintext passwords via Group Policy Preferences using Get-GPPPassword.py.

Table 9: Discovery
Tactic/Technique Title	ID	Use
Account Discovery: Domain Account	T1087.002	Used a modified ldap-dump.py to enumerate the Windows environment.

Table 10: Command and Control
Tactic/Technique Title	ID	Use
Hide Infrastructure	T1665	Abused SOHO devices to facilitate covert cyber operations, as well as proxy malicious activity, via devices with geolocation in proximity to the target.
Proxy: External Proxy	T1090.002	Actor-controlled servers sent RTSP DESCRIBE requests destined for RTSP servers.
Proxy: Multi-hop Proxy	T1090.003	Used Tor and commercial VPNs as part of their anonymization infrastructure
Encrypted Channel	T1573	Connected to victim infrastructure using encrypted TLS.
Multi-Stage Channels	T1104	Used multi-stage redirectors for campaigns.

Table 11: Defense evasion (mobile framework)
Tactic/Technique Title	ID	Use
Execution Guardrails		Used multi-stage redirectors to verify browser fingerprints in some campaigns.
Execution Guardrails: Geofencing	T1627.001	Used multi-stage redirectors to verify IP-geolocation in some campaigns.

Table 12: Lateral movement
Tactic/Technique Title	ID	Use
Lateral Movement		Used native commands and open source tools, such as Impacket and PsExec, to move laterally within the environment.
Remote Services: Remote Desktop Protocol	T1021.001	Moved laterally within the network using RDP.

Table 13: Collection
Tactic/Technique Title	ID	Use
Email Collection		Retrieved sensitive data from email servers.
Email Collection: Remote Email Collection	T1114.002	Used server data exchange protocols and APIs such as Exchange Web Services (EWS) and IMAP to exfiltrate data from email servers.
Automated Collection		Used periodic EWS queries to collect new emails.
Video Capture		Attempted to gain access to the cameras’ feeds.
Archive Collected Data		Accessed files were archived in .zip files prior to exfiltration.
Archive Collected Data: Archive via Utility	T1560.001	Prepared zip archives for upload to the actors’ infrastructure.

Table 14: Exfiltration
Tactic/Technique Title	ID	Use
Exfiltration Over Alternative Protocol		Attempted to exfiltrate archived data via a previously dropped OpenSSH binary.
Scheduled Transfer		Used periodic EWS queries to collect new emails sent and received since the last data exfiltration.

Appendix B: CVEs exploited

Table 15: Exploited CVE information
CVE	Vendor/Product	Details
CVE-2023-38831	RARLAB WinRAR	Allows execution of arbitrary code when a user attempts to view a benign file within a ZIP archive.
CVE-2023-23397	Microsoft Outlook	External actors could send specially crafted emails that cause a connection from the victim to an untrusted location of the actor’s control, leaking the Net-NTLMv2 hash of the victim that the actor could then relay to another service to authenticate as the victim.
CVE-2021-44026	Roundcube Webmail	Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to a potential SQL injection via search or search params.
CVE-2020-35730	Roundcube Webmail	An XSS issue was discovered in Roundcube Webmail before 1.2.13, 1.3.x before 1.3.16 and 1.4.x before 1.4.10, where a plaintext email message with JavaScript in a link reference element is mishandled by linkref_addindex in rcube_string_replacer.php.
CVE-2020-12641	Roundcube Webmail	Roundcube Webmail before 1.4.4 allows arbitrary code execution via shell metacharacters in a configuration setting for im_convert_path or im_identify_path in rcube_image.php.

Appendix C: MITRE D3FEND Countermeasures

Table 16: MITRE D3FEND countermeasures
Countermeasure Title	ID	Details
Network Isolation		Employ appropriate network segmentation. Disable Universal Plug and Play (UPnP), Peer-to-Peer (P2P), and Anonymous Visit features on IP cameras and routers.
Access Mediation		Limit access and utilize additional attributes (such as device information, environment, and access path) when making access decisions. Configure access controls carefully to ensure that only well-maintained and well-authenticated accounts have access.
Inbound Traffic Filtering		Implement host firewall rules to block connections from other devices on the network, other than from authorized management devices and servers, to prevent lateral movement.
Resource Access Pattern Analysis		Use automated tools to audit access logs for security concerns and identify anomalous access requests.
Outbound Traffic Filtering		Block NTLM/SMB requests to external infrastructure.
Platform Monitoring		Install EDR/logging/cybersecurity solutions onto high value systems with large amounts of sensitive data such as mail servers and domain controllers.
System File Analysis		Collect and monitor Windows logs for certain events, especially for events that indicate that a log was cleared unexpectedly.
Application Hardening		Enable optional security features in Windows to harden endpoints and mitigate initial access techniques.
Application-based Process Isolation		Enable attack surface reduction rules to prevent executable content from email.
Executable Allowlisting		Enable attack surface reduction rules to prevent execution of files from globally writeable directories, such as Downloads or %APPDATA%.
Execution Isolation		Unless users are involved in the development of scripts, limit the execution of scripts (such as batch, JavaScript, and PowerShell) to known scripts.
Application Configuration Hardening		Disable Windows Host Scripting functionality and configure PowerShell to run in Constrained mode. Disable protocols that use weak authentication (e.g., clear-text passwords, or outdated and vulnerable authentication or encryption protocols) or do not support multi-factor authentication. Turn off other ports/services not in use (e.g., FTP, web interface, etc.).
Process Spawn Analysis		Use open source SIGMA rules as a baseline for detecting and alerting on suspicious file execution or command parameters.
URL Reputation Analysis		Use services that provide enhanced browsing services and safe link checking.
Network Access Mediation		Do not allow incoming traffic, especially logins to systems, from public VPN services. Where possible, logins from public VPNs, including exit nodes in the same country as target systems, should be blocked or, if allowed, alerted on for further investigation. Ensure cameras and other Internet of Things devices are protected by a security appliance, if possible.
DNS Denylisting	D3-DNSDL	Do not allow outgoing traffic to hosting and API mocking services frequently used by malicious actors.
Domain Name Reputation Analysis		Heuristic detections for web requests to new subdomains may uncover malicious phishing activity. Logging the requests for each sub-domain requested by users on a network, such as in DNS or firewall logs, may enable system administrators to identify new targeting and victims.
Multi-factor Authentication		Use MFA with strong factors and require regular re-authentication, especially for management accounts.
Job Function Access Pattern Analysis	D3-JFAPA	Implement other mitigations for privileged accounts: including limiting the number of admin accounts, considering using hardware MFA tokens, and regularly reviewing all privileged user accounts.
User Account Permissions		Separate privileged accounts by role and alert on misuse of privileged accounts. Audit user accounts on all devices to ensure they are an accurate reflection of your organization and that they are being used as expected.
Token-based Authentication		Reduce reliance on passwords; instead, consider using services like single sign-on.
Credential Hardening		Do not store passwords in Group Policy Preferences (GPP). Remove all passwords previously included in GPP and change all passwords on the corresponding accounts.
Authentication Event Threshholding		Use account throttling or account lockout. Throttling progressively increases time delay between successive login attempts. If using account lockout, allow between 5 to 10 attempts before lockout.
Strong Password Policy		Use a service to check for compromised passwords before using them.
Credential Rotation		Change all default credentials.
Encrypted Tunnels		Disable protocols that use weak authentication (e.g., clear-text passwords, or outdated and vulnerable authentication or encryption protocols). Use a VPN for remote connections to devices.
Software Update		Apply security patches and firmware updates to all devices. Ensure devices are currently supported. Replace devices that are end-of-life.
Agent Authentication		Ensure authentication is enabled for remote access to devices. If supported on IP cameras, enable authenticated RTSP access only.
User Behavior Analysis		Review all authentication activity for remote access to make sure it is valid and expected. Investigate any unexpected or unusual activity.

MIL Security OSI -

May 22, 2025

MIL-OSI: MEXC Partners with TON for Groundbreaking $1 Million Crypto Event
Source: GlobeNewswire (MIL-OSI)

VICTORIA, Seychelles, May 21, 2025 (GLOBE NEWSWIRE) — MEXC, a leading global cryptocurrency exchange, today announced an industry-disrupting partnership with The Open Network (TON) that introduces a $1 million reward pool campaign and fundamentally challenges established exchange revenue models. Launching today and running through June 20, the “TON Triumph” campaign eliminates all trading fees on TON pairs while offering staking returns that dwarf typical yields by up to 100 times.

In an unprecedented move that signals a significant shift in exchange competition strategies, MEXC will offer new users access to staking opportunities with up to 400% APR on TON tokens—creating what analysts describe as the most aggressive user acquisition campaign in the cryptocurrency exchange sector this year.

“This partnership represents a strategic inflection point for both the TON ecosystem and the broader exchange landscape,” said Tracy Jin, COO of MEXC. “By eliminating all typical entry costs into TON trading for a full month while simultaneously offering returns that outpace all competitors, we’re not simply running a promotion—we’re fundamentally changing how users engage with emerging Layer-1 ecosystems.”

Campaign Transforms Market Access and Investment Returns

The 30-day campaign introduces multiple disruptive elements that directly challenge other exchanges’ TON market dominance:
- Zero-Fee Trading Structure: Complete elimination of fees on TON/USDT, TON/USDC, and TON/EUR spot pairs, TONUSDT futures, and all TON/USDE network withdrawals—removing traditional revenue mechanisms that have defined exchange business models.
- Industry-Leading APR: New users can stake TON tokens to earn up to 400% APR, positioning the offering at 100 times higher than typical cryptocurrency staking returns and several hundred times above traditional banking products.
- Democratized Trading Access: Zero-fee structure gives retail traders access to the same economics previously available only to professional and institutional traders, significantly leveling the playing field.
- Limited-Time, First-Come Allocation: High-yield staking pools operate on a first-come, first-served basis with participants limited to 250 TON tokens per user, creating immediate urgency for early participation.
The campaign also includes passive rewards of up to 8% daily APR for USDE holders, spot trading rewards from a pool of 32,500 TON, and a futures trading competition with 100,000 USDT in bonuses.

TON Ecosystem Expansion and Infrastructure Advancement

This partnership is pivotal for The Open Network, which continues to gain momentum through its connection to Telegram’s 900+ million users and growing developer ecosystem.

The collaboration represents a significant leap forward in TON’s accessibility and adoption curve. By drastically reducing barriers to entry while providing exceptional incentives, the campaign accelerates the integration of new participants into the TON ecosystem, coinciding precisely with the network’s rapidly expanding technical capabilities and use cases.

The campaign also showcases MEXC’s platform capabilities, demonstrating advanced infrastructure that can handle zero-fee trading across multiple markets simultaneously while managing high-volume staking operations with variable APR structures.

Time-Sensitive Opportunity with Global Access

The $1 million in rewards is available exclusively during the 30-day window, with certain high-value components like the 400% APR staking pool starting on May 21th and operating on a capped allocation basis.
MEXC has created a streamlined onboarding process that allows new users to complete registration and KYC verification in minutes, with the campaign accessible to eligible participants globally through both web and mobile interfaces.

About MEXC
Founded in 2018, MEXC is committed to being “Your Easiest Way to Crypto.” Serving over 40 million users across 170+ countries, MEXC is known for its broad selection of trending tokens, everyday airdrop opportunities, and low trading fees. Our user-friendly platform is designed to support both new traders and experienced investors, offering secure and efficient access to digital assets. MEXC prioritizes simplicity and innovation, making crypto trading more accessible and rewarding.
MEXC Official Website｜ X ｜ Telegram ｜How to Sign Up on MEXC

About TON
The Open Network (TON) is a fully decentralized layer-1 blockchain designed for mass adoption. Originally conceived by Telegram and now developed by the open TON Community, the network offers exceptional scalability, accessibility, and ease of use.

Risk Disclaimer:
The information provided in this article regarding cryptocurrencies does not constitute investment advice. Given the highly volatile nature of the cryptocurrency market, investors are encouraged to carefully assess market fluctuations, the fundamentals of projects, and potential financial risks before making any trading decisions.

Source

Contact:
Lucia Hu
lucia.hu@mexc.com

Disclaimer: This is a paid post and is provided by MEXC. The statements, views, and opinions expressed in this content are solely those of the content provider and do not necessarily reflect the views of this media platform or its publisher. We do not endorse, verify, or guarantee the accuracy, completeness, or reliability of any information presented. We do not guarantee any claims, statements, or promises made in this article. This content is for informational purposes only and should not be considered financial, investment, or trading advice. Investing in crypto and mining-related opportunities involves significant risks, including the potential loss of capital. It is possible to lose all your capital. These products may not be suitable for everyone, and you should ensure that you understand the risks involved. Seek independent advice if necessary. Speculate only with funds that you can afford to lose. Readers are strongly encouraged to conduct their own research and consult with a qualified financial advisor before making any investment decisions. However, due to the inherently speculative nature of the blockchain sector—including cryptocurrency, NFTs, and mining—complete accuracy cannot always be guaranteed. Neither the media platform nor the publisher shall be held responsible for any fraudulent activities, misrepresentations, or financial losses arising from the content of this press release. In the event of any legal claims or charges against this article, we accept no liability or responsibility. Globenewswire does not endorse any content on this page.

Legal Disclaimer: This media platform provides the content of this article on an “as-is” basis, without any warranties or representations of any kind, express or implied. We assume no responsibility for any inaccuracies, errors, or omissions. We do not assume any responsibility or liability for the accuracy, content, images, videos, licenses, completeness, legality, or reliability of the information presented herein. Any concerns, complaints, or copyright issues related to this article should be directed to the content provider mentioned above.

A photo accompanying this announcement is available at https://www.globenewswire.com/NewsRoom/AttachmentNg/81cfe77f-6144-467b-8410-8e577b84fbb9

The MIL Network –
May 22, 2025
MIL-OSI: KraneShares Launches Strategic Wealth Model Portfolios — An Endowment-Style Approach to ETF Model Portfolios Emphasizing Alternatives and International Exposure
Source: GlobeNewswire (MIL-OSI)

NEW YORK, May 21, 2025 (GLOBE NEWSWIRE) — Krane Funds Advisors, LLC (“KraneShares”), an asset management firm known for its global exchange-traded funds (ETFs), today announced the launch of the KraneShares Strategic Wealth Model Portfolios.

These ETF model portfolios provide a comprehensive, global portfolio solution for financial advisors. They leverage the best of KraneShares’ and their leading asset management partners’ ETFs and market insights, emphasizing liquid alternatives and international exposure.

“Over the years, we have developed a unique set of ETFs at KraneShares. The Strategic Wealth Models can help investors understand how our ETFs fit into a total portfolio solution,” said Jonathan Krane, KraneShares CEO. “Through combining KraneShares’ strategies and expertise with products and inputs from our partners, we are able to create ETF model portfolios across various risk ranges that are unique in the marketplace.”

The KraneShares Strategic Wealth Model Portfolios expand global diversification compared to most model portfolio offerings and include 15-20% exposure to liquid alternatives, helping to protect the portfolio when traditional investments decline.

“We see a shift coming in global markets,” added Jonathan Shelon. “After a decade of US equity outperformance and a dominant US dollar, more globally diversified and alternatives-oriented portfolios will be important for growing and maintaining wealth. We are helping our clients prepare for a shifting macro landscape with our Strategic Wealth Models.”

The models currently include the following ETFs:
- KraneShares Value Line Dynamic Dividend Equity ETF (Ticker: KVLE)
- KraneShares MSCI Emerging Markets ex China Index ETF (Ticker: KEMX)
- KraneShares CSI China Internet ETF (Ticker: KWEB)
- KraneShares Hedgeye Hedged Equity Index ETF (Ticker: KSPY)
- KraneShares Artificial Intelligence & Technology ETF (Ticker: AGIX)
- iShares Core US Aggregate Bond ETF (Ticker: AGG)
- iShares iBoxx $ High Yield Corporate Bond ETF (Ticker: USHY)
- Quadratic Interest Rate Volatility and Inflation Hedge ETF (Ticker: IVOL)
- KraneShares Sustainable Ultra Short Duration Index ETF (Ticker: KCSH )
- KraneShares Asia Pacific High Income USD Bond ETF (Ticker: KHYB)
- KraneShares Mount Lucas Strategy ETF (Ticker: KMLM)
- KraneShares Global Carbon Strategy ETF (Ticker: KRBN)
- iShares Mortgage Real Estate Capped ETF (Ticker: REM)
- KraneShares China Internet & Covered Call ETF (Ticker: KLIP)
- KraneShares Man Buyout Beta Index ETF (Ticker: BUYO)
- iShares S&P 500 Growth ETF (Ticker: IVW)
- iShares Core S&P Small-Cap ETF (Ticker: IJR)
- KraneShares Bosera MSCI China A 50 Connect Index ETF (Ticker: KBA)
- iShares Global Clean Energy ETF (Ticker: ICLN)
- iShares 3-7 Year Treasury Bond ETF (Ticker: IEI)
For more information on the KraneShares Strategic Wealth Models, please visit portfolios.kraneshares.com/kraneshares-strategic-wealth-model-portfolios/ or consult your financial advisor.

About KraneShares

Krane Funds Advisors, LLC is the investment manager for KraneShares ETFs. Our team is determined to provide industry-leading, differentiated, and high-conviction investment strategies that offer access to key market trends. KraneShares offers innovative investment solutions tailored to three key pillars: China, Climate, and Alternatives. Our mission is to empower investors with the knowledge and tools necessary to capture the importance of these themes as an essential element of a well-designed investment portfolio.

Contact:
KraneShares Investor Relations
info@kraneshares.com

The MIL Network –
May 22, 2025
MIL-OSI: Announcement of the preliminary result and completion of Nykredit’s recommended voluntary public tender offer for Spar Nord Bank A/S – Nykredit Realkredit A/S
Source: GlobeNewswire (MIL-OSI)

THIS ANNOUNCEMENT IS PUBLISHED PURSUANT TO SECTION 21(3) OF EXECUTIVE ORDER NO. 636 OF 15 MAY 2020

NOT FOR RELEASE, PUBLICATION OR DISTRIBUTION, DIRECTLY OR INDIRECTLY, IN OR TO ANY JURISDICTION WHERE DOING SO WOULD CONSTITUTE A VIOLATION OF THE RELEVANT LAWS OR REGULATIONS OF SUCH JURISDICTION

Announcement of the preliminary result and completion of Nykredit’s recommended voluntary public tender offer for Spar Nord Bank A/S

21 May 2025

Nykredit announces the preliminary result of the recommended voluntary public tender offer for Spar Nord Bank A/S

In accordance with section 4(1) of the Danish Takeover Order¹, Nykredit Realkredit A/S (“Nykredit”) announced on 10 December 2024 that Nykredit intended to submit a voluntary public tender offer (the “Offer”) to acquire all shares in Spar Nord Bank A/S (“Spar Nord Bank”), with the exception of Spar Nord Bank’s treasury shares, for a cash price of DKK 210 per share, valuing the aggregated issued share capital of Spar Nord Bank at DKK 24.7 billion. As stated in a supplement dated 2 April 2025, the offer price has subsequently been increased to DKK 210.50 per share.

On 8 January 2025, Nykredit published the offer document regarding the Offer (the “Offer Document”), as approved by the Danish FSA in accordance with section 11 of the Danish Takeover Order. The Offer Document was most recently supplemented in a supplement of 23 April 2025.

Today, Nykredit announces the preliminary result of the Offer in accordance with section 21(3) of the Danish Takeover Order.

Preliminary result

The offer period, as determined in the Offer Document and most recently amended by a supplement of 23 April 2025, expired yesterday, 20 May 2025 at 23:59 (CEST).

Nykredit’s preliminary and non-binding summation of acceptances shows that Nykredit has obtained acceptances for 72,169,403 shares, equal to 61.32 per cent of the share capital and the associated voting rights in Spar Nord Bank.

At the date of publication of this announcement, Nykredit holds 38,646,475 Spar Nord Bank Shares, corresponding to 32.83 per cent of the share capital and voting rights in Spar Nord Bank. Based on the preliminary summation of acceptances, acceptances received combined with Nykredit’s ownership interest in Spar Nord Bank represent 96.54 per cent of the share capital and voting rights in Spar Nord Bank, excluding Spar Nord Bank’s holding of treasury shares.

The calculation of acceptances received is preliminary and may be adjusted through a verification process, which is currently underway at Carnegie Investment Bank, Filial af Carnegie Investment Bank AB (publ), Sverige, which has been appointed as settlement agent.

As published in an announcement of 20 May 2025, Nykredit has received all the necessary regulatory approvals for completing the Offer. The minimum condition for acceptance, based on the preliminary summation of acceptances, is also fulfilled. At the date of this announcement, Nykredit thus considers all the conditions laid down in the Offer Document for completion of the Offer to be fulfilled. As a result, the Offer is finalised, and Nykredit intends, subject to the final summation of acceptances, to complete the Offer on the terms and conditions set out in the Offer Document.

Final result

In accordance with section 21(3) of the Danish Takeover Order, Nykredit will, no later than on 23 May 2025, publish the final result of the Offer.

Settlement

The Offer will be settled in cash through the shareholders’ own account holding institutions no later than three (3) business days after publication of the final result, which will be 28 May 2025, if the final result is published on 23 May 2025.

Compulsory acquisition and delisting

As Nykredit stands to obtain an ownership interest corresponding to more than 90 per cent of the share capital and the associated voting rights in Spar Nord Bank (excluding treasury shares) upon completion of the Offer, it is Nykredit’ intention, as described in section 7.8 of the Offer Document, to initiate and complete a compulsory acquisition of the shares held by the remaining Spar Nord Bank shareholders in pursuance of sections 70-72 of the Danish Companies Act.

Nykredit furthermore intends to seek to have the Spar Nord Bank shares removed from trading and official listing on Nasdaq Copenhagen A/S as described in section 7.9 of the Offer Document.

In this connection, Nykredit will request Spar Nord Bank to convene an extraordinary general meeting at which Nykredit will propose to amend Spar Nord Bank’s articles of association.

Detailed information on compulsory acquisition and delisting will be published in separate announcements.

Additional information

Contact persons:

Investor contact:

Morten Bækmand, Head of Investor Relations, Nykredit (+45 4455 1521)

Media contact:

Orhan Gökcen, Head of Press, Nykredit (+45 3121 0639)

For further information about the Offer, please see: https://www.nykredit.com/en-gb/offer-spar-nord/

This announcement and the Offer Document (with supplements) are not directed at shareholders of Spar Nord Bank A/S whose participation in the Offer would require the issuance of an offer document, registration or activities other than what is required under Danish law (and, in the case of shareholders in the United States of America, Section 14(e) of, and applicable provisions of Regulation 14E promulgated under, the US Securities Exchange Act of 1934, as amended). The Offer is not made and will not be made, directly or indirectly, to shareholders resident in any jurisdiction in which the submission of the Offer or acceptance thereof would be in contravention of the laws of such jurisdiction. Any person coming into possession of this announcement, the Offer Document or any other document containing a reference to the Offer is expected and assumed to independently obtain all necessary information about any applicable restrictions and to observe these.

This announcement does not constitute an offer or an invitation to purchase securities or a solicitation of an offer to purchase securities in accordance with the Offer or otherwise. The Offer will be submitted only in the form of the Offer Document (with supplements) approved by the FSA, which sets out the full terms and conditions of the Offer, including information on how to accept the Offer. The shareholders of Spar Nord Bank are advised to read the Offer Document and any related documents as they contain important information.

Restricted jurisdictions

The Offer is not made, and acceptance of the Offer to tender Spar Nord Bank shares is not accepted, neither directly nor indirectly, in or from any jurisdiction in which the making or acceptance of the Offer would not be in compliance with the laws of such jurisdiction or would require any registration, approval or any other measures with any regulatory authority not expressly contemplated by the Offer Document (the “Restricted Jurisdictions”). Neither the United States nor the United Kingdom is a Restricted Jurisdiction.

Restricted Jurisdictions include, but are not limited to: Australia, Canada, Hong Kong, Japan, New Zealand and South Africa.

