Source: United States Senator for Illinois Tammy Duckworth
May 20, 2025
[WASHINGTON, D.C.] – Today, U.S. Senators Tammy Duckworth (D-IL), Kevin Cramer (R-ND) and Peter Welch (D-VT) re-introduced bipartisan legislation to make it easier for low-income families to afford the diapers they need. The End Diaper Need Act of 2025 would help assist low-income families address diaper need by providing targeted funding for states, territories, diaper banks and other eligible entities who help provide diapers and diapering supplies at no cost to those in need. A companion version of this bill is being introduced in the House by U.S. Representatives Rosa DeLauro (D-CT-03) and Bonnie Watson Coleman (D-NJ-12).
“No parent should have to choose between paying the bills and buying something as basic as diapers that are essential to the health and well-being of their children,” said Senator Duckworth. “After working for years to secure major funding that is supporting our nation’s diaper banks, I’m proud to have Senators Cramer and Welch on my side reintroducing this bipartisan bill so we can help end diaper need for all families.”
“Diapers are a basic necessity for all babies and toddlers, but many families struggle to afford enough diapers for their children,” said Senator Cramer. “Our bipartisan bill will increase access to diapers for children in need and deliver a commonsense tax policy update to ensure families can use their health savings in a way that works for them.”
“At a time when Republicans are trying to cut services working families rely on, and in the midst of an affordability crisis, it is important parents have access to the essentials they need,” said Senator Welch. “That’s why I’m proud to support this commonsense, bipartisan bill.”
Diapers are critical not only for those who wear them but also for the economic and emotional health of a family as a whole. However, in this country, 1 in 2 families has reported not having enough diapers. It’s estimated that infants require up to 12 diapers a day. At the same time, toddlers need up to 8 per day, costing $80 to $100 or more per month per baby. Despite the unsafe medical conditions that can occur from rationing diapers, such as skin infections, open sores, urinary tract infections and other conditions that may require medical attention, there is currently little to no federal assistance for purchasing diapers and diapering supplies.
To address this problem, the bipartisan End Diaper Need Act of 2025 would:
Appropriate $200 million per year for fiscal years 2026 to 2029 for the Social Services Block Grant Program, to be used to provide diapers and diapering supplies; and
Make medically necessary diapers and diapering supplies qualified medical expenses so that families can purchase them using their HSAs or HRAs.
A copy of the bill text can be found on Senator Duckworth’s website.
Along with Duckworth, Cramer and Welch, the legislation is co-sponsored in the Senate by U.S. Senator Mark Kelly (D-AR).
Along with DeLauro and Coleman, this legislation is co-sponsored in the House by U.S. Representative Valerie Foushee (D-NC-04).
“Families across the United States are struggling with the high cost of living. They are living paycheck to paycheck and struggling to keep up with their expenses. Sadly, one in three families do not have enough diapers to keep their children clean and healthy,” said Congresswoman DeLauro. “We cannot allow that to continue. If families do not have diapers, they cannot send their children to daycare. And if they cannot send their children to daycare, they cannot work. That is why I introduced the End Diaper Need Act with Congresswoman Bonnie Watson Coleman, and Senators Duckworth and Cramer, to provide families with reliable access to clean diapers that help keep their children safe and comfortable. I am also proud to join them in expressing our gratitude to local diaper banks and distribution programs that help support children and families nationwide. I will always fight to ensure families have the resources they need to thrive.”
“When families are forced to stretch their dollars by forgoing diapers it can put babies’ health at serious risk,” said Congresswoman Watson Coleman. “This legislation will help struggling families afford diapers and diapering supplies for their little ones. It’s time we do more to support working families trying to make ends meet – this bill will help us do that.”
The bipartisan End Diaper Need Act is endorsed by National Diaper Bank Network, Aeroflow, Center for Baby and Adult Hygiene Products, Center for Law and Social Policy, Child Welfare League of America, Coalition for Human Needs, First Focus for Children, HDI Wholesale, HIPPY US, JSL, Kimberly-Clark, MomsRising, National Women’s Law Center Action Fund and ZERO TO THREE.
“Our more than 240 member diaper banks are keeping babies healthier and helping parents access child care,” said National Diaper Bank Network CEO Joanne Samuel Goldblum. “But our research shows that diaper need has become much more widespread in the years that we have been tracking it. Unmet diaper need is pervasive in all of our communities throughout the country. A public health issue of this scale cannot be solved without our government investing in the proven solution to end diaper need.”
Duckworth also reintroduced the End Diaper Need Act in 2019, 2021 and 2023. She successfully secured $20 million in the final fiscal year (FY) 2023 appropriations package—and $10 million in the FY2022 appropriations package—dedicated to expanding diaper distribution programs. Duckworth also successfully secured provisions that mirrored her bipartisan End Diaper Need Act in the Democrat-passed American Rescue Plan that helped provide many low-income families with diapers and diapering supplies throughout the pandemic.
-30-
Source: United States Senator Kevin Cramer (R-ND)
WASHINGTON, D.C. – The Safe Routes to School (SRTS) Program, established nearly two decades ago, was created to make it safer and easier for students who walk or bike to school. In addition to providing safety education to children and caregivers, it also funds infrastructure improvements including sidewalks, crosswalks, and bike lanes. All 50 states and Washington, D.C., have SRTS programs which serve millions of students across the nation.
U.S. Senators Kevin Cramer (R-ND) and Ed Markey (D-MA) introduced the Safe Routes Improvement Act to enhance program accessibility for communities in North Dakota and nationwide. Specifically, the bill requires state departments of transportation (DOT) to designate an SRTS program coordinator, which will serve as a point of contact for local governments, school districts, and others looking to navigate the SRTS Program and receive funds for projects in their communities.
This builds on Cramer’s bipartisan efforts to expand program eligibility from elementary and middle school students to also include high school students, a policy change he secured in the 2021 Bipartisan Infrastructure Law (BIL). Under the BIL, a dozen projects across North Dakota received over $3 million in SRTS funding. Communities including Minot, Bismarck, Horace, Milnor, Linton, Carson, Fargo, Bowman, and Belfield have used these funds for various pedestrian improvements such as installing speed limit signs, constructing sidewalks and shared use paths, and building ADA-compliant ramps.
“As someone who walks to work every morning when I’m in Washington, I know how essential safe routes are for the kids who walk or bike to school,” said Cramer. “Over the last 20 years, the Safe Routes to School program has been instrumental in helping support infrastructure improvements to keep our kids safe. This legislation is a smart solution to make it easier for school districts and rural communities to access Safe Routes funding.”
“Every child deserves a safe journey to and from school, whether they’re walking, biking, or riding the bus,” said Markey. “By ensuring every state has a Safe Routes to School coordinator, we’re helping communities design safer streets and healthier futures. I’m proud to partner with Senator Cramer to introduce this legislation and put children’s safety first.”
“Senator Cramer’s leadership on this legislation shows he’s really looking out for North Dakota—and for communities across the country. Requiring every state to have a Safe Routes to School Coordinator isn’t just helpful, it’s essential,” said Blue Weber, Community Outreach Liaison at Bolton & Menk, and former CEO of the Downtown Development Association in Grand Forks. “These coordinators are key to making sure the projects we work on actually reflect what communities need and have the support to move forward. At Bolton & Menk, we believe great design starts with listening and this bill will support community voices to be heard.”
“Every child should be able to bike, walk, or roll to school safely,” said Bill Nesper, Executive Director of the League of American Bicyclists. “We applaud this legislation from Senators Cramer and Markey which would direct state departments of transportation to designate a Safe Routes to School Coordinator. By helping school districts and local governments navigate the grants process, share best practices, and track successes, Safe Routes to School Coordinators are a crucial resource in our shared goal to improve traffic safety for kids.”
“As the national leader of the Safe Routes to School movement, Safe Routes Partnership applauds Senator Cramer for his continued leadership in strengthening a program that helps students get to and from school safely and reliably,” said Marisa Jones, Managing Director of the Safe Routes Partnership. “Safe Routes to School is an evidence-based, cost-effective, bipartisan initiative that supports rural, suburban, and urban communities in meeting the daily transportation needs of families. By ensuring every state has a dedicated Safe Routes to School coordinator, this legislation will expand the program’s reach and ensure more communities can benefit from safer, more connected school travel options.”