Persons obtaining documents or information relating to the Offer (including custodians, account holding institutions, nominees, trustees, representatives, fiduciaries or other intermediaries) should not distribute, communicate, transfer or send these in or into a Restricted Jurisdiction or use mail or any other means of communication in or into a Restricted Jurisdiction in connection with the Offer. Persons (including, but not limited to, custodians, custodian banks, nominees, trustees, representatives, fiduciaries or other intermediaries) intending to communicate this announcement, the Offer Document, supplements or any related document to any jurisdiction outside Denmark or the United States should inform themselves about these restrictions before taking any action. Any failure to comply with these restrictions may constitute a violation of the laws of such jurisdiction, including securities laws. It is the responsibility of all Persons obtaining this announcement, the Offer Document, supplements, an acceptance form and/or other documents relating to the Offer, or into whose possession such documents otherwise come, to inform themselves about and observe all such restrictions.

Nykredit is not responsible for ensuring that the distribution, dissemination or communication of this announcement, the Offer Document or supplements to shareholders outside Denmark, the United States and the United Kingdom is consistent with applicable law in any jurisdiction other than Denmark, the United States and the United Kingdom.

Important Information for Shareholders in the United States

The Offer concerns the shares in Spar Nord Bank, a public limited liability company incorporated and admitted to trading on a regulated market in Denmark, and is subject to the disclosure and procedural requirements of Danish law, including the Danish capital markets act and the Danish takeover order.

The Offer is being made to shareholders in Spar Nord Bank in the United States in compliance with the applicable US tender offer rules under the U.S. Securities Exchange Act of 1934, as amended, (the “U.S. Exchange Act”), including Regulation 14E promulgated thereunder, subject to the relief available for a “Tier II” tender offer, and otherwise in accordance with the requirements of Danish law and practice

Accordingly, US Spar Nord Bank shareholders should be aware that this announcement and any other documents regarding the Offer have been prepared in accordance with, and will be subject to, the disclosure and other procedural requirements, including with respect to withdrawal rights, the Offer timetable, settlement procedures and timing of payments of Danish law and practice, which may differ materially from those applicable under US domestic tender offer law and practice. In addition, the financial information contained in this announcement or the Offer Document has not been prepared in accordance with generally accepted accounting principles in the United States, or derived therefrom, and may therefore differ from, or not be comparable with, financial information of US companies.

In accordance with the laws of, and practice in, Denmark and to the extent permitted by applicable law, including Rule 14e-5 under the U.S. Exchange Act, Nykredit, Nykredit’s affiliates or any nominees or brokers of the foregoing (acting as agents, or in a similar capacity, for Nykredit or any of its affiliates, as applicable) may from time to time, and other than pursuant to the Offer, directly or indirectly, purchase, or arrange to purchase, outside of the United States, shares in Spar Nord Bank or any securities that are convertible into, exchangeable for or exercisable for such shares in Spar Nord Bank before or during the period in which the Offer remains open for acceptance. These purchases may occur either in the open market at prevailing prices or in private transactions at negotiated prices. Any information about such purchases will be announced via Nasdaq Copenhagen and relevant electronic media if, and to the extent, such announcement is required under applicable law. To the extent information about such purchases or arrangements to purchase is made public in Denmark, such information will be disclosed by means of a press release or other means reasonably calculated to inform US shareholders of Spar Nord Bank of such information.

In addition, subject to the applicable laws of Denmark and US securities laws, including Rule 14e-5 under the U.S. Exchange Act, the financial advisers to Nykredit or their respective affiliates may also engage in ordinary course trading activities in securities of Spar Nord Bank, which may include purchases or arrangements to purchase such securities.

It may not be possible for US shareholders to effect service of process within the United States upon Spar Nord Bank, Nykredit or any of their respective affiliates, or their respective officers or directors, some or all of which may reside outside the United States, or to enforce against any of them judgments of the United States courts predicated upon the civil liability provisions of the federal securities laws of the United States or other US law. It may not be possible to bring an action against Nykredit, Spar Nord Bank and/or their respective officers or directors (as applicable) in a non-US court for violations of US laws. Further, it may not be possible to compel Nykredit and Spar Nord Bank or their respective affiliates, as applicable, to subject themselves to the judgment of a US court. In addition, it may be difficult to enforce in Denmark original actions, or actions for the enforcement of judgments of US courts, based on the civil liability provisions of the US federal securities laws.

The Offer, if completed, may have consequences under US federal income tax and under applicable US state and local, as well as non-US, tax laws. Each shareholder of Spar Nord Bank is urged to consult its independent professional adviser immediately regarding the tax consequences of the Offer.

NEITHER THE U.S. SECURITIES AND EXCHANGE COMMISSION NOR ANY SECURITIES COMMISSION OR OTHER REGULATORY AUTHORITY IN ANY STATE OF THE U.S. HAS APPROVED OR DECLINED TO APPROVE THE OFFER OR THIS ANNOUNCEMENT, PASSED UPON THE FAIRNESS OR MERITS OF THE OFFER OR PROVIDED AN OPINION AS TO THE ACCURACY OR COMPLETENESS OF THIS ANNOUNCEMENT OR ANY OFFER DOCUMENT. ANY REPRESENTATION TO THE CONTRARY IS A CRIMINAL OFFENCE IN THE UNITED STATES.

1 Executive Order no. 636 of 15 May 2020

Attachment
- Announcement of preliminary result
The MIL Network –
May 21, 2025
MIL-OSI: Nykredit announces preliminary result of the takeover offer
Source: GlobeNewswire (MIL-OSI)

Nykredit has announced the preliminary result of the takeover offer

NOT FOR DIRECT OR INDIRECT RELEASE, PUBLICATION OR DISTRIBUTION IN OR TO ANY JURISDICTION IN WHICH SUCH RELEASE, PUBLICATION OR DISTRIBU-TION WOULD BE CONTRARY TO APPLICABLE LEGISLATION OR RULES OF SUCH JURISDICTION

With reference to Spar Nord Bank A/S’ (Spar Nord) company announcement no. 1/2025 concerning the all-cash voluntary takeover offer from Nykredit Realkredit A/S (Nykredit) for all shares (other than treasury shares held by Spar Nord) in Spar Nord (the Offer), Nykredit has today announced the preliminary result of the Offer. Nykredit’s announcement is attached.

Preliminary result
According to the terms and conditions of the Offer, the offer period expired on 20 May 2025 at 23:59 (CEST).

Based on a preliminary and non-binding summation of acceptances, Nykredit has received acceptances representing 72,169,403 Spar Nord shares equal to 61.32% of the share capital and voting rights in Spar Nord. Together with Nykredit’s holding of Spar Nord shares, this corresponds to 96.54% of the share capital and voting rights in Spar Nord, excluding treasury shares held by Spar Nord.

The calculation remains subject to potential adjustments as part of a verification process, underway at Carnegie Investment Bank, Filial af Carnegie Investment Bank AB (publ), Sverige, which is appointed by Nykredit as settlement bank in relation to the Offer.

With reference to company announcement no. 12/2025, the relevant public authority approvals have been obtained. The minimum condition for acceptance, based on the preliminary summation of acceptances, is also fulfilled. At the date of this announcement, Nykredit thus considers all the conditions laid down in the offer document for completion of the Offer to be fulfilled. As a result, the Offer is finalised, and Nykredit intends, subject to the final summation of acceptances, to complete the Offer on the terms and conditions set out in the offer document.

Final result and settlement
The final result of the Offer is expected to be announced on 23 May 2025.

The Offer will be settled in accordance with the terms and conditions of the offer document.

Compulsory acquisition and delisting
Based on the preliminary result, Nykredit will hold more than 90% of the share capital and voting rights in Spar Nord, excluding treasury shares held by Spar Nord, as a result of the Offer. On that basis, Nykredit will, after completion of the Offer, seek to initiate and complete a compulsory acquisition of the Spar Nord shares held by the remaining minority shareholders in Spar Nord.

In addition, Nykredit will request that Spar Nord seeks to have the Spar Nord shares removed from trading and official listing on Nasdaq Copenhagen A/S.

Information about the compulsory acquisition and removal from trading and official listing of the Spar Nord shares will be announced separately.

Questions may be directed to Neel Rosenberg (media) on +45 25 27 04 33 or to CFO Rune Brandt Børglum (investors)on +45 96 34 42 36.

Yours faithfully

Spar Nord Bank A/S
The board of directors

Attachments
- No. 13 – Nykredit announces preliminary result of the takeover offer – UK
- Announcement of preliminary result_Nykredit
The MIL Network –
May 21, 2025
MIL-OSI: VanEck Prepares to Launch PurposeBuilt Fund to Invest in Real-World Applications on Avalanche

Source: GlobeNewswire (MIL-OSI)

The information contained in the private placement memorandum (the “PPM”) for the VanEck PurposeBuilt Fund, L.P. is not complete and may be changed. Van Eck may not solicit subscriptions until the limited partnership’s interests are available for purchase. The private placement memorandum is not an offer or a solicitation for subscriptions referenced therein and is not a solicitation for an offer or solicitation for subscriptions in any state where the offer is not permitted. Please view the PPM here: VanEck PurposeBuilt Fund Private Placement Memorandum.

NEW YORK, May 21, 2025 (GLOBE NEWSWIRE) — VanEck, a leading asset manager, is today announcing the upcoming launch of the VanEck PurposeBuilt Fund, a private digital assets fund that will invest in businesses building on Avalanche and launching tokens designed to create long-term value and utility. The Fund is expected to launch in June 2025.

The Fund will invest in liquid tokens and venture-backed projects—spanning industries that include gaming, financial services, payments and AI—typically around or after a Token Generation Event, with a fundamentals-first strategy focused on long-term outcomes. Idle capital will be deployed onchain through Avalanche-native real-world asset (RWA) products, including tokenized money market funds, to maintain liquidity while reinforcing the broader onchain economy.

The Fund will be managed by the team behind the VanEck Digital Assets Alpha Fund (DAAF), one of the strongest-performing directional liquid token funds in the market, with over $100 million in assets under management. Since launching in 2022, DAAF has focused on investing in liquid tokens tied to scalable products, economic alignment and real adoption. This same approach is being applied to the PurposeBuilt Fund, with a focus on the Avalanche ecosystem, currently valued at nearly $50 billion. The team sees a growing concentration of serious builders leveraging the Avalanche network to pioneer new markets, while generating onchain economic activity. The PurposeBuilt Fund reflects VanEck’s conviction in the “GDP onchain” thesis: that blockchain technology will eventually be core to global economic and financial systems and that the projects that align with this vision will be the most durable.

“The next wave of value in crypto will come from real businesses, not more infrastructure,” said Pranav Kanade, Portfolio Manager of VanEck Digital Assets Alpha Fund. “Avalanche has become a magnet for thoughtful builders, and with the VanEck PurposeBuilt Fund, we’re bringing capital and conviction to the founders creating lasting value, not chasing momentum.”

The Fund is designed to address a persistent challenge in today’s crypto market. Founders launching legitimate blockchain-enabled businesses often struggle to stand out in an environment dominated by short-term speculation. This distorts incentives, undermines token credibility and slows real adoption. The Fund offers strategic, differentiated capital and long-term alignment, empowering mission-driven founders to stay focused, remain long-term oriented and scale effectively.

“VanEck’s launch of the PurposeBuilt Fund marks a pivotal moment for the Avalanche ecosystem,” commented John Nahas, Chief Business Officer at Ava Labs. “We’re seeing a shift away from speculative hype toward real utility and sustainable token economies, and the VanEck PurposeBuilt Fund aims to bring the kind of long-term capital and strategic conviction that builders need to lead that shift. This fund reinforces the strength of Avalanche as the home for serious founders who are scaling real businesses and driving meaningful onchain adoption.”

Avalanche continues to attract teams creating real-world applications across sectors, including DeFi, RWAs, AI, gaming, payments and FinTech. These builders are delivering enterprise-grade products already being adopted by web2 platforms and traditional institutions. The VanEck PurposeBuilt Fund ensures they have the capital, support and signal they need to succeed.

About VanEck

VanEck has a history of looking beyond the financial markets to identify trends that are likely to create impactful investment opportunities. We were one of the first U.S. asset managers to offer investors access to international markets. This set the tone for the firm’s drive to identify asset classes and trends — including gold investing in 1968, emerging markets in 1993, and exchange traded funds in 2006 — that subsequently shaped the investment management industry.

Today, VanEck offers active and passive strategies with compelling exposures supported by well-designed investment processes. As of 4/30/2025, VanEck managed approximately $116.6 billion in assets, including mutual funds, ETFs and institutional accounts. The firm’s capabilities range from core investment opportunities to more specialized exposures to enhance portfolio diversification. Our actively managed strategies are fueled by in-depth, bottom-up research and security selection from portfolio managers with direct experience in the sectors and regions in which they invest. Investability, liquidity, diversity, and transparency are key to the experienced decision-making around market and index selection underlying VanEck’s passive strategies.

Since our founding in 1955, putting our clients’ interests first, in all market environments, has been at the heart of the firm’s mission.

About Avalanche

Avalanche is an ultra-fast, low-latency blockchain platform designed for builders who need high performance at scale. The network’s architecture allows for the creation of sovereign, efficient and fully interoperable public and private layer 1 (L1) blockchains which leverage the Avalanche Consensus Mechanism to achieve high throughput and near-instant transaction finality. The ease and speed of launching an L1, and the breadth of architectural customization choices, make Avalanche the perfect environment for a composable multi-chain future.

Supported by a global community of developers and validators, Avalanche offers a fast, low-cost environment for building decentralized applications (dApps). With its combination of speed, flexibility, and scalability, Avalanche is the platform of choice for innovators pushing the boundaries of blockchain technology.

General Disclosures

This is not an offer to buy or sell, or a recommendation to buy or sell any of the securities, financial instruments or digital assets mentioned herein. The information presented does not involve the rendering of personalized investment, financial, legal, tax advice, or any call to action. Certain statements contained herein may constitute projections, forecasts and other forward-looking statements, which do not reflect actual results, are for illustrative purposes only, are valid as of the date of this communication, and are subject to change without notice. Actual future performance of any assets or industries mentioned are unknown. Information provided by third party sources are believed to be reliable and have not been independently verified for accuracy or completeness and cannot be guaranteed. VanEck does not guarantee the accuracy of third party data. The information herein represents the opinion of the author(s), but not necessarily those of VanEck or its other employees.

Important Disclosures – VanEck PurposeBuilt Fund and VanEck Digital Assets Alpha Fund

The VanEck PurposeBuilt Fund and the VanEck Digital Assets Alpha Fund (together, the “Funds”) are not registered investment companies under the Investment Company Act of 1940 and are therefore not subject to the same regulatory requirements as mutual funds or ETFs. Both Funds rely on an exemption from registration as Commodity Pool Operators under CFTC Rule 4.13(a)(3) and are subject to related trading limitations, investor suitability requirements, and offering and marketing restrictions.

VAN ECK ABSOLUTE RETURN ADVISERS CORPORATION (“VEARA”), THE INVESTMENT MANAGER OF THE FUNDS, IS A MEMBER OF NFA AND IS SUBJECT TO NFA’S REGULATORY OVERSIGHT AND EXAMINATIONS. VEARA HAS ENGAGED OR MAY ENGAGE IN UNDERLYING OR SPOT VIRTUAL CURRENCY TRANSACTIONS IN THE FUNDS. ALTHOUGH NFA HAS JURISDICTION OVER VEARA, YOU SHOULD BE AWARE THAT NFA DOES NOT HAVE REGULATORY OVERSIGHT AUTHORITY FOR UNDERLYING OR SPOT MARKET VIRTUAL CURRENCY PRODUCTS OR TRANSACTIONS OR VIRTUAL CURRENCY EXCHANGES, CUSTODIANS OR MARKETS. YOU SHOULD ALSO BE AWARE THAT GIVEN CERTAIN MATERIAL CHARACTERISTICS OF THESE PRODUCTS, INCLUDING LACK OF A CENTRALIZED PRICING SOURCE AND THE OPAQUE NATURE OF THE VIRTUAL CURRENCY MARKET, THERE CURRENTLY IS NO SOUND OR ACCEPTABLE PRACTICE FOR NFA TO ADEQUATELY VERIFY THE OWNERSHIP AND CONTROL OF A VIRTUAL CURRENCY OR THE VALUATION ATTRIBUTED TO A VIRTUAL CURRENCY BY VEARA.

Each Fund is available to Qualified Purchasers Only. Prospective investors should carefully review the respective Private Placement Memorandum (“PPM”) before investing. There is no guarantee either Fund will achieve its investment objectives, and investors may lose all or a substantial portion of their investment. Past performance is not indicative of future results.

Both Funds pursue speculative investment strategies and involve significant risks. Individual investor performance may vary materially due to factors such as investment timing, new issue participation, expense structures, and the impact of loss carryforwards. Investor performance will be reflected in monthly statements provided by the Administrator.

The VanEck PurposeBuilt Fund seeks capital appreciation through investments in Digital Assets, tokenized real world assets (“RWAs”), Digital Asset projects, and companies associated with the Avalanche ecosystem. Investments include equity, equity-like, and debt instruments of early-stage blockchain and Digital Asset companies. The Fund may employ staking, yield-farming, and investments across centralized and decentralized platforms.

The VanEck Digital Assets Alpha Fund seeks capital appreciation by investing in 5 to 30 Digital Assets with high perceived upside relative to current valuations and generally with market capitalizations above $100 million. It also invests in public and private securities of Digital Asset companies. The Fund intends to generate yield through staking and DeFi-based lending, maintaining a general allocation of 70–90% in Digital Assets with the remainder focused on yield-generating strategies.

VanEck Purpose Build Fund and VanEck Digital Assets Alpha Fund: Investments may include a wide variety of digital instruments and structures, including cryptocurrencies, stablecoins, NFTs, tokens, RWAs, DeFi protocols, DAOs, ICOs, SAFTs, SAFEs, token warrants, and synthetic assets. These technologies are new, may be untested, and are subject to competitive pressures, adoption challenges, and technological obsolescence.

General Digital Asset Risk Disclosures

Cryptocurrencies and digital assets are not suitable for all investors. Investments in digital assets and Web3 companies are highly speculative and involve a high degree of risk. These risks include, but are not limited to: the technology is new and many of its uses may be untested; intense competition; slow adoption rates and the potential for product obsolescence; volatility and limited liquidity, including but not limited to, inability to liquidate a position; loss or destruction of key(s) to access accounts or the blockchain; reliance on digital wallets; reliance on unregulated markets and exchanges; reliance on the internet; cybersecurity risks; and the lack of regulation and the potential for new laws and regulation that may be difficult to predict. Moreover, the extent to which Web3 companies or digital assets utilize blockchain technology may vary, and it is possible that even widespread adoption of blockchain technology may not result in a material increase in the value of such companies or digital assets.

Digital asset prices are highly volatile, and the value of digital assets, and Web3 companies, can rise or fall dramatically and quickly. If their value goes down, there’s no guarantee that it will rise again. As a result, there is a significant risk of loss of your entire principal investment.

Digital assets are not generally backed or supported by any government or central bank and are not covered by FDIC or SIPC insurance. Accounts at digital asset custodians and exchanges are not protected by SPIC and are not FDIC insured. Furthermore, markets and exchanges for digital assets are not regulated with the same controls or customer protections available in traditional equity, option, futures, or foreign exchange investing.

Digital assets include, but are not limited to, cryptocurrencies, tokens, NFTs, assets stored or created using blockchain technology, and other Web3 products.

Web3 companies include but are not limited to, companies that involve the development, innovation, and/or utilization of blockchain, digital assets, or crypto technologies.

This communication is for informational purposes only and does not constitute financial, tax, or legal advice, nor a recommendation to buy or sell any cryptocurrency or fund interest.

©️ Van Eck Securities Corporation, Distributor, a wholly owned subsidiary of Van Eck Associates Corporation
666 Third Avenue, New York, NY 10017
Phone: 800.826.2333
Email: info@vaneck.com

Media Contact

Kayla Gill
Serotonin
kayla@serotonin.co

The MIL Network –

May 21, 2025
MIL-OSI Asia-Pac: President Lai hosts state banquet for President Surangel Whipps Jr. of Republic of Palau

Source: Republic of China Taiwan

Details
2025-05-20
President Lai and President Surangel S. Whipps, Jr. of Palau hold bilateral talks and witness signing of cooperation agreements
On the afternoon of May 20, following a welcome ceremony with military honors for President Surangel S. Whipps, Jr. of the Republic of Palau and his wife, President Lai Ching-te, accompanied by Vice President Bi-khim Hsiao, held bilateral talks with President Whipps at the Presidential Office. The two leaders also jointly witnessed the signing of a technical cooperation agreement and an agreement on diplomatic staff training cooperation. In remarks, President Lai thanked Palau for standing firm in its backing of Taiwan’s international participation as geopolitical tensions continue to increase in the Pacific region. He added that he looks forward to the cooperative ties between Taiwan and Palau continuing to expand into even broader areas, allowing our economies and societies to further progress as we jointly advance peace, stability, and prosperity in the Indo-Pacific region. A translation of President Lai’s remarks follows: I welcome our guests to Taiwan once again. Last year on May 20, President Whipps led a delegation to attend the inauguration ceremony for myself and Vice President Hsiao. I am delighted, on the anniversary of my first year in office, to meet with old friends of Taiwan again, as President Whipps returns for this visit. Taiwan-Palau relations have grown even closer in recent years thanks to the strong support of President Whipps. In 2022, during my term as vice president, I led a delegation to Palau as a demonstration of how our nations were together boosting tourism development as we jointly faced the challenges of the COVID-19 pandemic. Every time I visit Palau, and every time I meet with President Whipps, I feel very deeply that Taiwan and Palau are like family. We are both maritime nations and share a common Austronesian heritage and culture. We are also staunch partners in upholding such values as freedom, democracy, and respect for human rights. Last December, when I went on my first overseas trip since taking office, one of the nations I visited was Palau. We celebrated the 30th anniversary of Palau’s independence and 25 years of diplomatic relations, underscoring our friendly ties. Taiwan and Palau enjoy close exchanges and cooperation in a range of areas, including climate change, education, agriculture and fisheries, healthcare, humanitarian assistance, sports, and culture. After this meeting, President Whipps and I will witness the signing of a technical cooperation agreement and an agreement on diplomatic staff training cooperation, demonstrating once again our diverse collaboration and strong friendship. I believe that by working together, Taiwan and Palau can contribute to each other’s development and overcome the regional and global challenges we currently face. In particular, as geopolitical tensions continue to increase in the Pacific region, Palau has wisely and courageously upheld democratic values and stood firm in its backing of Taiwan’s international participation. Palau has never stopped voicing support for Taiwan, including at the United Nations General Assembly, the World Health Organization, the UN Framework Convention on Climate Change Conference of the Parties, and the UN Ocean Conference. We have been deeply moved by this support. I thank President Whipps again for his high regard and support for Taiwan. I look forward to the cooperative ties between our nations continuing to expand into even broader areas. This will allow our economies and societies to further progress as we jointly advance peace, stability, and prosperity in the Indo-Pacific region. President Whipps then delivered remarks, saying that it is a great honor for him to be here, standing in this historic place – a symbol of strength, resilience, and the democratic spirit of the Taiwanese people. On behalf of the government of Palau, President Whipps extended heartfelt gratitude to President Lai and the people of Taiwan for the warm welcome and gracious hospitality toward him and his delegation. President Whipps then extended sincere thanks for President Lai’s visit to Palau in December – his second visit to Palau – and for having Minister of Foreign Affairs Lin Chia-lung (林佳龍) attend his inauguration as a special envoy. He added that this also marks his third visit to Taiwan since President Lai took office, saying that this demonstrates the strength of our growing relationship. President Whipps indicated that the increased engagements and numerous entrepreneurs that President Lai has brought from Taiwan to Palau have resulted in fruitful visits, and that President Lai’s leadership represents hope, unity, and continued advancement of democracy and freedom, not only for Taiwan, but for the broader Indo-Pacific region. President Whipps went on to say that this visit to Taiwan reaffirms our deep friendship and shared values between our two nations. He emphasized that Palau and Taiwan are bound not by proximity, but by purpose, in that both are island nations and believe in human dignity, the rule of law, and the right of our people to determine their own futures. President Whipps stated that although we are celebrating 26 years of diplomatic relations, Taiwan has been a steadfast partner of Palau for decades, and that one of the MOUs they are signing further extends the relationship that began in December of 1984. From healthcare and medical missions, to education, agriculture, renewable energy, infrastructure, the private sector, tourism development, and climate resilience, he said, our cooperation has improved lives and strengthened our communities. The president also indicated that during the COVID-19 pandemic, Taiwan stood with Palau, noting that both sides began the tourism bubble, and that President Lai came to Palau to reopen the two weekly direct flights that have now been increased to four. That solidarity will never be forgotten, he said. As the world faces growing uncertainty and complex challenges from climate change to global tensions, President Whipps said, this friendship becomes even more vital. The president concluded his remarks by expressing hope that both nations continue to stand together, work together, and advocate together for peace, prosperity, and for the right of small nations to be seen, heard, and respected. After the bilateral talks, President Lai and President Whipps witnessed the signing of the technical cooperation agreement and the agreement on diplomatic staff training cooperation by Minister Lin and Palauan Minister of State Gustav Aitaro. The delegation also included Palauan Minister of Public Infrastructure and Industries Charles Obichang, Minister of Human Resources, Culture, Tourism and Development Ngiraibelas Tmetuchl, Senate Floor Leader Kerai Mariur, House of Delegates Floor Leader Warren Umetaro, High Chief of Ngiwal State Elliot Udui, Governor of Peleliu State Emais Roberts, and Governor of Koror State Eyos Rudimch.