“Safe Kids Grand Forks has done a considerable amount of pedestrian and bike safety work with the Safe Routes to School Program,” said Carma Hanson, Coordinator of Safe Kids Grand Forks at Altru Health System. “We have done this in an effort to assure that all kids get to and from school safely. Our work in both North Dakota and Minnesota demonstrates the importance of partnerships that are led by a collaborative and engaging entity, assuring cost effective and credible programming and interventions. We are thrilled that Senator Cramer is helping lead the charge on the national level for this type of collaboration and partnership as we strive to assure students get to and from school safely.”
Click here for bill text.
Source: United States Senator for West Virginia Shelley Moore Capito
WASHINGTON, D.C. – Today, U.S. Senators Shelley Moore Capito (R-W.Va.) and Cory Booker (D-N.J.), along with Representatives Carol Miller (R-W.Va.-1) and Danny K. Davis (D-Ill.-7) introduced the Second Chance Reauthorization Act of 2025.
The legislation would reauthorize critical reentry grant programs from the Second Chance Act of 2008, which was most recently reauthorized during the first Trump administration as part of the First Step Act in 2018, including services and supports for housing, career training, and treatment for substance use disorders and/or mental illness. The legislation would also reauthorize critical programs to reduce recidivism, invest in communities, and promote public safety.
“Over 95% of incarcerated people will be released at some point,” Senator Capito said. “The Second Chance Reauthorization Act will help people reentering society get the resources they need to become productive and successful members of their communities. Whether it’s helping them find a job, providing therapy and rehabilitation services for those struggling with addiction, providing faith-based programming to help people turn over a new leaf, or many other services, this legislation will help provide resources to a wide range of programs across the country that have been proven to reduce recidivism rates.”
“Since 2008, the Second Chance Act has supported programs across the country that provide opportunities to those rebuilding their lives after incarceration. This is why this there has always been bipartisan support for funding for second chance programs – we have seen that these programs work in communities everywhere. In fact, they have helped reduce the three-year rate of recidivism in our country by almost a quarter since its passage,” Senator Booker said. “This bipartisan legislation provides the necessary tools and reentry services that formerly incarcerated individuals need to be successful when they leave prison. Empowering these individuals is not just the right thing to do, it makes our communities safer for us all. And Congress should ensure that every community, red or blue, rural or urban, is able to access these critical grant funds.”
“Since the Second Chance Act passed in 2008, formerly incarcerated West Virginians reentering our communities have received the vital services and support they needed to return home successfully,” Congresswoman Miller said. “We have seen the benefits of the Second Chance Act in West Virginia and across the country. When we put in place strong reentry programming, we are creating safer communities where individuals feel supported and empowered to break the cycle of recidivism.”
“Second Chance reentry programs and services have reached hundreds of thousands of individuals and families across the country, creating healthier families and safer communities,” Congressman Davis said. “Continuing to invest in these evidenced-based interventions is a commonsense approach to strengthen individuals, re-build families, and grow our economy.”
The Second Chance Reauthorization Act of 2025 would:
Reauthorize key grant programs that provide vital services, supports, and resources for people reentering their communities after incarceration;
Expand allowable uses for supportive and transitional housing services for individuals reentering the community from prison and jail; and
Enhance addiction treatment services for individuals with substance use disorders, including peer recovery services, case management, and overdose prevention.
Since its passage 16 years ago, Second Chance has supported states, local governments, tribal governments, and nonprofit organizations in their efforts to reduce recidivism. To date, Second Chance grants have reached more than 442,000 justice-involved individuals who participated in reentry services or parole and probation programs. West Virginia has received more than $5 million in funding through Second Chance grants.
From 2009 to 2024, the U.S. Department of Justice awarded over 1,300 Second Chance Act grants to states, local, and tribal governments, as well as reentry-focused community organizations. Second Chance grants have been administered to 871 agencies across 49 U.S. states, territories, and the District of Columbia.