Details
2025-05-20
President Lai interviewed by Nippon Television and Yomiuri TV
In a recent interview on Nippon Television’s news zero program, President Lai Ching-te responded to questions from host Mr. Sakurai Sho and Yomiuri TV Shanghai Bureau Chief Watanabe Masayo on topics including reflections on his first year in office, cross-strait relations, China’s military threats, Taiwan-United States relations, and Taiwan-Japan relations. The interview was broadcast on the evening of May 19. During the interview, President Lai stated that China intends to change the world’s rules-based international order, and that if Taiwan were invaded, global supply chains would be disrupted. Therefore, he said, Taiwan will strengthen its national defense, prevent war by preparing for war, and achieve the goal of peace. The president also noted that Taiwan’s purpose for developing drones is based on national security and industrial needs, and that Taiwan hopes to collaborate with Japan. He then reiterated that China’s threats are an international problem, and expressed hope to work together with the US, Japan, and others in the global democratic community to prevent China from starting a war. Following is the text of the questions and the president’s responses: Q: How do you feel as you are about to round out your first year in office? President Lai: When I was young, I was determined to practice medicine and save lives. When I left medicine to go into politics, I was determined to transform Taiwan. And when I was sworn in as president on May 20 last year, I was determined to strengthen the nation. Time flies, and it has already been a year. Although the process has been very challenging, I am deeply honored to be a part of it. I am also profoundly grateful to our citizens for allowing me the opportunity to give back to our country. The future will certainly be full of more challenges, but I will do everything I can to unite the people and continue strengthening the nation. That is how I am feeling now. Q: We are now coming up on the 80th anniversary of the end of World War II, and over this period, we have often heard that conflict between Taiwan and the mainland is imminent. Do you personally believe that a cross-strait conflict could happen? President Lai: The international community is very much aware that China intends to replace the US and change the world’s rules-based international order, and annexing Taiwan is just the first step. So, as China’s military power grows stronger, some members of the international community are naturally on edge about whether a cross-strait conflict will break out. The international community must certainly do everything in its power to avoid a conflict in the Taiwan Strait; there is too great a cost. Besides causing direct disasters to both Taiwan and China, the impact on the global economy would be even greater, with estimated losses of US$10 trillion from war alone – that is roughly 10 percent of the global GDP. Additionally, 20 percent of global shipping passes through the Taiwan Strait and surrounding waters, so if a conflict breaks out in the strait, other countries including Japan and Korea would suffer a grave impact. For Japan and Korea, a quarter of external transit passes through the Taiwan Strait and surrounding waters, and a third of the various energy resources and minerals shipped back from other countries pass through said areas. If Taiwan were invaded, global supply chains would be disrupted, and therefore conflict in the Taiwan Strait must be avoided. Such a conflict is indeed avoidable. I am very thankful to Prime Minister of Japan Ishiba Shigeru and former Prime Ministers Abe Shinzo, Suga Yoshihide, and Kishida Fumio, as well as US President Donald Trump and former President Joe Biden, and the other G7 leaders, for continuing to emphasize at international venues that peace and stability across the Taiwan Strait are essential components for global security and prosperity. When everyone in the global democratic community works together, stacking up enough strength to make China’s objectives unattainable or to make the cost of invading Taiwan too high for it to bear, a conflict in the strait can naturally be avoided. Q: As you said, President Lai, maintaining peace and stability across the Taiwan Strait is also very important for other countries. How can war be avoided? What sort of countermeasures is Taiwan prepared to take to prevent war? President Lai: As Mr. Sakurai mentioned earlier, we are coming up on the 80th anniversary of the end of WWII. There are many lessons we can take from that war. First is that peace is priceless, and war has no winners. From the tragedies of WWII, there are lessons that humanity should learn. We must pursue peace, and not start wars blindly, as that would be a major disaster for humanity. In other words, we must be determined to safeguard peace. The second lesson is that we cannot be complacent toward authoritarian powers. If you give them an inch, they will take a mile. They will keep growing, and eventually, not only will peace be unattainable, but war will be inevitable. The third lesson is why WWII ended: It ended because different groups joined together in solidarity. Taiwan, Japan, and the Indo-Pacific region are all directly subjected to China’s threats, so we hope to be able to join together in cooperation. This is why we proposed the Four Pillars of Peace action plan. First, we will strengthen our national defense. Second, we will strengthen economic resilience. Third is standing shoulder to shoulder with the democratic community to demonstrate the strength of deterrence. Fourth is that as long as China treats Taiwan with parity and dignity, Taiwan is willing to conduct exchanges and cooperate with China, and seek peace and mutual prosperity. These four pillars can help us avoid war and achieve peace. That is to say, Taiwan hopes to achieve peace through strength, prevent war by preparing for war, keeping war from happening and pursuing the goal of peace. Q: Regarding drones, everyone knows that recently, Taiwan has been actively researching, developing, and introducing drones. Why do you need to actively research, develop, and introduce new drones at this time? President Lai: This is for two purposes. The first is to meet national security needs. The second is to meet industrial development needs. Because Taiwan, Japan, and the Philippines are all part of the first island chain, and we are all democratic nations, we cannot be like an authoritarian country like China, which has an unlimited national defense budget. In this kind of situation, island nations such as Taiwan, Japan, and the Philippines should leverage their own technologies to develop national defense methods that are asymmetric and utilize unmanned vehicles. In particular, from the Russo-Ukrainian War, we see that Ukraine has successfully utilized unmanned vehicles to protect itself and prevent Russia from unlimited invasion. In other words, the Russo-Ukrainian War has already proven the importance of drones. Therefore, the first purpose of developing drones is based on national security needs. Second, the world has already entered the era of smart technology. Whether generative, agentic, or physical, AI will continue to develop. In the future, cars and ships will also evolve into unmanned vehicles and unmanned boats, and there will be unmanned factories. Drones will even be able to assist with postal deliveries, or services like Uber, Uber Eats, and foodpanda, or agricultural irrigation and pesticide spraying. Therefore, in the future era of comprehensive smart technology, developing unmanned vehicles is a necessity. Taiwan, based on industrial needs, is actively planning the development of drones and unmanned vehicles. I would like to take this opportunity to express Taiwan’s hope to collaborate with Japan in the unmanned vehicle industry. Just as we do in the semiconductor industry, where Japan has raw materials, equipment, and technology, and Taiwan has wafer manufacturing, our two countries can cooperate. Japan is a technological power, and Taiwan also has significant technological strengths. If Taiwan and Japan work together, we will not only be able to safeguard peace and stability in the Taiwan Strait and security in the Indo-Pacific region, but it will also be very helpful for the industrial development of both countries. Q: The drones you just described probably include examples from the Russo-Ukrainian War. Taiwan and China are separated by the Taiwan Strait. Do our drones need to have cross-sea flight capabilities? President Lai: Taiwan does not intend to counterattack the mainland, and does not intend to invade any country. Taiwan’s drones are meant to protect our own nation and territory. Q: Former President Biden previously stated that US forces would assist Taiwan’s defense in the event of an attack. President Trump, however, has yet to clearly state that the US would help defend Taiwan. Do you think that in such an event, the US would help defend Taiwan? Or is Taiwan now trying to persuade the US? President Lai: Former President Biden and President Trump have answered questions from reporters. Although their responses were different, strong cooperation with Taiwan under the Biden administration has continued under the Trump administration; there has been no change. During President Trump’s first term, cooperation with Taiwan was broader and deeper compared to former President Barack Obama’s terms. After former President Biden took office, cooperation with Taiwan increased compared to President Trump’s first term. Now, during President Trump’s second term, cooperation with Taiwan is even greater than under former President Biden. Taiwan-US cooperation continues to grow stronger, and has not changed just because President Trump and former President Biden gave different responses to reporters. Furthermore, the Trump administration publicly stated that in the future, the US will shift its strategic focus from Europe to the Indo-Pacific. The US secretary of defense even publicly stated that the primary mission of the US is to prevent China from invading Taiwan, maintain stability in the Indo-Pacific, and thus maintain world peace. There is a saying in Taiwan that goes, “Help comes most to those who help themselves.” Before asking friends and allies for assistance in facing threats from China, Taiwan must first be determined and prepared to defend itself. This is Taiwan’s principle, and we are working in this direction, making all the necessary preparations to safeguard the nation. Q: I would like to ask you a question about Taiwan-Japan relations. After the Great East Japan Earthquake in 2011, you made an appeal to give Japan a great deal of assistance and care. In particular, you visited Sendai to offer condolences. Later, you also expressed condolences and concern after the earthquakes in Aomori and Kumamoto. What are your expectations for future Taiwan-Japan exchanges and development? President Lai: I come from Tainan, and my constituency is in Tainan. Tainan has very deep ties with Japan, and of course, Taiwan also has deep ties with Japan. However, among Taiwan’s 22 counties and cities, Tainan has the deepest relationship with Japan. I sincerely hope that both of you and your teams will have an opportunity to visit Tainan. I will introduce Tainan’s scenery, including architecture from the era of Japanese rule, Tainan’s cuisine, and unique aspects of Tainan society, and you can also see lifestyles and culture from the Showa era. The Wushantou Reservoir in Tainan was completed by engineer Mr. Hatta Yoichi from Kanazawa, Japan and the team he led to Tainan after he graduated from then-Tokyo Imperial University. It has nearly a century of history and is still in use today. This reservoir, along with the 16,000-km-long Chianan Canal, transformed the 150,000-hectare Chianan Plain into Taiwan’s premier rice-growing area. It was that foundation in agriculture that enabled Taiwan to develop industry and the technology sector of today. The reservoir continues to supply water to Tainan Science Park. It is used by residents of Tainan, the agricultural sector, and industry, and even the technology sector in Xinshi Industrial Park, as well as Taiwan Semiconductor Manufacturing Company. Because of this, the people of Tainan are deeply grateful for Mr. Hatta and very friendly toward the people of Japan. A major earthquake, the largest in 50 years, struck Tainan on February 6, 2016, resulting in significant casualties. As mayor of Tainan at the time, I was extremely grateful to then-Prime Minister Abe, who sent five Japanese officials to the disaster site in Tainan the day after the earthquake. They were very thoughtful and asked what kind of assistance we needed from the Japanese government. They offered to provide help based on what we needed. I was deeply moved, as former Prime Minister Abe showed such care, going beyond the formality of just sending supplies that we may or may not have actually needed. Instead, the officials asked what we needed and then provided assistance based on those needs, which really moved me. Similarly, when the Great East Japan Earthquake of 2011 or the later Kumamoto earthquakes struck, the people of Tainan, under my leadership, naturally and dutifully expressed their support. Even earlier, when central Taiwan was hit by a major earthquake in 1999, Japan was the first country to deploy a rescue team to the disaster area. On February 6, 2018, after a major earthquake in Hualien, former Prime Minister Abe appeared in a video holding up a message of encouragement he had written in calligraphy saying “Remain strong, Taiwan.” All of Taiwan was deeply moved. Over the years, Taiwan and Japan have supported each other when earthquakes struck, and have forged bonds that are family-like, not just neighborly. This is truly valuable. In the future, I hope Taiwan and Japan can be like brothers, and that the peoples of Taiwan and Japan can treat one another like family. If Taiwan has a problem, then Japan has a problem; if Japan has a problem, then Taiwan has a problem. By caring for and helping each other, we can face various challenges and difficulties, and pursue a brighter future. Q: President Lai, you just used the phrase “If Taiwan has a problem, then Japan has a problem.” In the event that China attempts to invade Taiwan by force, what kind of response measures would you hope the US military and Japan’s Self-Defense Forces take? President Lai: As I just mentioned, annexing Taiwan is only China’s first step. Its ultimate objective is to change the rules-based international order. That being the case, China’s threats are an international problem. So, I would very much hope to work together with the US, Japan, and others in the global democratic community to prevent China from starting a war – prevention, after all, is more important than cure.