The Second Chance Reauthorization Act of 2024 is endorsed by the following organizations: American Correctional Association, American Jail Association, American Parole and Probation Association, Catholic Charities USA, Correctional Leaders Association, Council of State Governments Justice Center, CPAC, Major County Sheriffs of America, National Alliance on Mental Illness, National Association of Counties, National Association of State Alcohol and Drug Abuse Directors, National Association of State Mental Health Program Directors, National District Attorneys Association, National League of Cities, Prison Fellowship, Treatment Alternatives for Safe Communities, and U.S. Chamber of Commerce.
To read the full text of the bill, click here.
Source: United States Senator for West Virginia Shelley Moore Capito
[embedded content]
To watch Chairman Capito’s opening statement, click here or the image above.
WASHINGTON, D.C. – Today, U.S. Senator Shelley Moore Capito (R-W.Va.), Chairman of the Senate Environment and Public Works (EPW) Committee, led a hearing on the U.S. Environmental Protection Agency’s (EPA) proposed budget for Fiscal Year 2026 with EPA Administrator Lee Zeldin.
In her opening remarks, Chairman Capito applauded Administrator Zeldin for his leadership in returning EPA to its core mission, reversing the federal overreach of the previous administration, and focusing the agency on issues important to West Virginia and the country. Additionally, Chairman Capito highlighted ways EPA’s proposed budget benefits hardworking Americans and areas it can be improved.
Below is the opening statement of Chairman Shelley Moore Capito (R-W.Va.) as delivered.
“Welcome to Administrator Zeldin, it is good to see you again. I understand you’ve had several hearings over the past few days, so I know you’ve been busy. I believe you are doing an excellent job in implementing your vision to return the EPA to its core mission of protecting our country’s air, our land, and water, while eliminating wasteful spending.
“To start, I applaud your aggressive efforts to undo the previous administration’s regulatory overreach. Your leadership will put us on the path to energy dominance with sound environmental procedures.
“Your efforts, like rescinding the Biden Clean Power Plan 2.0 rule…that was part of a comprehensive strategy intended to shut down all fossil-fuel electric generation, will unleash our economy and help onshore American jobs.
“President Trump and his team are also putting West Virginia first, by announcing an agency-wide PFAS strategy and providing West Virginia with the authority to permit wells to sequester carbon dioxide. I appreciate the structural changes that you, Administrator Zeldin, are bringing to the EPA.
“Several weeks ago, the EPA announced that it would move more than 130 experts to assist with reviews of new chemicals and pesticides. In 2016, the Congress told the EPA to accelerate the new chemical approval process, but the Agency has done little to comply with that direction. Reviews currently take months, if not years, stifling innovation and leaving companies reliant on outdated chemicals.
“Addressing the pace of this process is crucial to maintaining our competitiveness in a global market, expanding our key industries, and onshoring critical supply chains. I appreciate that you, Administrator Zeldin, are taking into account my previous calls to provide more resources to address this issue.
“This leads us to why we are here today, the EPA’s budget. I first want to thank the Administrator for acting on his pledge to prioritize being a good steward of tax-payer dollars.
“EPA has restored accountability to grant programs enacted through the partisan Inflation Reduction Act. For example, in February, the EPA canceled a $50 million grant made to the Climate Justice Alliance under the IRA’s environmental justice grant program.
“The Climate Justice Alliance is a non-profit organization that I investigated and found explicitly engaged in pro-Hamas, anti-Israel, anti-Semitic, anti-police, and anti-military activities. Some of these activities occurred while they were under consideration for an EPA grant awarded by the last administration.
“The EPA has taken immediate action to investigate and reclaim the $20 billion dollars awarded under the so-called ‘Green Bank’ program in the IRA. This money was rushed out the door before the end of the last administration under unprecedented, and I would say, suspicious terms.
“The EPA’s proposed Fiscal Year 2026 budget shows deep reductions for the agency. Some of these cuts reflect the best interests of hardworking Americans.
“For example, the budget proposes to cut $100 million from environmental justice programs that were added under the Biden Administration and have unnecessarily imposed requirements that are burdensome for small, regulated entities or grant awardees. This is a welcome start and it will reduce regulatory compliance burdens and allow tax dollars to beneficially impact more entities.