Details
2025-05-13
President Lai interviewed by Japan’s Nikkei
In a recent interview with Japan’s Nikkei, President Lai Ching-te responded to questions regarding Taiwan-Japan and Taiwan-United States relations, cross-strait relations, the semiconductor industry, and the international economic and trade landscape. The interview was published by Nikkei on May 13. President Lai indicated that Nikkei, Inc. is a global news organization that has received significant recognition both domestically and internationally, and that he is deeply honored to be interviewed by Nikkei and grateful for their invitation. The president said that he would like to take this rare opportunity to thank Japan’s government, National Diet, society, and public for their longstanding support for Taiwan. Noting that current Prime Minister Ishiba Shigeru and former Prime Ministers Abe Shinzo, Suga Yoshihide, and Kishida Fumio have all strongly supported Taiwan, he said that the peoples of Taiwan and Japan also have a deep mutual affection, and that through the interview, he hopes to enhance the bilateral relationship between Taiwan and Japan, deepen the affection between our peoples, and foster more future cooperation to promote prosperity and development in both countries. In response to questions raised on the free trade system and the recent tariff war, President Lai indicated that over the past few decades, the free economy headed by the Western world and led by the US has brought economic prosperity and political stability to Taiwan and Japan. At the same time, he said, we have also learned or followed many Western values. The president said he believes that Taiwan and Japan are exemplary students, but some countries are not. Therefore, he said, the biggest crisis right now is China, which exploits the free trade system to engage in plagiarism and counterfeiting, infringe on intellectual property rights, and even provide massive government subsidies that facilitate the dumping of low-priced goods worldwide, which has a major impact on many countries including Japan and Taiwan. If this kind of unfair trade is not resolved, he said, the stable societies and economic prosperity we have painstakingly built over decades, as well as some of the values we pursue, could be destroyed. Therefore, President Lai said he thinks it is worthwhile for us to observe the recent willingness of the US to address unfair trade, and if necessary, offer assistance. President Lai emphasized that the national strategic plan for Taiwanese industries is for them to be rooted in Taiwan while expanding their global presence and marketing worldwide. Therefore, he said, while the 32 percent tariff increase imposed by the US on Taiwan is indeed a major challenge, we are willing to address it seriously and find opportunities within that challenge, making Taiwan’s strategic plan for industry even more comprehensive. When asked about Taiwan’s trade arrangements, President Lai indicated that in 2010 China accounted for 83.8 percent of Taiwan’s outbound investment, but last year it accounted for only 7.5 percent. In 2020, he went on, 43.9 percent of Taiwan’s exports went to China, but that figure dropped to 31.7 percent in 2024. The president said that we have systematically transferred investments from Taiwanese enterprises to Japan, Southeast Asia, Europe, and the US. Therefore, he said, last year Taiwan’s largest outbound investment was in the US, accounting for roughly 40 percent of the total. Nevertheless, only 23.4 percent of Taiwanese products were sold to the US, with 76.6 percent sold to places other than the US, he said. The president emphasized that we don’t want to put all our eggs in one basket, and hope to establish a global presence. Under these circumstances, he said, Taiwan is very eager to cooperate with Japan. President Lai stated that at this moment, the Indo-Pacific and international community really need Japan’s leadership, especially to make the Comprehensive and Progressive Agreement for Trans-Pacific Partnership (CPTPP) excel in its functions, and also requested Japan to support Taiwan’s CPTPP accession. The president said that Taiwan hopes to sign an Economic Partnership Agreement (EPA) with Japan to build closer ties in economic trade and promote further investment, and that we also hope to strengthen relations with the European Union, and even other regions. Currently, he said, we are proposing an initiative on global semiconductor supply chain partnerships for democracies, because the semiconductor industry is an ecosystem. The president raised the example that Japan has materials, equipment, and technology; the US has IC design and marketing; Taiwan has production and manufacturing; and the Netherlands excels in equipment, saying we therefore hope to leverage Taiwan’s advantages in production and manufacturing to connect the democratic community and establish a global non-red supply chain for semiconductors, ensuring further world prosperity and development in the future, and ensuring that free trade can continue to function without being affected by dumping, which would undermine future prosperity and development. The president stated that as we want industries to expand their global presence and market internationally while staying rooted here in Taiwan, having industries rooted in Taiwan involves promoting pay raises for employees, tax cuts, and deregulation, as well as promoting enterprise investment tax credits. He said that we have also proposed Three Major Programs for Investing in Taiwan for Taiwanese enterprises and are actively resolving issues regarding access to water, electricity, land, human resources, and professional talent so that the business community can return to Taiwan to invest, or enterprises in Taiwan can increase their investments. He went on to say that we are also actively signing bilateral investment agreements with friends and allies so that when our companies invest and expand their presence abroad, their rights and interests as investors are ensured. President Lai mentioned that Taiwan hopes to sign an EPA with Japan, similar to the Taiwan-US Initiative on 21st-Century Trade and the Economic Prosperity Partnership Dialogue, or the Enhanced Trade Partnership arrangement with the United Kingdom, or similar agreements or memorandums of understanding with Canada and Australia that allow Taiwanese products to be marketed worldwide, concluding that those are our overall arrangements. Looking at the history of Taiwan’s industrial development, President Lai indicated, of course it began in Taiwan, and then moved west to China and south to Southeast Asia. He said that we hope to take this opportunity to strengthen cooperation with Japan to the north, across the Pacific Ocean to the east, and develop the North American market, making Taiwan’s industries even stronger. In other words, he said, while Taiwan sees the current reciprocal tariffs imposed by the US as a kind of challenge, it also views these changes positively. On the topic of pressure from China affecting Taiwan’s participation in international frameworks such as the CPTPP or its signing of an EPA with Japan, President Lai responded that the key point is what kind of attitude we should adopt in viewing China’s acts of oppression. If we act based on our belief in free trade, he said, or on the universal values we pursue – democracy, freedom, and respect for human rights – and also on the understanding that a bilateral trade agreement between Taiwan and Japan would contribute to the economic prosperity and development of both countries, or that Taiwan’s accession to the CPTPP would benefit progress and prosperity in the Indo-Pacific region, then he hopes that friends and allies will strongly support us. On the Trump administration’s intentions regarding the reciprocal tariff policy and the possibility of taxing semiconductors, as well as how Taiwan plans to respond, President Lai said that since President Trump took office, he has paid close attention to interviews with both him and his staff. The president said that several of President Trump’s main intentions are: First, he wants to address the US fiscal situation. For example, President Lai said, while the US GDP is about US$29 trillion annually, its national debt stands at US$36 trillion, which is roughly 124 percent of GDP. Second, he went on, annual government spending exceeds US$6.5 trillion, but revenues are only around US$4.5 trillion, resulting in a nearly US$2 trillion deficit each year, about 7 percent of GDP. Third, he said, the US pays nearly US$1.2 trillion in interest annually, which exceeds the US$1 trillion defense budget and accounts for more than 3 percent of GDP. Fourth, President Trump still wants to implement tax cuts, aiming to reduce taxes for 85 percent of Americans, he said, noting that this would cost between US$500 billion and US$1 trillion. These points, President Lai said, illustrate his first goal: solving the fiscal problem. President Lai went on to say that second, the US feels the threat of China and believes that reindustrialization is essential; without reindustrialization, the US risks a growing gap in industrial capacity compared to China. Third, he said, in this era of global smart technology, President Trump wants to lead the nation to become a world center of AI. Fourth, he aims to ensure world peace and prevent future wars, President Lai said. In regard to what the US seeks to achieve, he said he believes these four areas form the core of the Trump administration’s intentions, and that is why President Trump has raised tariffs, demanded that trading partners purchase more American goods, and encouraged friendly and allied nations to invest in the US, all in order to achieve these goals. President Lai indicated that the 32 percent reciprocal tariff poses a critical challenge for Taiwan, and we must treat it seriously. He said that our approach is not confrontation, but negotiation to reduce tariffs, and that we have also agreed to measures such as procurement, investment, resolving non-tariff trade barriers, and addressing origin washing in order to effectively reduce the trade deficit between Taiwan and the US. Of course, he said, through this negotiation process, we also hope to turn challenges into opportunities. The president said that first, we aim to start negotiations from the proposal of zero tariffs and seek to establish a bilateral trade agreement with the US. Second, he went on, we hope to support US reindustrialization and its aim to become a world AI hub through investment, while simultaneously upgrading and transforming Taiwan’s industries, which would help further integrate Taiwan’s industries into the US economic structure, ensuring Taiwan’s long-term development. President Lai emphasized again that Taiwan’s national industrial strategy is for industries to stay firmly rooted in Taiwan while expanding their global presence and marketing worldwide. He repeated that we have gone from moving westward across the Taiwan Strait, to shifting southbound, to working closer northward with Japan, and now the time is ripe for us to expand eastward by investing in North America. In other words, he said, while we take this challenge seriously to protect national interests and ensure that no industry is sacrificed, we also hope these negotiations will lead to deeper Taiwan-US trade relations through Taiwanese investment in the US, concluding that these are our expectations. The president stated that naturally, the reciprocal tariffs imposed by the US will have an impact on Taiwanese industries, so in response, the Taiwanese government has already proposed support measures for affected industries totaling NT$93 billion. In addition, he said, we have outlined broader needs for Taiwan’s long-term development, which will be covered by a special budget proposal of NT$410 billion, noting that this has already been approved by the Executive Yuan and will be submitted to the Legislative Yuan for review. He said that this special budget proposal addresses four main areas: supporting industries, stabilizing employment, protecting people’s livelihoods, and enhancing resilience. As for tariffs on semiconductors, President Lai said, Taiwan Semiconductor Manufacturing Company (TSMC) has committed to investing in the US at the request of its customers. He said he believes that TSMC’s industry chain will follow suit, and that these are concrete actions that are unrelated to tariffs. However, he said, if the US were to invoke Section 232 and impose tariffs on semiconductors or related industries, it would discourage Taiwanese semiconductor and ICT investments in the US, and that we will make this position clear to the US going forward. President Lai indicated that among Taiwan’s exports to the US, there are two main categories: ICT products and electronic components, which together account for 65.4 percent. These are essential to the US, he said, unlike final goods such as cups, tables, or mattresses. He went on to say that what Taiwan sells to the US are the technological products required by AI designers like NVIDIA, AMD, Amazon, Google, and Apple, and that therefore, we will make sure the US understands clearly that we are not exporting end products, but the high-tech components necessary for the US to reindustrialize and become a global AI center. Furthermore, the president said, Taiwan is also willing to increase its defense budget and military procurement. He stated that Taiwan is committed to defending itself and is strongly willing to cooperate with friends and allies to ensure regional peace and stability, and that this is also something President Trump hopes to see. Asked whether TSMC’s fabs overseas could weaken Taiwan’s strategic position as a key hub for semiconductor manufacturing, and whether that could then give other countries fewer incentives to protect Taiwan, President Lai responded by saying that political leaders around the world including Japan’s Prime Minister Ishiba and former Prime Ministers Abe, Suga, and Kishida have emphasized, at the G7 and other major international fora, that peace and stability in the Taiwan Strait are essential for global security and prosperity. In other words, he explained, the international community cares about Taiwan and supports peace and stability in the Taiwan Strait because Taiwan is located in the first island chain in the Indo-Pacific, directly facing China. He pointed out that if Taiwan is not protected, China’s expansionist ambitions will certainly grow, which would impact the current rules-based international order. Thus, he said, the international community willingly cares about Taiwan and supports stability in the Taiwan Strait – that is the reason, and it has no direct connection with TSMC. He noted that after all, TSMC has not made investments in that many countries, stressing that, on that point, it is clear. President Lai said that TSMC’s investments in Japan, Europe, and the US are all natural, normal economic and investment activities. He said that Taiwan is a democratic country whose society is based on the rule of law, so when Taiwanese companies need to invest around the world for business needs, the government will support those investments in principle so long as they do not harm national interests. President Lai said that after TSMC Chairman C.C. Wei (魏哲家) held a press conference with President Trump to announce the investment in the US, Chairman Wei returned to Taiwan to hold a press conference with him at the Presidential Office, where the chairman explained to the Taiwanese public that TSMC’s R&D center will remain in Taiwan and that the facilities it has already committed to investing in here will not change and will not be affected. So, the president explained, to put it another way, TSMC will not be weakened by its investment in the US. He further emphasized that Taiwan has strengths in semiconductor manufacturing and is very willing to work alongside other democratic countries to promote the next stage of global prosperity and development. A question was raised about which side should be chosen between the US and China, under the current perception of a return to the Cold War, with East and West facing off as two opposing blocs. President Lai responded by saying that some experts and scholars describe the current situation as entering a new Cold War era between democratic and authoritarian camps; others assert that the war has already begun, including information warfare, economic and trade wars, and the ongoing wars in Europe – the Russo-Ukrainian War – and the Middle East, and the Israel-Hamas conflict. The president said that these are all matters experts have cautioned about, noting that he is not a historian and so will not attempt to define today’s political situation from an academic standpoint. However, he said, he believes that every country has a choice, which is to say, Taiwan, Japan, or any other nation does not necessarily have to choose between the US and China. What we are deciding, he said, is whether our country will maintain a democratic constitutional system or regress into an authoritarian regime, and this is essentially a choice of values – not merely a choice between two major powers. President Lai said that Taiwan’s situation is different from other countries because we face a direct threat from China. He pointed out that we have experienced military conflicts such as the August 23 Artillery Battle and the Battle of Guningtou – actual wars between the Republic of China and the People’s Republic of China. He said that China’s ambition to annex Taiwan has never wavered, and that today, China’s political and military intimidation, as well as internal united front infiltration, are growing increasingly intense. Therefore, he underlined, to defend democracy and sovereignty, protect our free and democratic system, and ensure the safety of our people’s lives and property, Taiwan’s choice is clear. President Lai said that China’s military exercises are not limited to the Taiwan Strait, and include the East China Sea, South China Sea, and even the Sea of Japan, as well as areas around Korea and Australia. Emphasizing that Taiwan, Japan, Australia, and the Philippines are all democratic nations, the president said that Taiwan’s choice is clear, and that he believes Japan also has no other choice. We are all democratic countries, he said, whose people have long pursued the universal values of democracy, freedom, and respect for human rights, and that is what is most important. Regarding the intensifying tensions between the US and China, the president was asked what roles Taiwan and Japan can play. President Lai responded that in his view, Japan is a powerful nation, and he sincerely hopes that Japan can take a leading role amid these changes in the international landscape. He said he believes that countries in the Indo-Pacific region are also willing to respond. He suggested several areas where we can work together: first, democracy and peace; second, innovation and prosperity; and third, justice and sustainability. President Lai stated that in the face of authoritarian threats, we should let peace be our beacon and democracy our compass as we respond to the challenges posed by authoritarian states. Second, he added, as the world enters an era characterized by the comprehensive adoption of smart technologies, Japan and Taiwan should collaborate in the field of innovation to further drive regional prosperity and development. Third, he continued, is justice and sustainability. He explained that because international society still has many issues that need to be resolved, Taiwan and Japan can cooperate for the public good, helping countries in need around the world, and cooperating to address climate change and achieve net-zero transition by 2050. Asked whether he hopes that the US will continue to be a leader in the liberal democratic system, President Lai responded by saying that although the US severed diplomatic ties with the Republic of China, for the past few decades it has assisted Taiwan in various areas such as national defense, security, and countering threats from China, based on the Taiwan Relations Act and the Six Assurances. He pointed out that Taiwan has also benefited, directly and indirectly, in terms of politics, democracy, and economic prosperity thanks to the US, and so Taiwan naturally hopes that the US remains strong and continues to lead the world. President Lai said that when the US encounters difficulties, whether financial difficulties, reindustrialization issues, or becoming a global center for AI, and hopes to receive support from its friends and allies to jointly safeguard regional peace and stability, Taiwan is willing to stand together for a common cause. If the US remains strong, he said, that helps Taiwan, the Indo-Pacific region, and the world as a whole. Noting that while the vital role of the US on the global stage has not changed, the president said that after decades of shouldering global responsibilities, it has encountered some issues. Now, it has to make adjustments, he said, stating his firm belief that it will do so swiftly, and quickly resume its leadership role in the world. Asked to comment on remarks he made during his election campaign that he would like to invite China’s President Xi Jinping for bubble tea, President Lai responded that Taiwan is a peace-loving country, and Taiwanese society is inherently kind, and therefore we hope to get along peacefully with China, living in peace and mutual prosperity. So, during his term as vice president, he said, he was expressing the goodwill of Taiwanese society. Noting that while he of course understands that China’s President Xi would have certain difficulties in accepting this, he emphasized that the goodwill of Taiwanese society has always existed. If China reflects on the past two or three decades, he said, it will see that its economy was able to develop with Taiwan as its largest foreign investor. The president explained that every year, 1 to 2 million Taiwanese were starting businesses or investing in China, creating numerous job opportunities and stabilizing Chinese society. While many Taiwanese businesses have profited, he said, Chinese society has benefited even more. He added that every time a natural disaster occurs, if China is in need, Taiwanese always offer donations. Therefore, the president said, he hopes that China can face the reality of the Republic of China’s existence and understand that the people of Taiwan hope to continue living free and democratic lives with respect for human rights. He also expressed hope that China can pay attention to the goodwill of Taiwanese society. He underlined that we have not abandoned the notion that as long as there is parity, dignity, exchange, and cooperation, the goodwill of choosing dialogue over confrontation and exchange over containment will always exist. Asked for his view on the national security reforms in response to China’s espionage activities and infiltration attempts, President Lai said that China’s united front infiltration activities in Taiwan are indeed very serious. He said that China’s ambitions to annex Taiwan rely not only on the use of political and military intimidation, but also on its long-term united front and infiltration activities in Taiwanese society. Recently, he pointed out, the Taiwan High Prosecutors Office of the Ministry of Justice prosecuted 64 spies, which is three times the number in 2021, and in addition to active-duty military personnel, many retired military personnel were also indicted. Moreover, he added, Taiwan also has the Chinese Unification Promotion Party, which has a background in organized crime, Rehabilitation Alliance Party, which was established by retired military personnel, and Republic of China Taiwan Military Government, which is also composed of retired generals. He explained that these are all China’s front organizations, and they plan one day to engage in collaboration within Taiwan, which shows the seriousness of China’s infiltration in Taiwan. Therefore, the president said, in the recent past he convened a high-level national security meeting and proposed 17 response strategies across five areas. He then enumerated the five areas: first, to address China’s threat to Taiwan’s sovereignty; second, to respond to the threat of China’s obscuring the Taiwanese people’s sense of national identity; third, to respond to the threat of China’s infiltrating and recruiting members of the ROC Armed Forces as spies; fourth, to respond to the threat of China’s infiltration of Taiwanese society through societal exchanges and united front work; and fifth, to respond to the threat of China using “integration plans” to draw Taiwan’s young people and Taiwanese businesses into its united front activities. In response to these five major threats, he said, he has proposed 17 response strategies, one of which being to restore the military trial system. He explained that if active-duty military personnel commit military crimes, they must be subject to military trials, and said that this expresses the Taiwanese government’s determination to respond to China’s united front infiltration and the subversion of Taiwan. Responding to the question of which actions Taiwan can take to guard against China’s threats to regional security, President Lai said that many people are worried that the increasingly tense situation may lead to accidental conflict and the outbreak of war. He stated his own view that Taiwan is committed to facing China’s various threats with caution. Taiwan is never the source of these problems, he emphasized, and if there is an accidental conflict and it turns into a full-scale war, it will certainly be a deliberate act by China using an accidental conflict as a pretext. He said that when China expanded its military presence in the East China Sea and South China Sea, the international community did not stop it; when China conducted exercises in the Taiwan Strait, the international community did not take strong measures to prevent this from happening. Now, he continued, China is conducting gray-zone exercises, which are aggressions against not only the Taiwan Strait, the South China Sea, and the East China Sea, but also extending to the Sea of Japan and waters near South Korea. He said that at this moment, Taiwan, the Philippines, Japan, and even the US should face these developments candidly and seriously, and we must exhibit unity and cooperation to prevent China’s gray-zone aggression from continuing to expand and prevent China from shifting from a military exercise to combat. If no action is taken now, the president said, the situation may become increasingly serious. Asked about the view of some US analysts who point out that China will have the ability to invade Taiwan around 2027, President Lai responded that Taiwan, as the country on the receiving end of threats and aggression, must plan for the worst and make the best preparations. He recalled a famous saying from the armed forces: “Do not count on the enemy not showing up; count on being ready should it strike.” This is why, he said, he proposed the Four Pillars of Peace action plan. First, he said, we must strengthen our national defense. Second, he added, we must strengthen economic resilience, adding that not only must our economy remain strong, but it must also be resilient, and that we cannot put all our eggs in the same basket, in China, as we have done in the past. Third, he continued, we must stand shoulder to shoulder with friends and allies such as Japan and the US, as well as the democratic community, and we must demonstrate the strength of deterrence to prevent China from making the wrong judgment. Fourth, he emphasized, as long as China treats Taiwan with parity and dignity, Taiwan is willing to conduct exchanges and cooperate with China and seek cross-strait peace and mutual prosperity through exchanges and cooperation. Regarding intensifying US-China confrontation, the president was asked in which areas he thinks Taiwan and Japan should strengthen cooperation; with Japan’s Ishiba administration also being a minority government, the president was asked for his expectations for the Ishiba administration. President Lai said that in the face of rapid and tremendous changes in the political situation, every government faces considerable challenges, especially for minority governments, but the Japanese government led by Prime Minister Ishiba has quite adequately responded with various strategies. Furthermore, he said, Japan is different from Taiwan, explaining that although Japan’s ruling party lacks a majority, political parties in Japan engage in competition domestically while exhibiting unity externally. He said that Taiwan’s situation is more challenging, because the ruling and opposition parties hold different views on the direction of the country, due to differences in national identity. The president expressed his hope that in the future Taiwan and Japan will enjoy even more comprehensive cooperation. He stated that he has always believed that deep historical bonds connect Taiwan and Japan. Over the past several decades, he said, when encountering natural disasters and tragedies, our two nations have assisted each other with mutual care and support. He said that the affection between the people of Taiwan and Japan is like that of a family. Pointing out that both countries face the threat of authoritarianism, he said that we share a mission to safeguard universal values such as democracy, freedom, and respect for human rights. The president said that our two countries should be more open to cooperation in various areas to maintain regional peace and stability as well as to strengthen cooperation in economic and industrial development, such as for semiconductor industry chains and everyday applications of AI, including robots and drones, adding that we can also cooperate on climate change response, such as in hydrogen energy and other strategies. He said our two countries should also continue to strengthen people-to-people exchanges. He then took the opportunity to once again invite our good friends from Japan to visit Taiwan for tourism and learn more about Taiwan, saying that the Taiwanese people wholeheartedly welcome our Japanese friends.

Details
2025-05-09
President Lai extends congratulations on election of His Holiness Pope Leo XIV
Following the successful election of the 267th pope of the Roman Catholic Church, His Holiness Pope Leo XIV, on May 8, President Lai Ching-te extended sincere congratulations on behalf of the people and government of Taiwan, including its Catholic community. The president stated that he looks forward to working with Pope Leo XIV to continue deepening cooperation in the area of humanitarian aid and jointly defend the universal value of religious freedom, expanding and strengthening the alliance between Taiwan and the Vatican. Upon learning of the election results, President Lai directed the Republic of China (Taiwan) Embassy to the Holy See to convey a message of congratulations. In the message, President Lai extended sincere congratulations to Pope Leo XIV on behalf of the people and government of Taiwan, including its Catholic community, expressing confidence that His Holiness will lead the Catholic Church and its 1.4 billion followers worldwide with profound wisdom. President Lai also emphasized that Taiwan looks forward to continuing to work alongside the Holy See in the shared pursuit of peace, justice, religious freedom, solidarity, friendship, and human dignity. This year marks the 83rd anniversary of the establishment of diplomatic ties between Taiwan and the Vatican. Enjoying a strong alliance, Taiwan and the Vatican share such universal values as freedom of religion, respect for human rights, peace, and benevolence, and conduct close exchanges. Taiwan will continue to engage in exchanges and cooperation with the Holy See, further strengthen bilateral relations, and work alongside the Holy See to contribute even more to the world.

Details
2025-05-05
President Lai meets Japanese Diet Member and former Minister of Economy, Trade, and Industry Nishimura Yasutoshi
On the afternoon of May 5, President Lai Ching-te met with a delegation from Japan led by House of Representatives Member and former Minister of Economy, Trade, and Industry Nishimura Yasutoshi. President Lai thanked the government of Japan for continuously speaking up for Taiwan at international venues and reiterating the importance of peace and stability in the Taiwan Strait. The president stated that to address China’s gray-zone aggression against neighboring countries, Taiwan and Japan, both located in the first island chain, should strengthen cooperation and respond together. He said he looks forward to bilateral industrial cooperation in fields including semiconductors, hydrogen energy, AI, and drones, jointly strengthening the resilience of non-red supply chains, and promoting mutual prosperity and development. A translation of President Lai’s remarks follows: I would like to welcome all the members of the Japanese Diet who are using their valuable Golden Week vacation to visit Taiwan, especially House of Representatives Member Nishimura Yasutoshi, whom former Prime Minister Shinzo Abe deeply trusted and relied on, and who for many years held important cabinet positions. This is his first visit after a hiatus of 17 years, so I am sure he will sense Taiwan’s progress and development. House of Representatives Member Tanaka Kazunori has long promoted local exchanges between Taiwan and Japan, and I hope that our visitors will all gain a deeper understanding of Taiwan through this visit. Yesterday, several of our distinguished guests made a special trip to Kaohsiung to pay their respects at the statue of former Prime Minister Abe, a visionary politician with a broad, international perspective. The former prime minister pioneered the vision of a free and open Indo-Pacific, and once said that “if Taiwan has a problem, then Japan has a problem,” demonstrating strong support for Taiwan and making a deep and lasting impression on the hearts of Taiwanese. Over the past few years, China has continuously conducted military exercises in the Taiwan Strait, East and South China Seas, and carried out acts of gray-zone aggression against neighboring countries, severely undermining regional peace and stability. Taiwan and Japan, both located in the first island chain, should strengthen cooperation and respond together. Especially since Taiwan and Japan are democratic partners who share values such as freedom, democracy, and respect for human rights, if we can strengthen cooperation in areas such as maritime security, social resilience, and addressing gray-zone aggression, I am confident we can demonstrate the strength of deterrence, ensure peace and stability in the Indo-Pacific region, and safeguard our cherished democratic institutions. I would like to take this opportunity to thank the Japanese government for continuously speaking up for Taiwan at international venues, including this year’s US-Japan leaders’ summit, the G7 foreign ministers’ joint statement, and the Japan-NATO bilateral meeting, reiterating the importance of peace and stability in the Taiwan Strait and expressing opposition to unilaterally changing the status quo by force or coercion. In the face of global economic and trade changes, economic security is becoming increasingly important, and Taiwan looks forward to further deepening economic cooperation with Japan. In addition to actively seeking to participate in the Comprehensive and Progressive Agreement for Trans-Pacific Partnership (CPTPP), Taiwan hopes to sign an economic partnership agreement (EPA) with Japan as soon as possible. This will expand our cooperation in industries such as semiconductors, hydrogen energy, AI, and drones, establish a closer economic partnership, jointly strengthen the resilience of non-red supply chains, and promote mutual prosperity and development. Once again, I welcome all of our guests. I am deeply grateful for your taking concrete action to deepen Taiwan-Japan relations and show support for Taiwan. I wish you a successful and rewarding visit. Representative Nishimura then delivered remarks, first thanking President Lai for taking time out of his busy schedule to meet with the visiting delegation. He also expressed admiration for the performance of President Lai’s government, which has allowed Taiwan to develop smoothly amidst the current complex international situation. Representative Nishimura mentioned that when former Prime Minister Abe unfortunately passed away in 2020, President Lai, who was vice president at the time, personally visited the former prime minister’s residence to offer his condolences. The representative said that including that meeting, today is the second time he and President Lai have met. This delegation’s visit to Taiwan, he said, carries on the legacy of former Prime Minister Abe. He said that Taiwan and Japan are countries that share universal values and have close ties in terms of economic cooperation and mutual visits. Notably, he highlighted, in 2024, business travelers from Taiwan made over six million visits to Japan, and based on population, Taiwan has the highest percentage of visitors to Japan. He also expressed hope that more Japanese people will visit Taiwan for tourism. Representative Nishimura stated that the delegation visited Kaohsiung yesterday to pay their respects at the statue of former Prime Minister Abe. Then, he said, they traveled to Tainan to sample a wide variety of fruits and local delicacies, during which time they also discussed the Wushantou Reservoir, built by Japanese engineer Hatta Yoichi. Since May 8 is the anniversary of Mr. Hatta’s birth, Representative Nishimura said he hopes to use this opportunity to continue Mr. Hatta’s concern and love for Taiwan, and further deepen the friendship between Taiwan and Japan. Representative Nishimura said that when he served as Japan’s Minister of Economy, Trade, and Industry, he welcomed Taiwan’s application to join the CPTPP on behalf of the Japanese government. He also said that his government has also provided substantial assistance for the establishment of Taiwan Semiconductor Manufacturing Company’s (TSMC) fab in Kumamoto, Japan. He said he believes that mutual cooperation between Taiwan and Japan in the semiconductor sector can further promote semiconductor industry development, and build a more resilient supply chain system. Representative Nishimura pointed out that former Prime Minister Abe once said, “If Taiwan has a problem, then Japan has a problem.” Currently, many European countries are also very concerned about peace and stability in the Asia-Pacific region, because it is crucial to peace and stability in the entire international community. It can therefore be said that “if Taiwan has a problem, the world has a problem.” He said he believes that in order to maintain peace and stability in the Taiwan Strait, like-minded countries and allied nations must all cooperate closely and definitively proclaim that message. He then said he looks forward to exchanging views with President Lai on issues such as strengthening Taiwan-Japan relations and changes in the international situation. The delegation also included Chairman of Kanagawa Prefecture Japan-Taiwan Friendship Association Matsumoto Jun, Japanese House of Representatives members Nishime Kosaburo, Sasaki Hajime, Yana Kazuo, and Katou Ryusho, and Japan-Taiwan Exchange Association Taipei Office Chief Representative Katayama Kazuyuki.

Details
2025-05-20
President Lai interviewed by Nippon Television and Yomiuri TV
In a recent interview on Nippon Television’s news zero program, President Lai Ching-te responded to questions from host Mr. Sakurai Sho and Yomiuri TV Shanghai Bureau Chief Watanabe Masayo on topics including reflections on his first year in office, cross-strait relations, China’s military threats, Taiwan-United States relations, and Taiwan-Japan relations. The interview was broadcast on the evening of May 19. During the interview, President Lai stated that China intends to change the world’s rules-based international order, and that if Taiwan were invaded, global supply chains would be disrupted. Therefore, he said, Taiwan will strengthen its national defense, prevent war by preparing for war, and achieve the goal of peace. The president also noted that Taiwan’s purpose for developing drones is based on national security and industrial needs, and that Taiwan hopes to collaborate with Japan. He then reiterated that China’s threats are an international problem, and expressed hope to work together with the US, Japan, and others in the global democratic community to prevent China from starting a war. Following is the text of the questions and the president’s responses: Q: How do you feel as you are about to round out your first year in office? President Lai: When I was young, I was determined to practice medicine and save lives. When I left medicine to go into politics, I was determined to transform Taiwan. And when I was sworn in as president on May 20 last year, I was determined to strengthen the nation. Time flies, and it has already been a year. Although the process has been very challenging, I am deeply honored to be a part of it. I am also profoundly grateful to our citizens for allowing me the opportunity to give back to our country. The future will certainly be full of more challenges, but I will do everything I can to unite the people and continue strengthening the nation. That is how I am feeling now. Q: We are now coming up on the 80th anniversary of the end of World War II, and over this period, we have often heard that conflict between Taiwan and the mainland is imminent. Do you personally believe that a cross-strait conflict could happen? President Lai: The international community is very much aware that China intends to replace the US and change the world’s rules-based international order, and annexing Taiwan is just the first step. So, as China’s military power grows stronger, some members of the international community are naturally on edge about whether a cross-strait conflict will break out. The international community must certainly do everything in its power to avoid a conflict in the Taiwan Strait; there is too great a cost. Besides causing direct disasters to both Taiwan and China, the impact on the global economy would be even greater, with estimated losses of US$10 trillion from war alone – that is roughly 10 percent of the global GDP. Additionally, 20 percent of global shipping passes through the Taiwan Strait and surrounding waters, so if a conflict breaks out in the strait, other countries including Japan and Korea would suffer a grave impact. For Japan and Korea, a quarter of external transit passes through the Taiwan Strait and surrounding waters, and a third of the various energy resources and minerals shipped back from other countries pass through said areas. If Taiwan were invaded, global supply chains would be disrupted, and therefore conflict in the Taiwan Strait must be avoided. Such a conflict is indeed avoidable. I am very thankful to Prime Minister of Japan Ishiba Shigeru and former Prime Ministers Abe Shinzo, Suga Yoshihide, and Kishida Fumio, as well as US President Donald Trump and former President Joe Biden, and the other G7 leaders, for continuing to emphasize at international venues that peace and stability across the Taiwan Strait are essential components for global security and prosperity. When everyone in the global democratic community works together, stacking up enough strength to make China’s objectives unattainable or to make the cost of invading Taiwan too high for it to bear, a conflict in the strait can naturally be avoided. Q: As you said, President Lai, maintaining peace and stability across the Taiwan Strait is also very important for other countries. How can war be avoided? What sort of countermeasures is Taiwan prepared to take to prevent war? President Lai: As Mr. Sakurai mentioned earlier, we are coming up on the 80th anniversary of the end of WWII. There are many lessons we can take from that war. First is that peace is priceless, and war has no winners. From the tragedies of WWII, there are lessons that humanity should learn. We must pursue peace, and not start wars blindly, as that would be a major disaster for humanity. In other words, we must be determined to safeguard peace. The second lesson is that we cannot be complacent toward authoritarian powers. If you give them an inch, they will take a mile. They will keep growing, and eventually, not only will peace be unattainable, but war will be inevitable. The third lesson is why WWII ended: It ended because different groups joined together in solidarity. Taiwan, Japan, and the Indo-Pacific region are all directly subjected to China’s threats, so we hope to be able to join together in cooperation. This is why we proposed the Four Pillars of Peace action plan. First, we will strengthen our national defense. Second, we will strengthen economic resilience. Third is standing shoulder to shoulder with the democratic community to demonstrate the strength of deterrence. Fourth is that as long as China treats Taiwan with parity and dignity, Taiwan is willing to conduct exchanges and cooperate with China, and seek peace and mutual prosperity. These four pillars can help us avoid war and achieve peace. That is to say, Taiwan hopes to achieve peace through strength, prevent war by preparing for war, keeping war from happening and pursuing the goal of peace. Q: Regarding drones, everyone knows that recently, Taiwan has been actively researching, developing, and introducing drones. Why do you need to actively research, develop, and introduce new drones at this time? President Lai: This is for two purposes. The first is to meet national security needs. The second is to meet industrial development needs. Because Taiwan, Japan, and the Philippines are all part of the first island chain, and we are all democratic nations, we cannot be like an authoritarian country like China, which has an unlimited national defense budget. In this kind of situation, island nations such as Taiwan, Japan, and the Philippines should leverage their own technologies to develop national defense methods that are asymmetric and utilize unmanned vehicles. In particular, from the Russo-Ukrainian War, we see that Ukraine has successfully utilized unmanned vehicles to protect itself and prevent Russia from unlimited invasion. In other words, the Russo-Ukrainian War has already proven the importance of drones. Therefore, the first purpose of developing drones is based on national security needs. Second, the world has already entered the era of smart technology. Whether generative, agentic, or physical, AI will continue to develop. In the future, cars and ships will also evolve into unmanned vehicles and unmanned boats, and there will be unmanned factories. Drones will even be able to assist with postal deliveries, or services like Uber, Uber Eats, and foodpanda, or agricultural irrigation and pesticide spraying. Therefore, in the future era of comprehensive smart technology, developing unmanned vehicles is a necessity. Taiwan, based on industrial needs, is actively planning the development of drones and unmanned vehicles. I would like to take this opportunity to express Taiwan’s hope to collaborate with Japan in the unmanned vehicle industry. Just as we do in the semiconductor industry, where Japan has raw materials, equipment, and technology, and Taiwan has wafer manufacturing, our two countries can cooperate. Japan is a technological power, and Taiwan also has significant technological strengths. If Taiwan and Japan work together, we will not only be able to safeguard peace and stability in the Taiwan Strait and security in the Indo-Pacific region, but it will also be very helpful for the industrial development of both countries. Q: The drones you just described probably include examples from the Russo-Ukrainian War. Taiwan and China are separated by the Taiwan Strait. Do our drones need to have cross-sea flight capabilities? President Lai: Taiwan does not intend to counterattack the mainland, and does not intend to invade any country. Taiwan’s drones are meant to protect our own nation and territory. Q: Former President Biden previously stated that US forces would assist Taiwan’s defense in the event of an attack. President Trump, however, has yet to clearly state that the US would help defend Taiwan. Do you think that in such an event, the US would help defend Taiwan? Or is Taiwan now trying to persuade the US? President Lai: Former President Biden and President Trump have answered questions from reporters. Although their responses were different, strong cooperation with Taiwan under the Biden administration has continued under the Trump administration; there has been no change. During President Trump’s first term, cooperation with Taiwan was broader and deeper compared to former President Barack Obama’s terms. After former President Biden took office, cooperation with Taiwan increased compared to President Trump’s first term. Now, during President Trump’s second term, cooperation with Taiwan is even greater than under former President Biden. Taiwan-US cooperation continues to grow stronger, and has not changed just because President Trump and former President Biden gave different responses to reporters. Furthermore, the Trump administration publicly stated that in the future, the US will shift its strategic focus from Europe to the Indo-Pacific. The US secretary of defense even publicly stated that the primary mission of the US is to prevent China from invading Taiwan, maintain stability in the Indo-Pacific, and thus maintain world peace. There is a saying in Taiwan that goes, “Help comes most to those who help themselves.” Before asking friends and allies for assistance in facing threats from China, Taiwan must first be determined and prepared to defend itself. This is Taiwan’s principle, and we are working in this direction, making all the necessary preparations to safeguard the nation. Q: I would like to ask you a question about Taiwan-Japan relations. After the Great East Japan Earthquake in 2011, you made an appeal to give Japan a great deal of assistance and care. In particular, you visited Sendai to offer condolences. Later, you also expressed condolences and concern after the earthquakes in Aomori and Kumamoto. What are your expectations for future Taiwan-Japan exchanges and development? President Lai: I come from Tainan, and my constituency is in Tainan. Tainan has very deep ties with Japan, and of course, Taiwan also has deep ties with Japan. However, among Taiwan’s 22 counties and cities, Tainan has the deepest relationship with Japan. I sincerely hope that both of you and your teams will have an opportunity to visit Tainan. I will introduce Tainan’s scenery, including architecture from the era of Japanese rule, Tainan’s cuisine, and unique aspects of Tainan society, and you can also see lifestyles and culture from the Showa era. The Wushantou Reservoir in Tainan was completed by engineer Mr. Hatta Yoichi from Kanazawa, Japan and the team he led to Tainan after he graduated from then-Tokyo Imperial University. It has nearly a century of history and is still in use today. This reservoir, along with the 16,000-km-long Chianan Canal, transformed the 150,000-hectare Chianan Plain into Taiwan’s premier rice-growing area. It was that foundation in agriculture that enabled Taiwan to develop industry and the technology sector of today. The reservoir continues to supply water to Tainan Science Park. It is used by residents of Tainan, the agricultural sector, and industry, and even the technology sector in Xinshi Industrial Park, as well as Taiwan Semiconductor Manufacturing Company. Because of this, the people of Tainan are deeply grateful for Mr. Hatta and very friendly toward the people of Japan. A major earthquake, the largest in 50 years, struck Tainan on February 6, 2016, resulting in significant casualties. As mayor of Tainan at the time, I was extremely grateful to then-Prime Minister Abe, who sent five Japanese officials to the disaster site in Tainan the day after the earthquake. They were very thoughtful and asked what kind of assistance we needed from the Japanese government. They offered to provide help based on what we needed. I was deeply moved, as former Prime Minister Abe showed such care, going beyond the formality of just sending supplies that we may or may not have actually needed. Instead, the officials asked what we needed and then provided assistance based on those needs, which really moved me. Similarly, when the Great East Japan Earthquake of 2011 or the later Kumamoto earthquakes struck, the people of Tainan, under my leadership, naturally and dutifully expressed their support. Even earlier, when central Taiwan was hit by a major earthquake in 1999, Japan was the first country to deploy a rescue team to the disaster area. On February 6, 2018, after a major earthquake in Hualien, former Prime Minister Abe appeared in a video holding up a message of encouragement he had written in calligraphy saying “Remain strong, Taiwan.” All of Taiwan was deeply moved. Over the years, Taiwan and Japan have supported each other when earthquakes struck, and have forged bonds that are family-like, not just neighborly. This is truly valuable. In the future, I hope Taiwan and Japan can be like brothers, and that the peoples of Taiwan and Japan can treat one another like family. If Taiwan has a problem, then Japan has a problem; if Japan has a problem, then Taiwan has a problem. By caring for and helping each other, we can face various challenges and difficulties, and pursue a brighter future. Q: President Lai, you just used the phrase “If Taiwan has a problem, then Japan has a problem.” In the event that China attempts to invade Taiwan by force, what kind of response measures would you hope the US military and Japan’s Self-Defense Forces take? President Lai: As I just mentioned, annexing Taiwan is only China’s first step. Its ultimate objective is to change the rules-based international order. That being the case, China’s threats are an international problem. So, I would very much hope to work together with the US, Japan, and others in the global democratic community to prevent China from starting a war – prevention, after all, is more important than cure.

MIL OSI Asia Pacific News –

May 21, 2025
MIL-OSI Asia-Pac: President Lai and President Surangel S. Whipps, Jr. of Palau hold bilateral talks and witness signing of cooperation agreements

Source: Republic of China Taiwan

Details
2025-05-20
President Lai interviewed by Nippon Television and Yomiuri TV
In a recent interview on Nippon Television’s news zero program, President Lai Ching-te responded to questions from host Mr. Sakurai Sho and Yomiuri TV Shanghai Bureau Chief Watanabe Masayo on topics including reflections on his first year in office, cross-strait relations, China’s military threats, Taiwan-United States relations, and Taiwan-Japan relations. The interview was broadcast on the evening of May 19. During the interview, President Lai stated that China intends to change the world’s rules-based international order, and that if Taiwan were invaded, global supply chains would be disrupted. Therefore, he said, Taiwan will strengthen its national defense, prevent war by preparing for war, and achieve the goal of peace. The president also noted that Taiwan’s purpose for developing drones is based on national security and industrial needs, and that Taiwan hopes to collaborate with Japan. He then reiterated that China’s threats are an international problem, and expressed hope to work together with the US, Japan, and others in the global democratic community to prevent China from starting a war. Following is the text of the questions and the president’s responses: Q: How do you feel as you are about to round out your first year in office? President Lai: When I was young, I was determined to practice medicine and save lives. When I left medicine to go into politics, I was determined to transform Taiwan. And when I was sworn in as president on May 20 last year, I was determined to strengthen the nation. Time flies, and it has already been a year. Although the process has been very challenging, I am deeply honored to be a part of it. I am also profoundly grateful to our citizens for allowing me the opportunity to give back to our country. The future will certainly be full of more challenges, but I will do everything I can to unite the people and continue strengthening the nation. That is how I am feeling now. Q: We are now coming up on the 80th anniversary of the end of World War II, and over this period, we have often heard that conflict between Taiwan and the mainland is imminent. Do you personally believe that a cross-strait conflict could happen? President Lai: The international community is very much aware that China intends to replace the US and change the world’s rules-based international order, and annexing Taiwan is just the first step. So, as China’s military power grows stronger, some members of the international community are naturally on edge about whether a cross-strait conflict will break out. The international community must certainly do everything in its power to avoid a conflict in the Taiwan Strait; there is too great a cost. Besides causing direct disasters to both Taiwan and China, the impact on the global economy would be even greater, with estimated losses of US$10 trillion from war alone – that is roughly 10 percent of the global GDP. Additionally, 20 percent of global shipping passes through the Taiwan Strait and surrounding waters, so if a conflict breaks out in the strait, other countries including Japan and Korea would suffer a grave impact. For Japan and Korea, a quarter of external transit passes through the Taiwan Strait and surrounding waters, and a third of the various energy resources and minerals shipped back from other countries pass through said areas. If Taiwan were invaded, global supply chains would be disrupted, and therefore conflict in the Taiwan Strait must be avoided. Such a conflict is indeed avoidable. I am very thankful to Prime Minister of Japan Ishiba Shigeru and former Prime Ministers Abe Shinzo, Suga Yoshihide, and Kishida Fumio, as well as US President Donald Trump and former President Joe Biden, and the other G7 leaders, for continuing to emphasize at international venues that peace and stability across the Taiwan Strait are essential components for global security and prosperity. When everyone in the global democratic community works together, stacking up enough strength to make China’s objectives unattainable or to make the cost of invading Taiwan too high for it to bear, a conflict in the strait can naturally be avoided. Q: As you said, President Lai, maintaining peace and stability across the Taiwan Strait is also very important for other countries. How can war be avoided? What sort of countermeasures is Taiwan prepared to take to prevent war? President Lai: As Mr. Sakurai mentioned earlier, we are coming up on the 80th anniversary of the end of WWII. There are many lessons we can take from that war. First is that peace is priceless, and war has no winners. From the tragedies of WWII, there are lessons that humanity should learn. We must pursue peace, and not start wars blindly, as that would be a major disaster for humanity. In other words, we must be determined to safeguard peace. The second lesson is that we cannot be complacent toward authoritarian powers. If you give them an inch, they will take a mile. They will keep growing, and eventually, not only will peace be unattainable, but war will be inevitable. The third lesson is why WWII ended: It ended because different groups joined together in solidarity. Taiwan, Japan, and the Indo-Pacific region are all directly subjected to China’s threats, so we hope to be able to join together in cooperation. This is why we proposed the Four Pillars of Peace action plan. First, we will strengthen our national defense. Second, we will strengthen economic resilience. Third is standing shoulder to shoulder with the democratic community to demonstrate the strength of deterrence. Fourth is that as long as China treats Taiwan with parity and dignity, Taiwan is willing to conduct exchanges and cooperate with China, and seek peace and mutual prosperity. These four pillars can help us avoid war and achieve peace. That is to say, Taiwan hopes to achieve peace through strength, prevent war by preparing for war, keeping war from happening and pursuing the goal of peace. Q: Regarding drones, everyone knows that recently, Taiwan has been actively researching, developing, and introducing drones. Why do you need to actively research, develop, and introduce new drones at this time? President Lai: This is for two purposes. The first is to meet national security needs. The second is to meet industrial development needs. Because Taiwan, Japan, and the Philippines are all part of the first island chain, and we are all democratic nations, we cannot be like an authoritarian country like China, which has an unlimited national defense budget. In this kind of situation, island nations such as Taiwan, Japan, and the Philippines should leverage their own technologies to develop national defense methods that are asymmetric and utilize unmanned vehicles. In particular, from the Russo-Ukrainian War, we see that Ukraine has successfully utilized unmanned vehicles to protect itself and prevent Russia from unlimited invasion. In other words, the Russo-Ukrainian War has already proven the importance of drones. Therefore, the first purpose of developing drones is based on national security needs. Second, the world has already entered the era of smart technology. Whether generative, agentic, or physical, AI will continue to develop. In the future, cars and ships will also evolve into unmanned vehicles and unmanned boats, and there will be unmanned factories. Drones will even be able to assist with postal deliveries, or services like Uber, Uber Eats, and foodpanda, or agricultural irrigation and pesticide spraying. Therefore, in the future era of comprehensive smart technology, developing unmanned vehicles is a necessity. Taiwan, based on industrial needs, is actively planning the development of drones and unmanned vehicles. I would like to take this opportunity to express Taiwan’s hope to collaborate with Japan in the unmanned vehicle industry. Just as we do in the semiconductor industry, where Japan has raw materials, equipment, and technology, and Taiwan has wafer manufacturing, our two countries can cooperate. Japan is a technological power, and Taiwan also has significant technological strengths. If Taiwan and Japan work together, we will not only be able to safeguard peace and stability in the Taiwan Strait and security in the Indo-Pacific region, but it will also be very helpful for the industrial development of both countries. Q: The drones you just described probably include examples from the Russo-Ukrainian War. Taiwan and China are separated by the Taiwan Strait. Do our drones need to have cross-sea flight capabilities? President Lai: Taiwan does not intend to counterattack the mainland, and does not intend to invade any country. Taiwan’s drones are meant to protect our own nation and territory. Q: Former President Biden previously stated that US forces would assist Taiwan’s defense in the event of an attack. President Trump, however, has yet to clearly state that the US would help defend Taiwan. Do you think that in such an event, the US would help defend Taiwan? Or is Taiwan now trying to persuade the US? President Lai: Former President Biden and President Trump have answered questions from reporters. Although their responses were different, strong cooperation with Taiwan under the Biden administration has continued under the Trump administration; there has been no change. During President Trump’s first term, cooperation with Taiwan was broader and deeper compared to former President Barack Obama’s terms. After former President Biden took office, cooperation with Taiwan increased compared to President Trump’s first term. Now, during President Trump’s second term, cooperation with Taiwan is even greater than under former President Biden. Taiwan-US cooperation continues to grow stronger, and has not changed just because President Trump and former President Biden gave different responses to reporters. Furthermore, the Trump administration publicly stated that in the future, the US will shift its strategic focus from Europe to the Indo-Pacific. The US secretary of defense even publicly stated that the primary mission of the US is to prevent China from invading Taiwan, maintain stability in the Indo-Pacific, and thus maintain world peace. There is a saying in Taiwan that goes, “Help comes most to those who help themselves.” Before asking friends and allies for assistance in facing threats from China, Taiwan must first be determined and prepared to defend itself. This is Taiwan’s principle, and we are working in this direction, making all the necessary preparations to safeguard the nation. Q: I would like to ask you a question about Taiwan-Japan relations. After the Great East Japan Earthquake in 2011, you made an appeal to give Japan a great deal of assistance and care. In particular, you visited Sendai to offer condolences. Later, you also expressed condolences and concern after the earthquakes in Aomori and Kumamoto. What are your expectations for future Taiwan-Japan exchanges and development? President Lai: I come from Tainan, and my constituency is in Tainan. Tainan has very deep ties with Japan, and of course, Taiwan also has deep ties with Japan. However, among Taiwan’s 22 counties and cities, Tainan has the deepest relationship with Japan. I sincerely hope that both of you and your teams will have an opportunity to visit Tainan. I will introduce Tainan’s scenery, including architecture from the era of Japanese rule, Tainan’s cuisine, and unique aspects of Tainan society, and you can also see lifestyles and culture from the Showa era. The Wushantou Reservoir in Tainan was completed by engineer Mr. Hatta Yoichi from Kanazawa, Japan and the team he led to Tainan after he graduated from then-Tokyo Imperial University. It has nearly a century of history and is still in use today. This reservoir, along with the 16,000-km-long Chianan Canal, transformed the 150,000-hectare Chianan Plain into Taiwan’s premier rice-growing area. It was that foundation in agriculture that enabled Taiwan to develop industry and the technology sector of today. The reservoir continues to supply water to Tainan Science Park. It is used by residents of Tainan, the agricultural sector, and industry, and even the technology sector in Xinshi Industrial Park, as well as Taiwan Semiconductor Manufacturing Company. Because of this, the people of Tainan are deeply grateful for Mr. Hatta and very friendly toward the people of Japan. A major earthquake, the largest in 50 years, struck Tainan on February 6, 2016, resulting in significant casualties. As mayor of Tainan at the time, I was extremely grateful to then-Prime Minister Abe, who sent five Japanese officials to the disaster site in Tainan the day after the earthquake. They were very thoughtful and asked what kind of assistance we needed from the Japanese government. They offered to provide help based on what we needed. I was deeply moved, as former Prime Minister Abe showed such care, going beyond the formality of just sending supplies that we may or may not have actually needed. Instead, the officials asked what we needed and then provided assistance based on those needs, which really moved me. Similarly, when the Great East Japan Earthquake of 2011 or the later Kumamoto earthquakes struck, the people of Tainan, under my leadership, naturally and dutifully expressed their support. Even earlier, when central Taiwan was hit by a major earthquake in 1999, Japan was the first country to deploy a rescue team to the disaster area. On February 6, 2018, after a major earthquake in Hualien, former Prime Minister Abe appeared in a video holding up a message of encouragement he had written in calligraphy saying “Remain strong, Taiwan.” All of Taiwan was deeply moved. Over the years, Taiwan and Japan have supported each other when earthquakes struck, and have forged bonds that are family-like, not just neighborly. This is truly valuable. In the future, I hope Taiwan and Japan can be like brothers, and that the peoples of Taiwan and Japan can treat one another like family. If Taiwan has a problem, then Japan has a problem; if Japan has a problem, then Taiwan has a problem. By caring for and helping each other, we can face various challenges and difficulties, and pursue a brighter future. Q: President Lai, you just used the phrase “If Taiwan has a problem, then Japan has a problem.” In the event that China attempts to invade Taiwan by force, what kind of response measures would you hope the US military and Japan’s Self-Defense Forces take? President Lai: As I just mentioned, annexing Taiwan is only China’s first step. Its ultimate objective is to change the rules-based international order. That being the case, China’s threats are an international problem. So, I would very much hope to work together with the US, Japan, and others in the global democratic community to prevent China from starting a war – prevention, after all, is more important than cure.