“However, there are bipartisan programs that would be impacted if the proposed budget is enacted, programs that have done much to help continuously clean up the air, water, and lands, as well as provide safe drinking water.
“For example, the proposed budget would reduce funding for the Brownfields program and includes an 89% cut to the Clean Water and Drinking Water State Revolving Funds.
“I and many of my colleagues have long been vocal about the importance of federal assistance for water infrastructure through the State Revolving Funds. In 2021, Congress made the largest bipartisan investment in the State Revolving Funds and water infrastructure in our nation’s history, delivering more than $50 billion for drinking water, wastewater, and stormwater programs.
“State revolving funds have helped many West Virginians, and many around the country, get connected with the water access and resources that they need. I hope that we can work together through the Appropriations process, as well as through the committee’s reauthorizations efforts, to make sure that adequate resources remain available to support our water systems.
“I look forward to building to that future with you, Mr. Administrator, over the next several years.”
Northland Police are responding to another crash on State Highway 1, south of Whangārei.
The crash has occurred at about 9.15am on northbound lanes near Mata.
It involves a vehicle carrying a horse float, but there are no reports of serious injuries.
One lane is blocked, and traffic is being diverted around the blockage.
Northbound traffic is still being impacted by an earlier crash on State Highway 1 near Oakleigh.
Southbound traffic is flowing, but Police are advising all motorists to take care on the roads and allow additional time to reach your destination this morning.
Source: US State of California Department of Justice
Wednesday, May 21, 2025
Contact: (916) 210-6000, agpressoffice@doj.ca.gov
SAN JOSE – California Attorney General Rob Bonta today announced the filing of felony charges against two caregivers for fraud and elder abuse. The California Department of Justice received a complaint referral from the California Department of Social Services alleging abuse and neglect of residents at an unlicensed care home located in San Jose. It was alleged that the residents were living in biohazardous conditions and were left with untreated medical issues, all the while the defendants were receiving in-home support service payments from Medi-Cal.
“Those who care for our elders have a profound responsibility to treat those in their care with the highest level of compassion and dignity,” said Attorney General Bonta. “They support individuals during some of the most challenging moments in their lives. At the California Department of Justice, we are committed to fighting against all types of elder abuse and neglect. We will take prompt action to ensure that anyone who exploits or harms these vulnerable members of our community is held accountable.”
A felony complaint has been filed in Santa Clara County Superior Court, charging the defendants with two felony counts of elder abuse, one felony count of dependent adult abuse, and one felony count of filing a false claim.
The California Department of Justice’s Division of Medi-Cal Fraud and Elder Abuse (DMFEA) works to protect Californians by investigating and prosecuting those responsible for abuse, neglect, and fraud committed against elderly and dependent adults in the state, and those who perpetrate fraud on the Medi-Cal program.
The Division of Medi-Cal Fraud and Elder Abuse receives 75 percent of its funding from the U.S. Department of Health and Human Services under a grant award totaling $69,244,976 for Federal fiscal year (FY) 2025. The remaining 25 percent is funded by the State of California. FY 2025 is from October 1, 2024, through September 30, 2025. A copy of the complaint can be found here.
It is important to note that criminal charges must be proven in a court of law. Every defendant is presumed innocent until proven guilty.
Source: United States House of Representatives – Congressman Hakeem Jeffries (8th District of New York)
Know Your Immigration Rights
If you or a loved one encounter immigration enforcement officials, it is essential that you know your rights and have prepared your household for all possible outcomes.
Ask for a warrant: The Fourth Amendment of the Constitution protects you from unreasonable search and seizure. You do not have to open your door until you see a valid warrant to enter your home or search your belongings.
Your right to remain silent: The Fifth Amendment protects your right to remain silent and not incriminate yourself. You are not required to share any personal information such as your place of birth, immigration status or criminal history.
Always consult an attorney: You have a right to speak with an attorney. You do not have to sign anything or hand officials any documents without speaking to an attorney. Try to identify and consult one in advance.