Details
2025-05-13
President Lai interviewed by Japan’s Nikkei
In a recent interview with Japan’s Nikkei, President Lai Ching-te responded to questions regarding Taiwan-Japan and Taiwan-United States relations, cross-strait relations, the semiconductor industry, and the international economic and trade landscape. The interview was published by Nikkei on May 13. President Lai indicated that Nikkei, Inc. is a global news organization that has received significant recognition both domestically and internationally, and that he is deeply honored to be interviewed by Nikkei and grateful for their invitation. The president said that he would like to take this rare opportunity to thank Japan’s government, National Diet, society, and public for their longstanding support for Taiwan. Noting that current Prime Minister Ishiba Shigeru and former Prime Ministers Abe Shinzo, Suga Yoshihide, and Kishida Fumio have all strongly supported Taiwan, he said that the peoples of Taiwan and Japan also have a deep mutual affection, and that through the interview, he hopes to enhance the bilateral relationship between Taiwan and Japan, deepen the affection between our peoples, and foster more future cooperation to promote prosperity and development in both countries. In response to questions raised on the free trade system and the recent tariff war, President Lai indicated that over the past few decades, the free economy headed by the Western world and led by the US has brought economic prosperity and political stability to Taiwan and Japan. At the same time, he said, we have also learned or followed many Western values. The president said he believes that Taiwan and Japan are exemplary students, but some countries are not. Therefore, he said, the biggest crisis right now is China, which exploits the free trade system to engage in plagiarism and counterfeiting, infringe on intellectual property rights, and even provide massive government subsidies that facilitate the dumping of low-priced goods worldwide, which has a major impact on many countries including Japan and Taiwan. If this kind of unfair trade is not resolved, he said, the stable societies and economic prosperity we have painstakingly built over decades, as well as some of the values we pursue, could be destroyed. Therefore, President Lai said he thinks it is worthwhile for us to observe the recent willingness of the US to address unfair trade, and if necessary, offer assistance. President Lai emphasized that the national strategic plan for Taiwanese industries is for them to be rooted in Taiwan while expanding their global presence and marketing worldwide. Therefore, he said, while the 32 percent tariff increase imposed by the US on Taiwan is indeed a major challenge, we are willing to address it seriously and find opportunities within that challenge, making Taiwan’s strategic plan for industry even more comprehensive. When asked about Taiwan’s trade arrangements, President Lai indicated that in 2010 China accounted for 83.8 percent of Taiwan’s outbound investment, but last year it accounted for only 7.5 percent. In 2020, he went on, 43.9 percent of Taiwan’s exports went to China, but that figure dropped to 31.7 percent in 2024. The president said that we have systematically transferred investments from Taiwanese enterprises to Japan, Southeast Asia, Europe, and the US. Therefore, he said, last year Taiwan’s largest outbound investment was in the US, accounting for roughly 40 percent of the total. Nevertheless, only 23.4 percent of Taiwanese products were sold to the US, with 76.6 percent sold to places other than the US, he said. The president emphasized that we don’t want to put all our eggs in one basket, and hope to establish a global presence. Under these circumstances, he said, Taiwan is very eager to cooperate with Japan. President Lai stated that at this moment, the Indo-Pacific and international community really need Japan’s leadership, especially to make the Comprehensive and Progressive Agreement for Trans-Pacific Partnership (CPTPP) excel in its functions, and also requested Japan to support Taiwan’s CPTPP accession. The president said that Taiwan hopes to sign an Economic Partnership Agreement (EPA) with Japan to build closer ties in economic trade and promote further investment, and that we also hope to strengthen relations with the European Union, and even other regions. Currently, he said, we are proposing an initiative on global semiconductor supply chain partnerships for democracies, because the semiconductor industry is an ecosystem. The president raised the example that Japan has materials, equipment, and technology; the US has IC design and marketing; Taiwan has production and manufacturing; and the Netherlands excels in equipment, saying we therefore hope to leverage Taiwan’s advantages in production and manufacturing to connect the democratic community and establish a global non-red supply chain for semiconductors, ensuring further world prosperity and development in the future, and ensuring that free trade can continue to function without being affected by dumping, which would undermine future prosperity and development. The president stated that as we want industries to expand their global presence and market internationally while staying rooted here in Taiwan, having industries rooted in Taiwan involves promoting pay raises for employees, tax cuts, and deregulation, as well as promoting enterprise investment tax credits. He said that we have also proposed Three Major Programs for Investing in Taiwan for Taiwanese enterprises and are actively resolving issues regarding access to water, electricity, land, human resources, and professional talent so that the business community can return to Taiwan to invest, or enterprises in Taiwan can increase their investments. He went on to say that we are also actively signing bilateral investment agreements with friends and allies so that when our companies invest and expand their presence abroad, their rights and interests as investors are ensured. President Lai mentioned that Taiwan hopes to sign an EPA with Japan, similar to the Taiwan-US Initiative on 21st-Century Trade and the Economic Prosperity Partnership Dialogue, or the Enhanced Trade Partnership arrangement with the United Kingdom, or similar agreements or memorandums of understanding with Canada and Australia that allow Taiwanese products to be marketed worldwide, concluding that those are our overall arrangements. Looking at the history of Taiwan’s industrial development, President Lai indicated, of course it began in Taiwan, and then moved west to China and south to Southeast Asia. He said that we hope to take this opportunity to strengthen cooperation with Japan to the north, across the Pacific Ocean to the east, and develop the North American market, making Taiwan’s industries even stronger. In other words, he said, while Taiwan sees the current reciprocal tariffs imposed by the US as a kind of challenge, it also views these changes positively. On the topic of pressure from China affecting Taiwan’s participation in international frameworks such as the CPTPP or its signing of an EPA with Japan, President Lai responded that the key point is what kind of attitude we should adopt in viewing China’s acts of oppression. If we act based on our belief in free trade, he said, or on the universal values we pursue – democracy, freedom, and respect for human rights – and also on the understanding that a bilateral trade agreement between Taiwan and Japan would contribute to the economic prosperity and development of both countries, or that Taiwan’s accession to the CPTPP would benefit progress and prosperity in the Indo-Pacific region, then he hopes that friends and allies will strongly support us. On the Trump administration’s intentions regarding the reciprocal tariff policy and the possibility of taxing semiconductors, as well as how Taiwan plans to respond, President Lai said that since President Trump took office, he has paid close attention to interviews with both him and his staff. The president said that several of President Trump’s main intentions are: First, he wants to address the US fiscal situation. For example, President Lai said, while the US GDP is about US$29 trillion annually, its national debt stands at US$36 trillion, which is roughly 124 percent of GDP. Second, he went on, annual government spending exceeds US$6.5 trillion, but revenues are only around US$4.5 trillion, resulting in a nearly US$2 trillion deficit each year, about 7 percent of GDP. Third, he said, the US pays nearly US$1.2 trillion in interest annually, which exceeds the US$1 trillion defense budget and accounts for more than 3 percent of GDP. Fourth, President Trump still wants to implement tax cuts, aiming to reduce taxes for 85 percent of Americans, he said, noting that this would cost between US$500 billion and US$1 trillion. These points, President Lai said, illustrate his first goal: solving the fiscal problem. President Lai went on to say that second, the US feels the threat of China and believes that reindustrialization is essential; without reindustrialization, the US risks a growing gap in industrial capacity compared to China. Third, he said, in this era of global smart technology, President Trump wants to lead the nation to become a world center of AI. Fourth, he aims to ensure world peace and prevent future wars, President Lai said. In regard to what the US seeks to achieve, he said he believes these four areas form the core of the Trump administration’s intentions, and that is why President Trump has raised tariffs, demanded that trading partners purchase more American goods, and encouraged friendly and allied nations to invest in the US, all in order to achieve these goals. President Lai indicated that the 32 percent reciprocal tariff poses a critical challenge for Taiwan, and we must treat it seriously. He said that our approach is not confrontation, but negotiation to reduce tariffs, and that we have also agreed to measures such as procurement, investment, resolving non-tariff trade barriers, and addressing origin washing in order to effectively reduce the trade deficit between Taiwan and the US. Of course, he said, through this negotiation process, we also hope to turn challenges into opportunities. The president said that first, we aim to start negotiations from the proposal of zero tariffs and seek to establish a bilateral trade agreement with the US. Second, he went on, we hope to support US reindustrialization and its aim to become a world AI hub through investment, while simultaneously upgrading and transforming Taiwan’s industries, which would help further integrate Taiwan’s industries into the US economic structure, ensuring Taiwan’s long-term development. President Lai emphasized again that Taiwan’s national industrial strategy is for industries to stay firmly rooted in Taiwan while expanding their global presence and marketing worldwide. He repeated that we have gone from moving westward across the Taiwan Strait, to shifting southbound, to working closer northward with Japan, and now the time is ripe for us to expand eastward by investing in North America. In other words, he said, while we take this challenge seriously to protect national interests and ensure that no industry is sacrificed, we also hope these negotiations will lead to deeper Taiwan-US trade relations through Taiwanese investment in the US, concluding that these are our expectations. The president stated that naturally, the reciprocal tariffs imposed by the US will have an impact on Taiwanese industries, so in response, the Taiwanese government has already proposed support measures for affected industries totaling NT$93 billion. In addition, he said, we have outlined broader needs for Taiwan’s long-term development, which will be covered by a special budget proposal of NT$410 billion, noting that this has already been approved by the Executive Yuan and will be submitted to the Legislative Yuan for review. He said that this special budget proposal addresses four main areas: supporting industries, stabilizing employment, protecting people’s livelihoods, and enhancing resilience. As for tariffs on semiconductors, President Lai said, Taiwan Semiconductor Manufacturing Company (TSMC) has committed to investing in the US at the request of its customers. He said he believes that TSMC’s industry chain will follow suit, and that these are concrete actions that are unrelated to tariffs. However, he said, if the US were to invoke Section 232 and impose tariffs on semiconductors or related industries, it would discourage Taiwanese semiconductor and ICT investments in the US, and that we will make this position clear to the US going forward. President Lai indicated that among Taiwan’s exports to the US, there are two main categories: ICT products and electronic components, which together account for 65.4 percent. These are essential to the US, he said, unlike final goods such as cups, tables, or mattresses. He went on to say that what Taiwan sells to the US are the technological products required by AI designers like NVIDIA, AMD, Amazon, Google, and Apple, and that therefore, we will make sure the US understands clearly that we are not exporting end products, but the high-tech components necessary for the US to reindustrialize and become a global AI center. Furthermore, the president said, Taiwan is also willing to increase its defense budget and military procurement. He stated that Taiwan is committed to defending itself and is strongly willing to cooperate with friends and allies to ensure regional peace and stability, and that this is also something President Trump hopes to see. Asked whether TSMC’s fabs overseas could weaken Taiwan’s strategic position as a key hub for semiconductor manufacturing, and whether that could then give other countries fewer incentives to protect Taiwan, President Lai responded by saying that political leaders around the world including Japan’s Prime Minister Ishiba and former Prime Ministers Abe, Suga, and Kishida have emphasized, at the G7 and other major international fora, that peace and stability in the Taiwan Strait are essential for global security and prosperity. In other words, he explained, the international community cares about Taiwan and supports peace and stability in the Taiwan Strait because Taiwan is located in the first island chain in the Indo-Pacific, directly facing China. He pointed out that if Taiwan is not protected, China’s expansionist ambitions will certainly grow, which would impact the current rules-based international order. Thus, he said, the international community willingly cares about Taiwan and supports stability in the Taiwan Strait – that is the reason, and it has no direct connection with TSMC. He noted that after all, TSMC has not made investments in that many countries, stressing that, on that point, it is clear. President Lai said that TSMC’s investments in Japan, Europe, and the US are all natural, normal economic and investment activities. He said that Taiwan is a democratic country whose society is based on the rule of law, so when Taiwanese companies need to invest around the world for business needs, the government will support those investments in principle so long as they do not harm national interests. President Lai said that after TSMC Chairman C.C. Wei (魏哲家) held a press conference with President Trump to announce the investment in the US, Chairman Wei returned to Taiwan to hold a press conference with him at the Presidential Office, where the chairman explained to the Taiwanese public that TSMC’s R&D center will remain in Taiwan and that the facilities it has already committed to investing in here will not change and will not be affected. So, the president explained, to put it another way, TSMC will not be weakened by its investment in the US. He further emphasized that Taiwan has strengths in semiconductor manufacturing and is very willing to work alongside other democratic countries to promote the next stage of global prosperity and development. A question was raised about which side should be chosen between the US and China, under the current perception of a return to the Cold War, with East and West facing off as two opposing blocs. President Lai responded by saying that some experts and scholars describe the current situation as entering a new Cold War era between democratic and authoritarian camps; others assert that the war has already begun, including information warfare, economic and trade wars, and the ongoing wars in Europe – the Russo-Ukrainian War – and the Middle East, and the Israel-Hamas conflict. The president said that these are all matters experts have cautioned about, noting that he is not a historian and so will not attempt to define today’s political situation from an academic standpoint. However, he said, he believes that every country has a choice, which is to say, Taiwan, Japan, or any other nation does not necessarily have to choose between the US and China. What we are deciding, he said, is whether our country will maintain a democratic constitutional system or regress into an authoritarian regime, and this is essentially a choice of values – not merely a choice between two major powers. President Lai said that Taiwan’s situation is different from other countries because we face a direct threat from China. He pointed out that we have experienced military conflicts such as the August 23 Artillery Battle and the Battle of Guningtou – actual wars between the Republic of China and the People’s Republic of China. He said that China’s ambition to annex Taiwan has never wavered, and that today, China’s political and military intimidation, as well as internal united front infiltration, are growing increasingly intense. Therefore, he underlined, to defend democracy and sovereignty, protect our free and democratic system, and ensure the safety of our people’s lives and property, Taiwan’s choice is clear. President Lai said that China’s military exercises are not limited to the Taiwan Strait, and include the East China Sea, South China Sea, and even the Sea of Japan, as well as areas around Korea and Australia. Emphasizing that Taiwan, Japan, Australia, and the Philippines are all democratic nations, the president said that Taiwan’s choice is clear, and that he believes Japan also has no other choice. We are all democratic countries, he said, whose people have long pursued the universal values of democracy, freedom, and respect for human rights, and that is what is most important. Regarding the intensifying tensions between the US and China, the president was asked what roles Taiwan and Japan can play. President Lai responded that in his view, Japan is a powerful nation, and he sincerely hopes that Japan can take a leading role amid these changes in the international landscape. He said he believes that countries in the Indo-Pacific region are also willing to respond. He suggested several areas where we can work together: first, democracy and peace; second, innovation and prosperity; and third, justice and sustainability. President Lai stated that in the face of authoritarian threats, we should let peace be our beacon and democracy our compass as we respond to the challenges posed by authoritarian states. Second, he added, as the world enters an era characterized by the comprehensive adoption of smart technologies, Japan and Taiwan should collaborate in the field of innovation to further drive regional prosperity and development. Third, he continued, is justice and sustainability. He explained that because international society still has many issues that need to be resolved, Taiwan and Japan can cooperate for the public good, helping countries in need around the world, and cooperating to address climate change and achieve net-zero transition by 2050. Asked whether he hopes that the US will continue to be a leader in the liberal democratic system, President Lai responded by saying that although the US severed diplomatic ties with the Republic of China, for the past few decades it has assisted Taiwan in various areas such as national defense, security, and countering threats from China, based on the Taiwan Relations Act and the Six Assurances. He pointed out that Taiwan has also benefited, directly and indirectly, in terms of politics, democracy, and economic prosperity thanks to the US, and so Taiwan naturally hopes that the US remains strong and continues to lead the world. President Lai said that when the US encounters difficulties, whether financial difficulties, reindustrialization issues, or becoming a global center for AI, and hopes to receive support from its friends and allies to jointly safeguard regional peace and stability, Taiwan is willing to stand together for a common cause. If the US remains strong, he said, that helps Taiwan, the Indo-Pacific region, and the world as a whole. Noting that while the vital role of the US on the global stage has not changed, the president said that after decades of shouldering global responsibilities, it has encountered some issues. Now, it has to make adjustments, he said, stating his firm belief that it will do so swiftly, and quickly resume its leadership role in the world. Asked to comment on remarks he made during his election campaign that he would like to invite China’s President Xi Jinping for bubble tea, President Lai responded that Taiwan is a peace-loving country, and Taiwanese society is inherently kind, and therefore we hope to get along peacefully with China, living in peace and mutual prosperity. So, during his term as vice president, he said, he was expressing the goodwill of Taiwanese society. Noting that while he of course understands that China’s President Xi would have certain difficulties in accepting this, he emphasized that the goodwill of Taiwanese society has always existed. If China reflects on the past two or three decades, he said, it will see that its economy was able to develop with Taiwan as its largest foreign investor. The president explained that every year, 1 to 2 million Taiwanese were starting businesses or investing in China, creating numerous job opportunities and stabilizing Chinese society. While many Taiwanese businesses have profited, he said, Chinese society has benefited even more. He added that every time a natural disaster occurs, if China is in need, Taiwanese always offer donations. Therefore, the president said, he hopes that China can face the reality of the Republic of China’s existence and understand that the people of Taiwan hope to continue living free and democratic lives with respect for human rights. He also expressed hope that China can pay attention to the goodwill of Taiwanese society. He underlined that we have not abandoned the notion that as long as there is parity, dignity, exchange, and cooperation, the goodwill of choosing dialogue over confrontation and exchange over containment will always exist. Asked for his view on the national security reforms in response to China’s espionage activities and infiltration attempts, President Lai said that China’s united front infiltration activities in Taiwan are indeed very serious. He said that China’s ambitions to annex Taiwan rely not only on the use of political and military intimidation, but also on its long-term united front and infiltration activities in Taiwanese society. Recently, he pointed out, the Taiwan High Prosecutors Office of the Ministry of Justice prosecuted 64 spies, which is three times the number in 2021, and in addition to active-duty military personnel, many retired military personnel were also indicted. Moreover, he added, Taiwan also has the Chinese Unification Promotion Party, which has a background in organized crime, Rehabilitation Alliance Party, which was established by retired military personnel, and Republic of China Taiwan Military Government, which is also composed of retired generals. He explained that these are all China’s front organizations, and they plan one day to engage in collaboration within Taiwan, which shows the seriousness of China’s infiltration in Taiwan. Therefore, the president said, in the recent past he convened a high-level national security meeting and proposed 17 response strategies across five areas. He then enumerated the five areas: first, to address China’s threat to Taiwan’s sovereignty; second, to respond to the threat of China’s obscuring the Taiwanese people’s sense of national identity; third, to respond to the threat of China’s infiltrating and recruiting members of the ROC Armed Forces as spies; fourth, to respond to the threat of China’s infiltration of Taiwanese society through societal exchanges and united front work; and fifth, to respond to the threat of China using “integration plans” to draw Taiwan’s young people and Taiwanese businesses into its united front activities. In response to these five major threats, he said, he has proposed 17 response strategies, one of which being to restore the military trial system. He explained that if active-duty military personnel commit military crimes, they must be subject to military trials, and said that this expresses the Taiwanese government’s determination to respond to China’s united front infiltration and the subversion of Taiwan. Responding to the question of which actions Taiwan can take to guard against China’s threats to regional security, President Lai said that many people are worried that the increasingly tense situation may lead to accidental conflict and the outbreak of war. He stated his own view that Taiwan is committed to facing China’s various threats with caution. Taiwan is never the source of these problems, he emphasized, and if there is an accidental conflict and it turns into a full-scale war, it will certainly be a deliberate act by China using an accidental conflict as a pretext. He said that when China expanded its military presence in the East China Sea and South China Sea, the international community did not stop it; when China conducted exercises in the Taiwan Strait, the international community did not take strong measures to prevent this from happening. Now, he continued, China is conducting gray-zone exercises, which are aggressions against not only the Taiwan Strait, the South China Sea, and the East China Sea, but also extending to the Sea of Japan and waters near South Korea. He said that at this moment, Taiwan, the Philippines, Japan, and even the US should face these developments candidly and seriously, and we must exhibit unity and cooperation to prevent China’s gray-zone aggression from continuing to expand and prevent China from shifting from a military exercise to combat. If no action is taken now, the president said, the situation may become increasingly serious. Asked about the view of some US analysts who point out that China will have the ability to invade Taiwan around 2027, President Lai responded that Taiwan, as the country on the receiving end of threats and aggression, must plan for the worst and make the best preparations. He recalled a famous saying from the armed forces: “Do not count on the enemy not showing up; count on being ready should it strike.” This is why, he said, he proposed the Four Pillars of Peace action plan. First, he said, we must strengthen our national defense. Second, he added, we must strengthen economic resilience, adding that not only must our economy remain strong, but it must also be resilient, and that we cannot put all our eggs in the same basket, in China, as we have done in the past. Third, he continued, we must stand shoulder to shoulder with friends and allies such as Japan and the US, as well as the democratic community, and we must demonstrate the strength of deterrence to prevent China from making the wrong judgment. Fourth, he emphasized, as long as China treats Taiwan with parity and dignity, Taiwan is willing to conduct exchanges and cooperate with China and seek cross-strait peace and mutual prosperity through exchanges and cooperation. Regarding intensifying US-China confrontation, the president was asked in which areas he thinks Taiwan and Japan should strengthen cooperation; with Japan’s Ishiba administration also being a minority government, the president was asked for his expectations for the Ishiba administration. President Lai said that in the face of rapid and tremendous changes in the political situation, every government faces considerable challenges, especially for minority governments, but the Japanese government led by Prime Minister Ishiba has quite adequately responded with various strategies. Furthermore, he said, Japan is different from Taiwan, explaining that although Japan’s ruling party lacks a majority, political parties in Japan engage in competition domestically while exhibiting unity externally. He said that Taiwan’s situation is more challenging, because the ruling and opposition parties hold different views on the direction of the country, due to differences in national identity. The president expressed his hope that in the future Taiwan and Japan will enjoy even more comprehensive cooperation. He stated that he has always believed that deep historical bonds connect Taiwan and Japan. Over the past several decades, he said, when encountering natural disasters and tragedies, our two nations have assisted each other with mutual care and support. He said that the affection between the people of Taiwan and Japan is like that of a family. Pointing out that both countries face the threat of authoritarianism, he said that we share a mission to safeguard universal values such as democracy, freedom, and respect for human rights. The president said that our two countries should be more open to cooperation in various areas to maintain regional peace and stability as well as to strengthen cooperation in economic and industrial development, such as for semiconductor industry chains and everyday applications of AI, including robots and drones, adding that we can also cooperate on climate change response, such as in hydrogen energy and other strategies. He said our two countries should also continue to strengthen people-to-people exchanges. He then took the opportunity to once again invite our good friends from Japan to visit Taiwan for tourism and learn more about Taiwan, saying that the Taiwanese people wholeheartedly welcome our Japanese friends.

Details
2025-05-09
President Lai extends congratulations on election of His Holiness Pope Leo XIV
Following the successful election of the 267th pope of the Roman Catholic Church, His Holiness Pope Leo XIV, on May 8, President Lai Ching-te extended sincere congratulations on behalf of the people and government of Taiwan, including its Catholic community. The president stated that he looks forward to working with Pope Leo XIV to continue deepening cooperation in the area of humanitarian aid and jointly defend the universal value of religious freedom, expanding and strengthening the alliance between Taiwan and the Vatican. Upon learning of the election results, President Lai directed the Republic of China (Taiwan) Embassy to the Holy See to convey a message of congratulations. In the message, President Lai extended sincere congratulations to Pope Leo XIV on behalf of the people and government of Taiwan, including its Catholic community, expressing confidence that His Holiness will lead the Catholic Church and its 1.4 billion followers worldwide with profound wisdom. President Lai also emphasized that Taiwan looks forward to continuing to work alongside the Holy See in the shared pursuit of peace, justice, religious freedom, solidarity, friendship, and human dignity. This year marks the 83rd anniversary of the establishment of diplomatic ties between Taiwan and the Vatican. Enjoying a strong alliance, Taiwan and the Vatican share such universal values as freedom of religion, respect for human rights, peace, and benevolence, and conduct close exchanges. Taiwan will continue to engage in exchanges and cooperation with the Holy See, further strengthen bilateral relations, and work alongside the Holy See to contribute even more to the world.

Details
2025-05-05
President Lai meets Japanese Diet Member and former Minister of Economy, Trade, and Industry Nishimura Yasutoshi
On the afternoon of May 5, President Lai Ching-te met with a delegation from Japan led by House of Representatives Member and former Minister of Economy, Trade, and Industry Nishimura Yasutoshi. President Lai thanked the government of Japan for continuously speaking up for Taiwan at international venues and reiterating the importance of peace and stability in the Taiwan Strait. The president stated that to address China’s gray-zone aggression against neighboring countries, Taiwan and Japan, both located in the first island chain, should strengthen cooperation and respond together. He said he looks forward to bilateral industrial cooperation in fields including semiconductors, hydrogen energy, AI, and drones, jointly strengthening the resilience of non-red supply chains, and promoting mutual prosperity and development. A translation of President Lai’s remarks follows: I would like to welcome all the members of the Japanese Diet who are using their valuable Golden Week vacation to visit Taiwan, especially House of Representatives Member Nishimura Yasutoshi, whom former Prime Minister Shinzo Abe deeply trusted and relied on, and who for many years held important cabinet positions. This is his first visit after a hiatus of 17 years, so I am sure he will sense Taiwan’s progress and development. House of Representatives Member Tanaka Kazunori has long promoted local exchanges between Taiwan and Japan, and I hope that our visitors will all gain a deeper understanding of Taiwan through this visit. Yesterday, several of our distinguished guests made a special trip to Kaohsiung to pay their respects at the statue of former Prime Minister Abe, a visionary politician with a broad, international perspective. The former prime minister pioneered the vision of a free and open Indo-Pacific, and once said that “if Taiwan has a problem, then Japan has a problem,” demonstrating strong support for Taiwan and making a deep and lasting impression on the hearts of Taiwanese. Over the past few years, China has continuously conducted military exercises in the Taiwan Strait, East and South China Seas, and carried out acts of gray-zone aggression against neighboring countries, severely undermining regional peace and stability. Taiwan and Japan, both located in the first island chain, should strengthen cooperation and respond together. Especially since Taiwan and Japan are democratic partners who share values such as freedom, democracy, and respect for human rights, if we can strengthen cooperation in areas such as maritime security, social resilience, and addressing gray-zone aggression, I am confident we can demonstrate the strength of deterrence, ensure peace and stability in the Indo-Pacific region, and safeguard our cherished democratic institutions. I would like to take this opportunity to thank the Japanese government for continuously speaking up for Taiwan at international venues, including this year’s US-Japan leaders’ summit, the G7 foreign ministers’ joint statement, and the Japan-NATO bilateral meeting, reiterating the importance of peace and stability in the Taiwan Strait and expressing opposition to unilaterally changing the status quo by force or coercion. In the face of global economic and trade changes, economic security is becoming increasingly important, and Taiwan looks forward to further deepening economic cooperation with Japan. In addition to actively seeking to participate in the Comprehensive and Progressive Agreement for Trans-Pacific Partnership (CPTPP), Taiwan hopes to sign an economic partnership agreement (EPA) with Japan as soon as possible. This will expand our cooperation in industries such as semiconductors, hydrogen energy, AI, and drones, establish a closer economic partnership, jointly strengthen the resilience of non-red supply chains, and promote mutual prosperity and development. Once again, I welcome all of our guests. I am deeply grateful for your taking concrete action to deepen Taiwan-Japan relations and show support for Taiwan. I wish you a successful and rewarding visit. Representative Nishimura then delivered remarks, first thanking President Lai for taking time out of his busy schedule to meet with the visiting delegation. He also expressed admiration for the performance of President Lai’s government, which has allowed Taiwan to develop smoothly amidst the current complex international situation. Representative Nishimura mentioned that when former Prime Minister Abe unfortunately passed away in 2020, President Lai, who was vice president at the time, personally visited the former prime minister’s residence to offer his condolences. The representative said that including that meeting, today is the second time he and President Lai have met. This delegation’s visit to Taiwan, he said, carries on the legacy of former Prime Minister Abe. He said that Taiwan and Japan are countries that share universal values and have close ties in terms of economic cooperation and mutual visits. Notably, he highlighted, in 2024, business travelers from Taiwan made over six million visits to Japan, and based on population, Taiwan has the highest percentage of visitors to Japan. He also expressed hope that more Japanese people will visit Taiwan for tourism. Representative Nishimura stated that the delegation visited Kaohsiung yesterday to pay their respects at the statue of former Prime Minister Abe. Then, he said, they traveled to Tainan to sample a wide variety of fruits and local delicacies, during which time they also discussed the Wushantou Reservoir, built by Japanese engineer Hatta Yoichi. Since May 8 is the anniversary of Mr. Hatta’s birth, Representative Nishimura said he hopes to use this opportunity to continue Mr. Hatta’s concern and love for Taiwan, and further deepen the friendship between Taiwan and Japan. Representative Nishimura said that when he served as Japan’s Minister of Economy, Trade, and Industry, he welcomed Taiwan’s application to join the CPTPP on behalf of the Japanese government. He also said that his government has also provided substantial assistance for the establishment of Taiwan Semiconductor Manufacturing Company’s (TSMC) fab in Kumamoto, Japan. He said he believes that mutual cooperation between Taiwan and Japan in the semiconductor sector can further promote semiconductor industry development, and build a more resilient supply chain system. Representative Nishimura pointed out that former Prime Minister Abe once said, “If Taiwan has a problem, then Japan has a problem.” Currently, many European countries are also very concerned about peace and stability in the Asia-Pacific region, because it is crucial to peace and stability in the entire international community. It can therefore be said that “if Taiwan has a problem, the world has a problem.” He said he believes that in order to maintain peace and stability in the Taiwan Strait, like-minded countries and allied nations must all cooperate closely and definitively proclaim that message. He then said he looks forward to exchanging views with President Lai on issues such as strengthening Taiwan-Japan relations and changes in the international situation. The delegation also included Chairman of Kanagawa Prefecture Japan-Taiwan Friendship Association Matsumoto Jun, Japanese House of Representatives members Nishime Kosaburo, Sasaki Hajime, Yana Kazuo, and Katou Ryusho, and Japan-Taiwan Exchange Association Taipei Office Chief Representative Katayama Kazuyuki.

Details
2025-05-02
President Lai meets Atlantic Council delegation
On the afternoon of May 2, President Lai Ching-te met with a delegation from the Atlantic Council, a think tank based in Washington, DC. In remarks, President Lai said that we have already proposed a roadmap for deepening Taiwan-US trade ties to achieve a common objective of reducing all bilateral tariffs. At the same time, the president said, we will expand investments across the United States and create win-win outcomes for both sides through the trade and economic strategy of “Taiwan plus the US.” The president also emphasized that Taiwan is not only a bastion of freedom and democracy, but also an indispensable hub for global supply chains. He expressed hope that, given shared economic and security interests, Taiwan and the US will generate even greater synergy and prove to be each other’s strongest support. A translation of President Lai’s remarks follows: I welcome you all to Taiwan. In particular, Vice President Matthew Kroenig visited Taiwan last June and now is making another trip less than a year later. He also contributed an important article supporting Taiwan to a major international publication, highlighting the concern that our international friends have for Taiwan. We are truly moved and thankful. On behalf of the people of Taiwan, I sincerely thank all sectors of the US for their longstanding and steadfast support for Taiwan. Especially, as we face the challenges arising from the regional situation, we hope to continue deepening the Taiwan-US partnership. Holding a key position on the first island chain, Taiwan faces military threats and gray-zone aggression from China. We will continue to show our unwavering determination to defend ourselves. I want to emphasize that Taiwan is accelerating efforts to enhance its overall defense capabilities. The government will also prioritize special budget allocations to increase Taiwan’s defense spending from 2.5 percent of GDP to more than 3 percent. This reflects the efforts we are putting into safeguarding our nation and demonstrates our determination to safeguard regional peace and stability. During President Donald Trump’s first term, Taiwan purchased 66 new F-16V fighter jets. The first of these rolled off the assembly line in South Carolina at the end of this March. This is crucial for Taiwan’s strategy of achieving peace through strength. In the future, we will continue to procure defense equipment from the US that helps ensure peace and stability across the Taiwan Strait. We also look forward to bilateral security collaboration evolving beyond arms sales to a partnership that encompasses joint research and development and joint manufacturing, further strengthening our cooperation and exchanges. Taiwan firmly believes in fair, free, and mutually beneficial trade ties. Indeed, we have already proposed a roadmap for deepening Taiwan-US trade ties. This includes our common objective of reducing all bilateral tariffs as well as narrowing the trade imbalance through the procurement of energy and agricultural and other industrial products from the US. At the same time, we will expand investments across the US. We will promote our “Taiwan plus one” policy, that is, the new trade and economic strategy of “Taiwan plus the US,” to build non-red supply chains and create win-win outcomes for both sides. As the US is moving to reindustrialize its manufacturing industry and may hope to become a global manufacturing center for AI, Taiwan is willing to join in the efforts. Taiwan is not only a bastion of freedom and democracy, but also an indispensable hub for global supply chains. We have every confidence that, given shared Taiwan-US economic and security interests, we can generate even greater synergy and prove to be each other’s strongest support. In closing, I thank Vice President Kroenig once again for leading this delegation, demonstrating support for Taiwan. I look forward to exchanging opinions with you all in just a few moments. I wish you a smooth and successful trip. Vice President Kroenig then delivered remarks, first thanking President Lai for hosting them. He said that it is an honor to be here and to lead a delegation from the Atlanta Council, which consists of a mix of former senior US government officials with responsibility for Taiwan and also rising stars visiting Taiwan for the first time. Vice President Kroenig said that they are here at a critical moment, as there is an ongoing war in Europe, multiple conflicts in the Middle East, and increased Chinese aggression in the Indo-Pacific. Moreover, he pointed out, the regimes of China, Russia, Iran, and North Korea are increasingly working together in a new axis of aggressors. Vice President Kroenig indicated that the challenge facing the US and its allies and partners, including Taiwan, is how to deter these autocracies and maintain global peace, prosperity, and freedom, especially in Taiwan, whose security and stability matter, not only for Taiwan, but also for the US and the world. Vice President Kroenig assured President Lai and the people of Taiwan that the US is a reliable partner for Taiwan. The vice president stated that the administration under President Trump is prioritizing the deterrence of China, and that President Trump has announced an intention to have the largest US defense budget in history, more than US$1 trillion, to resource this priority. Pointing out that an America-first president will not help a country that is not helping itself, Vice President Kroenig said that their delegation has been impressed with the steps President Lai and the administration are taking to strengthen Taiwan’s security, including increasing defense spending, developing a societal resilience strategy, and using cutting edge technologies like unmanned systems to promote indigenous defense production. Vice President Kroenig said that more than money and equipment are necessary to secure a democracy against a powerful and ruthless neighbor, adding that history shows that the human factor is the most important. In the end, he said, it will be the will of the people of Taiwan to resist coercion and to defend their home which will be the most important factor determining the future fate of Taiwan and for the ability of the people of Taiwan to chart their own destiny. Vice President Kroenig emphasized that Americans are willing to support Taiwan in this endeavor, but it will be the people of Taiwan and strong and capable leaders like President Lai at the forefront of this struggle, with the firm support of America. Vice President Kroenig said that as the US and Taiwan work together on these challenges, the Atlantic Council looks forward to offering support behind the scenes. Founded in 1961 to support the Transatlantic Alliance, he said, the Atlantic Council is a global think tank, and part of its DNA is working closely with friends and allies in the Indo-Pacific, including Taiwan. He said they look forward to continuing their close and longstanding cooperation with Taiwan through visiting delegations, research and reports, and public and private events. In closing, Vice President Kroenig thanked President Lai again for hosting them and for the work he is doing to secure the free world. The delegation also included former Deputy Assistant Secretary of Defense for East Asia Heino Klinck and former Director for Taiwan Affairs at the White House National Security Council Marvin Park.

Details
2025-05-20
President Lai interviewed by Nippon Television and Yomiuri TV
In a recent interview on Nippon Television’s news zero program, President Lai Ching-te responded to questions from host Mr. Sakurai Sho and Yomiuri TV Shanghai Bureau Chief Watanabe Masayo on topics including reflections on his first year in office, cross-strait relations, China’s military threats, Taiwan-United States relations, and Taiwan-Japan relations. The interview was broadcast on the evening of May 19. During the interview, President Lai stated that China intends to change the world’s rules-based international order, and that if Taiwan were invaded, global supply chains would be disrupted. Therefore, he said, Taiwan will strengthen its national defense, prevent war by preparing for war, and achieve the goal of peace. The president also noted that Taiwan’s purpose for developing drones is based on national security and industrial needs, and that Taiwan hopes to collaborate with Japan. He then reiterated that China’s threats are an international problem, and expressed hope to work together with the US, Japan, and others in the global democratic community to prevent China from starting a war. Following is the text of the questions and the president’s responses: Q: How do you feel as you are about to round out your first year in office? President Lai: When I was young, I was determined to practice medicine and save lives. When I left medicine to go into politics, I was determined to transform Taiwan. And when I was sworn in as president on May 20 last year, I was determined to strengthen the nation. Time flies, and it has already been a year. Although the process has been very challenging, I am deeply honored to be a part of it. I am also profoundly grateful to our citizens for allowing me the opportunity to give back to our country. The future will certainly be full of more challenges, but I will do everything I can to unite the people and continue strengthening the nation. That is how I am feeling now. Q: We are now coming up on the 80th anniversary of the end of World War II, and over this period, we have often heard that conflict between Taiwan and the mainland is imminent. Do you personally believe that a cross-strait conflict could happen? President Lai: The international community is very much aware that China intends to replace the US and change the world’s rules-based international order, and annexing Taiwan is just the first step. So, as China’s military power grows stronger, some members of the international community are naturally on edge about whether a cross-strait conflict will break out. The international community must certainly do everything in its power to avoid a conflict in the Taiwan Strait; there is too great a cost. Besides causing direct disasters to both Taiwan and China, the impact on the global economy would be even greater, with estimated losses of US$10 trillion from war alone – that is roughly 10 percent of the global GDP. Additionally, 20 percent of global shipping passes through the Taiwan Strait and surrounding waters, so if a conflict breaks out in the strait, other countries including Japan and Korea would suffer a grave impact. For Japan and Korea, a quarter of external transit passes through the Taiwan Strait and surrounding waters, and a third of the various energy resources and minerals shipped back from other countries pass through said areas. If Taiwan were invaded, global supply chains would be disrupted, and therefore conflict in the Taiwan Strait must be avoided. Such a conflict is indeed avoidable. I am very thankful to Prime Minister of Japan Ishiba Shigeru and former Prime Ministers Abe Shinzo, Suga Yoshihide, and Kishida Fumio, as well as US President Donald Trump and former President Joe Biden, and the other G7 leaders, for continuing to emphasize at international venues that peace and stability across the Taiwan Strait are essential components for global security and prosperity. When everyone in the global democratic community works together, stacking up enough strength to make China’s objectives unattainable or to make the cost of invading Taiwan too high for it to bear, a conflict in the strait can naturally be avoided. Q: As you said, President Lai, maintaining peace and stability across the Taiwan Strait is also very important for other countries. How can war be avoided? What sort of countermeasures is Taiwan prepared to take to prevent war? President Lai: As Mr. Sakurai mentioned earlier, we are coming up on the 80th anniversary of the end of WWII. There are many lessons we can take from that war. First is that peace is priceless, and war has no winners. From the tragedies of WWII, there are lessons that humanity should learn. We must pursue peace, and not start wars blindly, as that would be a major disaster for humanity. In other words, we must be determined to safeguard peace. The second lesson is that we cannot be complacent toward authoritarian powers. If you give them an inch, they will take a mile. They will keep growing, and eventually, not only will peace be unattainable, but war will be inevitable. The third lesson is why WWII ended: It ended because different groups joined together in solidarity. Taiwan, Japan, and the Indo-Pacific region are all directly subjected to China’s threats, so we hope to be able to join together in cooperation. This is why we proposed the Four Pillars of Peace action plan. First, we will strengthen our national defense. Second, we will strengthen economic resilience. Third is standing shoulder to shoulder with the democratic community to demonstrate the strength of deterrence. Fourth is that as long as China treats Taiwan with parity and dignity, Taiwan is willing to conduct exchanges and cooperate with China, and seek peace and mutual prosperity. These four pillars can help us avoid war and achieve peace. That is to say, Taiwan hopes to achieve peace through strength, prevent war by preparing for war, keeping war from happening and pursuing the goal of peace. Q: Regarding drones, everyone knows that recently, Taiwan has been actively researching, developing, and introducing drones. Why do you need to actively research, develop, and introduce new drones at this time? President Lai: This is for two purposes. The first is to meet national security needs. The second is to meet industrial development needs. Because Taiwan, Japan, and the Philippines are all part of the first island chain, and we are all democratic nations, we cannot be like an authoritarian country like China, which has an unlimited national defense budget. In this kind of situation, island nations such as Taiwan, Japan, and the Philippines should leverage their own technologies to develop national defense methods that are asymmetric and utilize unmanned vehicles. In particular, from the Russo-Ukrainian War, we see that Ukraine has successfully utilized unmanned vehicles to protect itself and prevent Russia from unlimited invasion. In other words, the Russo-Ukrainian War has already proven the importance of drones. Therefore, the first purpose of developing drones is based on national security needs. Second, the world has already entered the era of smart technology. Whether generative, agentic, or physical, AI will continue to develop. In the future, cars and ships will also evolve into unmanned vehicles and unmanned boats, and there will be unmanned factories. Drones will even be able to assist with postal deliveries, or services like Uber, Uber Eats, and foodpanda, or agricultural irrigation and pesticide spraying. Therefore, in the future era of comprehensive smart technology, developing unmanned vehicles is a necessity. Taiwan, based on industrial needs, is actively planning the development of drones and unmanned vehicles. I would like to take this opportunity to express Taiwan’s hope to collaborate with Japan in the unmanned vehicle industry. Just as we do in the semiconductor industry, where Japan has raw materials, equipment, and technology, and Taiwan has wafer manufacturing, our two countries can cooperate. Japan is a technological power, and Taiwan also has significant technological strengths. If Taiwan and Japan work together, we will not only be able to safeguard peace and stability in the Taiwan Strait and security in the Indo-Pacific region, but it will also be very helpful for the industrial development of both countries. Q: The drones you just described probably include examples from the Russo-Ukrainian War. Taiwan and China are separated by the Taiwan Strait. Do our drones need to have cross-sea flight capabilities? President Lai: Taiwan does not intend to counterattack the mainland, and does not intend to invade any country. Taiwan’s drones are meant to protect our own nation and territory. Q: Former President Biden previously stated that US forces would assist Taiwan’s defense in the event of an attack. President Trump, however, has yet to clearly state that the US would help defend Taiwan. Do you think that in such an event, the US would help defend Taiwan? Or is Taiwan now trying to persuade the US? President Lai: Former President Biden and President Trump have answered questions from reporters. Although their responses were different, strong cooperation with Taiwan under the Biden administration has continued under the Trump administration; there has been no change. During President Trump’s first term, cooperation with Taiwan was broader and deeper compared to former President Barack Obama’s terms. After former President Biden took office, cooperation with Taiwan increased compared to President Trump’s first term. Now, during President Trump’s second term, cooperation with Taiwan is even greater than under former President Biden. Taiwan-US cooperation continues to grow stronger, and has not changed just because President Trump and former President Biden gave different responses to reporters. Furthermore, the Trump administration publicly stated that in the future, the US will shift its strategic focus from Europe to the Indo-Pacific. The US secretary of defense even publicly stated that the primary mission of the US is to prevent China from invading Taiwan, maintain stability in the Indo-Pacific, and thus maintain world peace. There is a saying in Taiwan that goes, “Help comes most to those who help themselves.” Before asking friends and allies for assistance in facing threats from China, Taiwan must first be determined and prepared to defend itself. This is Taiwan’s principle, and we are working in this direction, making all the necessary preparations to safeguard the nation. Q: I would like to ask you a question about Taiwan-Japan relations. After the Great East Japan Earthquake in 2011, you made an appeal to give Japan a great deal of assistance and care. In particular, you visited Sendai to offer condolences. Later, you also expressed condolences and concern after the earthquakes in Aomori and Kumamoto. What are your expectations for future Taiwan-Japan exchanges and development? President Lai: I come from Tainan, and my constituency is in Tainan. Tainan has very deep ties with Japan, and of course, Taiwan also has deep ties with Japan. However, among Taiwan’s 22 counties and cities, Tainan has the deepest relationship with Japan. I sincerely hope that both of you and your teams will have an opportunity to visit Tainan. I will introduce Tainan’s scenery, including architecture from the era of Japanese rule, Tainan’s cuisine, and unique aspects of Tainan society, and you can also see lifestyles and culture from the Showa era. The Wushantou Reservoir in Tainan was completed by engineer Mr. Hatta Yoichi from Kanazawa, Japan and the team he led to Tainan after he graduated from then-Tokyo Imperial University. It has nearly a century of history and is still in use today. This reservoir, along with the 16,000-km-long Chianan Canal, transformed the 150,000-hectare Chianan Plain into Taiwan’s premier rice-growing area. It was that foundation in agriculture that enabled Taiwan to develop industry and the technology sector of today. The reservoir continues to supply water to Tainan Science Park. It is used by residents of Tainan, the agricultural sector, and industry, and even the technology sector in Xinshi Industrial Park, as well as Taiwan Semiconductor Manufacturing Company. Because of this, the people of Tainan are deeply grateful for Mr. Hatta and very friendly toward the people of Japan. A major earthquake, the largest in 50 years, struck Tainan on February 6, 2016, resulting in significant casualties. As mayor of Tainan at the time, I was extremely grateful to then-Prime Minister Abe, who sent five Japanese officials to the disaster site in Tainan the day after the earthquake. They were very thoughtful and asked what kind of assistance we needed from the Japanese government. They offered to provide help based on what we needed. I was deeply moved, as former Prime Minister Abe showed such care, going beyond the formality of just sending supplies that we may or may not have actually needed. Instead, the officials asked what we needed and then provided assistance based on those needs, which really moved me. Similarly, when the Great East Japan Earthquake of 2011 or the later Kumamoto earthquakes struck, the people of Tainan, under my leadership, naturally and dutifully expressed their support. Even earlier, when central Taiwan was hit by a major earthquake in 1999, Japan was the first country to deploy a rescue team to the disaster area. On February 6, 2018, after a major earthquake in Hualien, former Prime Minister Abe appeared in a video holding up a message of encouragement he had written in calligraphy saying “Remain strong, Taiwan.” All of Taiwan was deeply moved. Over the years, Taiwan and Japan have supported each other when earthquakes struck, and have forged bonds that are family-like, not just neighborly. This is truly valuable. In the future, I hope Taiwan and Japan can be like brothers, and that the peoples of Taiwan and Japan can treat one another like family. If Taiwan has a problem, then Japan has a problem; if Japan has a problem, then Taiwan has a problem. By caring for and helping each other, we can face various challenges and difficulties, and pursue a brighter future. Q: President Lai, you just used the phrase “If Taiwan has a problem, then Japan has a problem.” In the event that China attempts to invade Taiwan by force, what kind of response measures would you hope the US military and Japan’s Self-Defense Forces take? President Lai: As I just mentioned, annexing Taiwan is only China’s first step. Its ultimate objective is to change the rules-based international order. That being the case, China’s threats are an international problem. So, I would very much hope to work together with the US, Japan, and others in the global democratic community to prevent China from starting a war – prevention, after all, is more important than cure.

MIL OSI Asia Pacific News –

May 21, 2025
MIL-OSI: BAYC#7537 AI computing satellite was successfully launched! Web3 interstellar computing era officially started

Source: GlobeNewswire (MIL-OSI)

LONDON, May 21, 2025 (GLOBE NEWSWIRE) — On May 14, 2025, 12:12 p.m. (Beijing Time), Adaspace successfully launched 12 satellites of the Space Computing Constellation 021 Mission from Jiuquan Satellite Launch Center through the Long March 2D launch vehicle. The successful entry of the satellites into the intended orbit marks the successful launch of the world’s first space computing constellation, which will open a new chapter of the global “space computing era”. Space Computing Constellation 021 Mission is not only the first constellation of “Star-Compute” program initiated by Adaspace, but also the first constellation of “Three-Body Computing Constellation” of Zhejiang Lab. The constellation consists of 12 computing satellites in one orbit invested by different entities and developed by Adaspace. The launch and orbiting of BAYC#7537 computing satellite marks Web3’s transformation from the virtual economy to the space computing network.

According to the introduction, the “protagonist” of this launch consists of 12 computing satellites in one orbit invested by different entities and developed by Adaspace, including Neijiang (Star Era-27), Neijiang High-Tech (Star Era-28), Taizhou (Star Era-29), Haikou (Star Era-30), Ma’anshan Intelligent Computing-1 (Star Era-31), Chongzhou (Star Era-32), Tiantie Technology (Star Era-33), BAYC #7573 (Star Era-34), Yukongzhe (Star Era-35), “Grand Neobay”(Star Era-36), Zhejiang-1 (Star Era-37) and Zhejiang-2 (Star Era-38). After the assembly of 12 satellites in one orbit, the on-orbit verification and application of the basic functions of space-based computing, such as chain building, networking and cloud formation, will be finished through interstellar laser high-speed interconnection, stable constellation networking and distributed computing management.

What is a computing constellation? In the past, satellites were only used for communication, navigation and remote sensing. Computing satellites are defined as the fourth type of satellites, which will become the basis of the first three satellites, and then form a new network system called computing constellation through the interconnection of satellites.

According to Wang Jian, academician of Chinese Academy of Engineering and director of Zhejiang Lab, the constellation can raise the computing power of a single satellite from level T to level P and realize interconnection between satellites like the Internet connects different computers together. “The construction of space computing constellation enables the single satellite to be of greater value and has far-reaching implications for the transformation of the aerospace industry.”

“The primary mission of this launch is to realize the transformation from ‘computing on Earth’ to ‘computing in space’ for specific scenarios to meet the growing demand for space-based instant computing and to help China take the lead in building a space computing infrastructure in the world.” The relevant official of Adaspace said. In short, support computing power with space power.

As a representative sign in the series, the holder of BAYC #7573 has repeatedly promoted the innovative application of AI. Naming the satellite after BAYC #7573 AI not only recognizes its cultural value, but also symbolizes the Web3 community’s deep involvement in cutting-edge technology. Both AI computing and Web3 have empowered the future.

Media Contact:

Organization: BAYC

Contact Person: David

Website: bayc.io

Email: bd@bayc.io

Disclaimer: This press release is provided by BAYC. The statements, views, and opinions expressed in this content are solely those of the content provider and do not necessarily reflect the views of this media platform or its publisher. We do not endorse, verify, or guarantee the accuracy, completeness, or reliability of any information presented. This content is for informational purposes only and should not be considered financial, investment, or trading advice. Investing in crypto and mining related opportunities involves significant risks, including the potential loss of capital. Readers are strongly encouraged to conduct their own research and consult with a qualified financial advisor before making any investment decisions. However, due to the inherently speculative nature of the blockchain sector–including cryptocurrency, NFTs, and mining–complete accuracy cannot always be guaranteed. Neither the media platform nor the publisher shall be held responsible for any fraudulent activities, misrepresentations, or financial losses arising from the content of this press release. Speculate only with funds that you can afford to lose. Neither the media platform nor the publisher shall be held responsible for any fraudulent activities, misrepresentations, or financial losses arising from the content of this press release. In the event of any legal claims or charges against this article, we accept no liability or responsibility.

Legal Disclaimer: This media platform provides the content of this article on an “as-is” basis, without any warranties or representations of any kind, express or implied. We do not assume any responsibility or liability for the accuracy, content, images, videos, licenses, completeness, legality, or reliability of the information presented herein. Any concerns, complaints, or copyright issues related to this article should be directed to the content provider mentioned above.

Photos accompanying this announcement are available at

https://www.globenewswire.com/NewsRoom/AttachmentNg/5a3dabf0-7692-42c8-b37f-13134f2f0cda

https://www.globenewswire.com/NewsRoom/AttachmentNg/5fc50272-48c8-4c99-b2d1-e6d527a23044

https://www.globenewswire.com/NewsRoom/AttachmentNg/90af1890-a355-49c4-b802-e354defca0a8

https://www.globenewswire.com/NewsRoom/AttachmentNg/cb9bb469-89e7-4853-a89a-6095c17f8c0c

The MIL Network –

May 21, 2025

MIL-OSI: WISeKey Launches WISe.ART 3.0, One of the World’s First and Largest Web3 Marketplaces for Digital Art, Twins, NFTs, and Crypto Collectibles

Source: GlobeNewswire (MIL-OSI)

WISeKey Launches WISe.ART 3.0, One of the World’s First and Largest Web3 Marketplaces for Digital Art, Twins, NFTs, and Crypto Collectibles

Geneva, Switzerland — May 21, 2025 — WISeKey International Holding Ltd (“WISeKey”) (SIX: WIHN, NASDAQ: WKEY), a leading global cybersecurity, blockchain, and IoT company, in partnership with its subsidiary, SEALSQ Corp (Nasdaq: LAES), which focuses on semiconductors, PKI, and post-quantum technology products, today announces the launch of new enhanced WISe.ART marketplace, a revolutionary Web3 platform for digital art, digital twins, NFTs, and crypto collectibles. This next-generation marketplace is one of the first and largest of its kind.

The WISe.ART 3.0 platform redefines the digital art experience by providing creators and collectors with a secure, traceable, and intelligent environment for trading and authenticating digital assets.

Key Features of WISe.ART 3.0:

Native Web3 support: Users can securely and easily connect their Metamask or Walletconnect wallet to the platform. NFTs can be imported and exported to the marketplace to allow complete control of their digital collection.
Refreshed platform & Multi-Device support: The WISe.Art platform has received a complete overhaul of its front-end and back-end structure, allowing users to carry their digital collection with them at all times, as the new platform supports desktop, tablets and mobile devices.
Link Between Physical and Digital Assets: WISe.ART NFTs are irreversibly connected to their corresponding physical objects, ensuring tamper-proof authenticity and provenance.
Smart Contracts for Monetization: Artists and creators can set automated royalty structures, usage rights, and monetization strategies through embedded smart contracts.
Advanced Cybersecurity & Post-Quantum Resilience: Secured by WISeKey’s and SEALSQ’s digital identity and encryption technologies, the platform safeguards all transactions and digital interactions against present and future cyber threats.
Easy purchase with Crossmint support: The Crossmint integration allows for seamless transactions with credit and debit cards, Apple and Google Pay, from anywhere in the world. Users that do not possess a wallet can create a ghost wallet on-the-fly upon checking out.

For Version 3 we have listened to our users and have added important new functionalities which they requested:

Collectors and artists can now import pre-minted NFTs from other platforms as long as they are minted in the crypto we support (such as Hedera, Polygon or Eth) and that the pre-minted NFTs are compatible with our requirements. Those wishing to consolidate their NFT collections into one wallet – it can now be done on WISe.ART. Additionally, artists wishing to leave a certain platform can now join WISe.ART and showcase their complete collections on one platform safely and efficiently.
Relisting tokens on the secondary market is still possible but for those who do not have a compatible wallet, it can be created with few simple steps, new prices can be set as the market fluctuates.
The user journey for artists and collectors is made simple and intuitive. New FAQ or contact request forms have been integrated for those who seek human interaction. Our white glove service is enhanced throughout the process.

Since its launch in 2021, WISe.ART, the NFT platform developed by WISeKey, has led numerous high-impact and pioneering NFT projects. Combining trusted digital identity, robust cybersecurity, and environmental consciousness, WISe.ART has redefined how digital art and luxury collectibles are created, verified, and traded. Here are the most significant NFT projects it has executed:

ONUART Foundation & United Nations – NFT for Education in Africa: A collaboration with ONUART and the UN led to NFT auctions designed to fund school-building initiatives in Africa, combining philanthropy with digital innovation. In 2023, WISeArt artist were the first to donate generative artworks to the ONUART Foundation in celebration of the 71^st anniversary of the UN Human Right Charter.
Antonio Banderas Foundation – Pedro Sandoval NFT Drop: A limited-edition NFT by artist Pedro Sandoval was sold to benefit the Antonio Banderas Foundation, showcasing WISe.ART’s support for social causes through cultural art.
Swiss Collector Events & WISe.ART Awards: WISe.ART has organized NFT art exhibitions, including the WISe.ART Awards, recognizing digital creators and curators pioneering new frontiers in NFT art.

Revolutionizing the Future of Art

WISe.ART 3.0 is democratizing digital expression by empowering billions of people worldwide to create, share, and monetize their artistic visions through a secure and trusted platform. Whether it’s a digitally generated painting, a collectible tied to a physical sculpture, or a new form of cultural expression, WISe.ART enables creators from all backgrounds to participate in the global digital art economy, safely and transparently. A new physical space will open Geneva to represent WISe.ART digital works on May 22. This space aims to bridge the 19^th and 21^st Century technologies raising awareness among collectors. The showroom will be a case study for the web3 communities to mingle with their cultural heritage.

Accessible Art Purchasing — Crypto Optional

To acquire WISe.ART digital artworks, including those linked to NFTs or hosted on blockchains, cryptocurrency is not a requirement. NFTs are available for purchase in USD and other fiat currencies, and transactions can be completed securely via credit card, debit card, Apple Pay or Google Pay. Additionally, Crossmint facilitates the conversion of fiat money to crypto for users who wish to engage in blockchain-based purchases. While collectors of blockchain-based works typically need a crypto wallet, platforms such as Metamask and WalletConnect make wallet setup simple, intuitive, and user-friendly, enabling purchases with the ease of acquiring a traditional artwork.

Carlos Moreira, Founder and CEO of WISeKey, stated: “Since inception the platform has welcomed an eclectic array of works representing all types of art from physical pieces coupled with digital twins, numeric compositions, ai assisted or generated art, music and film as well as collectibles like real estate, jewelry and design. As technology progresses, we attract artists who are keen to explore the new possibilities and means to convey their message. Technology is a tool – art is a vector for communication.”

WISe.ART 3.0 opens the door to a future where creativity meets accountability, and where digital assets are as protected and valuable as their physical counterparts. For more information, visit www.wise.art

About WISeKey

WISeKey International Holding Ltd (“WISeKey”, SIX: WIHN; Nasdaq: WKEY) is a global leader in cybersecurity, digital identity, and IoT solutions platform. It operates as a Swiss-based holding company through several operational subsidiaries, each dedicated to specific aspects of its technology portfolio. The subsidiaries include (i) SEALSQ Corp (Nasdaq: LAES), which focuses on semiconductors, PKI, and post-quantum technology products, (ii) WISeKey SA which specializes in RoT and PKI solutions for secure authentication and identification in IoT, Blockchain, and AI, (iii) WISeSat AG which focuses on space technology for secure satellite communication, specifically for IoT applications, (iv) WISe.ART Corp which focuses on trusted blockchain NFTs and operates the WISe.ART marketplace for secure NFT transactions, and (v) SEALCOIN AG which focuses on decentralized physical internet with DePIN technology and house the development of the SEALCOIN platform.

Each subsidiary contributes to WISeKey’s mission of securing the internet while focusing on their respective areas of research and expertise. Their technologies seamlessly integrate into the comprehensive WISeKey platform. WISeKey secures digital identity ecosystems for individuals and objects using Blockchain, AI, and IoT technologies. With over 1.6 billion microchips deployed across various IoT sectors, WISeKey plays a vital role in securing the Internet of Everything. The company’s semiconductors generate valuable Big Data that, when analyzed with AI, enable predictive equipment failure prevention. Trusted by the OISTE/WISeKey cryptographic Root of Trust, WISeKey provides secure authentication and identification for IoT, Blockchain, and AI applications. The WISeKey Root of Trust ensures the integrity of online transactions between objects and people. For more information on WISeKey’s strategic direction and its subsidiary companies, please visit www.wisekey.com.

Disclaimer
This communication expressly or implicitly contains certain forward-looking statements concerning WISeKey International Holding Ltd and its business. Such statements involve certain known and unknown risks, uncertainties and other factors, which could cause the actual results, financial condition, performance or achievements of WISeKey International Holding Ltd to be materially different from any future results, performance or achievements expressed or implied by such forward-looking statements. WISeKey International Holding Ltd is providing this communication as of this date and does not undertake to update any forward-looking statements contained herein as a result of new information, future events or otherwise.

This press release does not constitute an offer to sell, or a solicitation of an offer to buy, any securities, and it does not constitute an offering prospectus within the meaning of the Swiss Financial Services Act (“FinSA”), the FinSa’s predecessor legislation or advertising within the meaning of the FinSA. Investors must rely on their own evaluation of WISeKey and its securities, including the merits and risks involved. Nothing contained herein is, or shall be relied on as, a promise or representation as to the future performance of WISeKey.

Press and Investor Contacts

WISeKey International Holding Ltd
Company Contact: Carlos Moreira
Chairman & CEO
Tel: +41 22 594 3000
info@wisekey.com

WISeKey Investor Relations (US)
The Equity Group Inc.
Lena Cati
Tel: +1 212 836-9611
lcati@equityny.com

The MIL Network –

May 21, 2025

MIL-OSI Submissions: Analysis – Asia-Pacific card payments market to reach nearly $25 trillion in 2025, forecasts GlobalData

Source: GlobalData

The Asia-Pacific (APAC) card payments market is expected to growth by 4.3% to reach $24.7 trillion in 2025 supported by growing preference for electronic payments.

Strong growth in markets like China, South Korea, Japan, and Australia is complemented by rising adoption in emerging economies, supported by infrastructure improvements, regulatory initiatives, and expanding financial inclusion across the region, according to GlobalData, a leading data and analytics company.

GlobalData’s Payment Cards Analytics reveals that the card payment value in APAC registered a growth of 5.8% in 2023, driven by the rise in consumer spending. The value registered an estimated growth of 4.8% in 2024 to reach $23.7 trillion.

Ravi Sharma, Lead Banking and Payments Analyst at GlobalData, comments: “China, South Korea, Japan and Australia have a robust card payments market with high card payments value. Other markets within the region are also catching up supported by improving payment infrastructure, rising middle-income population, growing financial awareness, and banks offering lucrative benefits in terms of reward programs and instalment facilities.”

The APAC card payments market is dominated by China, which is expected to grow by 3.7% in 2025 to reach $20.3 trillion. It is distantly followed by South Korea with expected card payments value of $984.5 billion, Japan with $866.1 billion, and Australia with $731.4 billion in 2025.

However, card usage is comparatively low in the Philippines, Indonesia, India, Thailand, and Vietnam. This is mainly due to the limited financial awareness for card payments, inadequate POS infrastructure, and growing popularity of QR-based mobile payments.

These countries are also gradually pushing card adoption through various financial awareness campaigns as well as by introducing favorable regime. For instance, the central bank of Indonesia capped the credit card interest rate at 1.75%, effective from 1 July 2021, reducing it from existing 2% per month to drive credit card usage.

Similarly, in India, the government’s move to abolish merchant service fees on RuPay cards (domestic card) effective from 1 January 2020, encouraged the acceptance of RuPay cards among merchants, thereby pushing debit card usage.

However, high cost involved in POS infrastructure for merchants and high preference for digital wallets among consumers remain challenge for faster growth in card payments in the region. Many consumers in the region leapfrogged from cash to digital wallets skipping card payments. The availability of low-cost smartphones, rising Internet penetration, growing awareness of mobile payments and the proliferation of digital wallets have resulted in Asian countries shifting from cash transactions to mobile digital payments.

Sharma concludes: “Looking ahead, the total card payments market in APAC is expected to continue its upward trajectory, driven by ongoing government initiatives, improving payment infrastructure and a consumer shift towards electronic payments. However, high preference for mobile payments remains a challenge for their faster adoption. Overall, the card payments value in APAC is expected to register a compound annual growth rate (CAGR) of 6% between 2025 to 2029 to reach $31.1 trillion in 2029.”

About GlobalData

4,000 of the world’s largest companies, including over 70% of FTSE 100 and 60% of Fortune 100 companies, make more timely and better business decisions thanks to GlobalData’s unique data, expert analysis and innovative solutions, all in one platform. GlobalData’s mission is to help our clients decode the future to be more successful and innovative across a range of industries, including the healthcare, consumer, retail, financial, technology and professional services sectors.

MIL OSI – Submitted News –

May 21, 2025
MIL-OSI Russia: Introduction of new professions in China reflects the vitality of the country’s economic development

Translation. Region: Russian Federal

Source: People’s Republic of China in Russian – People’s Republic of China in Russian –

Source: People’s Republic of China – State Council News

At the closed test site of the National Internet of Vehicles Pilot Zone in Tianjin City (Xiqing District), Yao Zhonghua, an intelligent and connected vehicle (ICV) test specialist, is fully engrossed in creating a test scenario to prepare for the discovery of the ICV’s automatic emergency braking (AEB) function.

“We use test equipment to conduct tests on the efficiency and reliability of intelligent and connected vehicle functions, and record test videos and data in real time,” said Yao Zhonghua, 33.

In July 2024, the Ministry of Human Resources and Social Security of China and two other departments jointly released a list of 19 new occupations, and ICV tester is one of them.

According to analysis by Wang Linlin, dean of the Department of Human Resource Management at Nankai University Business School, over 70 percent of these new jobs are aimed at building new-quality productive forces, covering cutting-edge areas of “digital intelligence” such as the digital economy, green energy and intelligent manufacturing, which are the result of China’s technological revolution and industrial upgrading.

The introduction of new occupations leads to a broader range of products and services, allowing more people to make full use of their own advantages and open up new development opportunities. The new advanced occupations are highly consistent with the core content of the concept of “new quality productive forces” and reflect the vitality of China’s economic development.

At present, China’s renewing professional system has accelerated its development towards digitalization and intellectualization. Both the emergence of many new professions and the diversification of employers also reflect the acceleration of the country’s economic transformation and modernization.

“The emergence of new occupations creates a human resource base to ensure the growth of productive forces of new quality, promotes the movement of labor from low-value-added industries to high-skilled industries, and improves the overall quality of employment,” Wang Linlin said.

Taking the ICV industry as an example, more and more Chinese auto enterprises are pursuing innovative changes driven by new technologies. Digital workshops, smart factories, etc. are being built one after another, and innovative technological solutions and application scenarios are being introduced, leading to the constant emergence of new types of work and new professions.

She Hongzhi, deputy general manager of Yongtai Henji Investment (Tianjin), the operator of the National Internet of Vehicles Pilot Zone in Tianjin City (Xiqing District), said that in 2024, the total testing time at the closed testing site in the pilot zone exceeded 5,000 hours, showing a year-on-year increase of 150%.

“We have activated the development of the ICV industry, promoted the integration of enterprises into an industrial chain, created hundreds of vacancies in new professions, and the demand for skilled personnel in the fields of artificial intelligence, intelligent manufacturing and big data continues to grow,” She Hongzhi emphasized.

With the steady development of the digital economy, intelligent manufacturing and other fields, the demand for talent in new professions continues to grow. For example, according to forecasts in a report by consulting company McKinsey, by 2030, China’s demand for artificial intelligence specialists will reach 6 million people, and the shortage may reach 4 million people. According to the company’s estimates, the shortage of highly qualified digital specialists in China has already reached 25-30 million people, and it will continue to increase.

MIL OSI Russia News –

May 21, 2025
MIL-OSI USA: SPC Tornado Watch 308

Source: US National Oceanic and Atmospheric Administration

Note: The expiration time in the watch graphic is amended if the watch is replaced, cancelled or extended.Note: Click for Watch Status Reports.
SEL8

URGENT – IMMEDIATE BROADCAST REQUESTED
Tornado Watch Number 308
NWS Storm Prediction Center Norman OK
725 PM EDT Tue May 20 2025

The NWS Storm Prediction Center has issued a

* Tornado Watch for portions of
Northern Georgia
Eastern Kentucky
Far Southwest North Carolina
Eastern Tennessee
Far Southwest Virginia

* Effective this Tuesday night and Wednesday morning from 725 PM
until 200 AM EDT.

* Primary threats include…
A few tornadoes likely with a couple intense tornadoes possible
Scattered damaging wind gusts to 70 mph likely
Scattered large hail and isolated very large hail events to 2.5
inches in diameter possible

SUMMARY…A mix of supercell thunderstorms and clusters will spread
generally eastward this evening into the early overnight hours. A
few tornadoes may occur with this activity, and a strong tornado and
isolated very large hail will also be possible with any sustained
supercell. Otherwise, an increasing threat for scattered to numerous
damaging winds appears likely as thunderstorms attempt to organize
into a line later this evening. Peak gusts may reach up to 60-70
mph.

The tornado watch area is approximately along and 50 statute miles
east and west of a line from 35 miles north northeast of London KY
to 20 miles southeast of Rome GA. For a complete depiction of the
watch see the associated watch outline update (WOUS64 KWNS WOU8).

PRECAUTIONARY/PREPAREDNESS ACTIONS…

REMEMBER…A Tornado Watch means conditions are favorable for
tornadoes and severe thunderstorms in and close to the watch
area. Persons in these areas should be on the lookout for
threatening weather conditions and listen for later statements
and possible warnings.

&&

OTHER WATCH INFORMATION…CONTINUE…WW 303…WW 304…WW
305…WW 306…WW 307…

AVIATION…Tornadoes and a few severe thunderstorms with hail
surface and aloft to 2.5 inches. Extreme turbulence and surface wind
gusts to 60 knots. A few cumulonimbi with maximum tops to 550. Mean
storm motion vector 26030.

…Gleason

SEL8

URGENT – IMMEDIATE BROADCAST REQUESTED
Tornado Watch Number 308
NWS Storm Prediction Center Norman OK
725 PM EDT Tue May 20 2025

The NWS Storm Prediction Center has issued a

* Tornado Watch for portions of
Northern Georgia
Eastern Kentucky
Far Southwest North Carolina
Eastern Tennessee
Far Southwest Virginia

* Effective this Tuesday night and Wednesday morning from 725 PM
until 200 AM EDT.

* Primary threats include…
A few tornadoes likely with a couple intense tornadoes possible
Scattered damaging wind gusts to 70 mph likely
Scattered large hail and isolated very large hail events to 2.5
inches in diameter possible

SUMMARY…A mix of supercell thunderstorms and clusters will spread
generally eastward this evening into the early overnight hours. A
few tornadoes may occur with this activity, and a strong tornado and
isolated very large hail will also be possible with any sustained
supercell. Otherwise, an increasing threat for scattered to numerous
damaging winds appears likely as thunderstorms attempt to organize
into a line later this evening. Peak gusts may reach up to 60-70
mph.

The tornado watch area is approximately along and 50 statute miles
east and west of a line from 35 miles north northeast of London KY
to 20 miles southeast of Rome GA. For a complete depiction of the
watch see the associated watch outline update (WOUS64 KWNS WOU8).

PRECAUTIONARY/PREPAREDNESS ACTIONS…

REMEMBER…A Tornado Watch means conditions are favorable for
tornadoes and severe thunderstorms in and close to the watch
area. Persons in these areas should be on the lookout for
threatening weather conditions and listen for later statements
and possible warnings.

&&

OTHER WATCH INFORMATION…CONTINUE…WW 303…WW 304…WW
305…WW 306…WW 307…

AVIATION…Tornadoes and a few severe thunderstorms with hail
surface and aloft to 2.5 inches. Extreme turbulence and surface wind
gusts to 60 knots. A few cumulonimbi with maximum tops to 550. Mean
storm motion vector 26030.

…Gleason

Note: The Aviation Watch (SAW) product is an approximation to the watch area. The actual watch is depicted by the shaded areas.
SAW8
WW 308 TORNADO GA KY NC TN VA 202325Z – 210600Z
AXIS..50 STATUTE MILES EAST AND WEST OF LINE..
35NNE LOZ/LONDON KY/ – 20SE RMG/ROME GA/
..AVIATION COORDS.. 45NM E/W /34NNE LOZ – 39NW ATL/
HAIL SURFACE AND ALOFT..2.5 INCHES. WIND GUSTS..60 KNOTS.
MAX TOPS TO 550. MEAN STORM MOTION VECTOR 26030.

LAT…LON 37548292 34148405 34148580 37548475

THIS IS AN APPROXIMATION TO THE WATCH AREA. FOR A
COMPLETE DEPICTION OF THE WATCH SEE WOUS64 KWNS
FOR WOU8.

Watch 308 Status Report Message has not been issued yet.

Note: Click for Complete Product Text.Tornadoes

Probability of 2 or more tornadoes

Mod (60%)

Probability of 1 or more strong (EF2-EF5) tornadoes

Mod (40%)

Wind

Probability of 10 or more severe wind events

High (70%)

Probability of 1 or more wind events > 65 knots

Low (20%)

Hail

Probability of 10 or more severe hail events

Mod (40%)

Probability of 1 or more hailstones > 2 inches

Mod (40%)

Combined Severe Hail/Wind

Probability of 6 or more combined severe hail/wind events

High (80%)

For each watch, probabilities for particular events inside the watch (listed above in each table) are determined by the issuing forecaster. The “Low” category contains probability values ranging from less than 2% to 20% (EF2-EF5 tornadoes), less than 5% to 20% (all other probabilities), “Moderate” from 30% to 60%, and “High” from 70% to greater than 95%. High values are bolded and lighter in color to provide awareness of an increased threat for a particular event.

MIL OSI USA News –

May 21, 2025

Category: Internet Communications Technology

Executive Summary

Introduction

Description of Targets

Initial Access TTPs

Credential Guessing/Brute Force

Spearphishing

CVE Usage

Post-Compromise TTPs

Malware

Persistence

Exfiltration

Connections to Targeting of IP Cameras

Mitigation Actions

General Security Mitigations

IP Camera Mitigations

Indicators of Compromise (IOCs)

Utilities and scripts

Outlook CVE Exploitation IOCs

Commonly Used Webmail Providers

Malicious Archive Filenames Involving CVE-2023-38831

Brute Forcing IP Addresses

Detections

Customized NTLM listener

HEADLACE shortcut

HEADLACE credential dialogbox phishing

HEADLACE core script

MASEPIE

STEELHOOK

PSEXEC

Further Reference

Works Cited

Disclaimer of endorsement

Purpose

Contact

Appendix B: CVEs exploited

Appendix C: MITRE D3FEND Countermeasures

Lt. Gov. Luke – VNR – Hawaiʻi Schools Win ‘Super Sleuth’ Award in Internet Speeds Mapping Effort

Summary

Technical Details

Overview

File Execution

C2 Instructions

1. Opcode 0 – Steal Data Generic

2. Opcode 1 – Steal Browser Data

3. Opcode 2 – Steal Browser Data (Mozilla)

4. Opcode 3 – Download a File

5. Take Screenshot

6. Delete Self

Host Modifications

Decrypted Strings

Indicators of Compromise

MITRE ATT&CK Tactics and Techniques

Mitigations

Validate Security Controls

Reporting

Disclaimer

Acknowledgements

Version History

Executive Summary

Introduction

Description of Targets

Initial Access TTPs

Credential Guessing/Brute Force

Spearphishing

CVE Usage

Post-Compromise TTPs

Malware

Persistence

Exfiltration

Connections to Targeting of IP Cameras

Mitigation Actions

General Security Mitigations

IP Camera Mitigations

Indicators of Compromise (IOCs)

Utilities and scripts

Outlook CVE Exploitation IOCs

Commonly Used Webmail Providers

Malicious Archive Filenames Involving CVE-2023-38831

Brute Forcing IP Addresses

1. Opcode `0` – Steal Data Generic

2. Opcode `1` – Steal Browser Data

3. Opcode `2` – Steal Browser Data (Mozilla)

4. Opcode `3` – Download a File