The New York City Office of Civil Justice and the Mayor’s Office of Immigrant Affairs (MOIA) support a variety of free immigration legal services through local nonprofit legal organizations. To access these resources, dial 311 and say “Action NYC,” call the MOIA Immigration Legal Support Hotline at 800-354-0365 Monday through Friday from 9:00 a.m. to 6:00 p.m. or visit MOIA’s website.
Learn more here: KNOW YOUR IMMIGRATION RIGHTS – Congressman Hakeem Jeffries
Source: United States Department of Justice (National Center for Disaster Fraud)
PHOENIX, Ariz. – Ronnie Lamar Strawberry, Jr., 39, of Los Angeles, California was sentenced on May 19, 2025, by Senior United States District Judge G. Murray Snow to 33 months in prison and ordered to pay $528,426 in restitution. Strawberry pleaded guilty to Conspiracy to Commit Wire Fraud. His sister, Raychelle Strawberry, who pleaded guilty to the same charge, was sentenced on the same day to 60 months of probation for her role in the offense.
According to the court documents and statements made in court, Ronnie Strawberry conspired with his sister and others to file false and fraudulent unemployment insurance claims under the Pandemic Unemployment Assistance program. Strawberry filed fraudulent claims in both California and Arizona using stolen identities. The scheme was sophisticated and used personal identifiable information — such as name, date of birth, and social security number — from more than 25 individuals to file online unemployment applications in Arizona and California.
“The defendant exploited a national crisis for personal gain,” said U.S. Attorney Timothy Courchaine. “He stole nearly $500,000 in pandemic relief funds that were meant to support struggling families and small businesses. This office will continue to investigate and prosecute those who stole from state and federal governments during the pandemic and intentionally depleted the public fisc for personal profit.”
“An important part of the mission of the U.S. Department of Labor, Office of Inspector General is to investigate allegations of fraud involving unemployment insurance (UI) programs. We will continue to work with our law enforcement partners to protect the integrity of the nation’s Unemployment Insurance system,” said Quentin Heiden, Special Agent-in-Charge, Western Region, U.S. Department of Labor, Office of Inspector General.
U.S. Department of Labor, Office of Inspector General (OIG), Arizona Department of Economic Security (DES) OIG, and Homeland Security, OIG conducted the investigation in this case. Assistant U.S. Attorney, Kevin M. Rapp, District of Arizona handled the prosecution.
CASE NUMBER: CR-24-00390- PHX-GMS RELEASE NUMBER: 2025-080_Strawberry
# # # For more information on the U.S. Attorney’s Office, District of Arizona, visit http://www.justice.gov/usao/az/ Follow the U.S. Attorney’s Office, District of Arizona, on Twitter @USAO_AZfor the latest news.
Source: United States Bureau of Alcohol Tobacco Firearms and Explosives (ATF)
SIOUX FALLS—United States Attorney Alison J. Ramsdell announced today that Judge Charles B. Kornmann has sentenced a Watertown, South Dakota, man convicted of Possession of a Firearm by a Prohibited Person. The sentencing took place on May 19, 2025.
Anthony Thomas Lee Baker, 43, was sentenced to 15 years and 8 months in federal prison, followed by 5 years of supervised release, and ordered to pay a $100 special assessment to the Federal Crime Victims Fund. Forfeiture of the firearm was also ordered.
Baker was indicted for Felon in Possession of a Firearm by a federal grand jury in May 2024. He pleaded guilty on September 30, 2024.
The charges arose from an incident when Baker, driving a vehicle, was stopped by law enforcement in Watertown, South Dakota. He was found to be in possession of a .45 caliber semi-automatic pistol. Baker is prohibited from possessing any firearm based on a prior felony conviction. More specifically, Baker has at least three prior violent felony convictions, including one for possession of another firearm following his conviction for a crime of violence in Ramsey County, Minnesota, in 2017.
This case was investigated by the ATF and the Watertown Police Department. Assistant U.S. Attorney Paige Petersen prosecuted the case.
Baker was immediately remanded to the custody of the U.S. Marshals Service.
This case is part of Project Safe Neighborhoods (PSN), a program bringing together all levels of law enforcement and the communities they serve to reduce violent crime and gun violence, and to make our neighborhoods safer for everyone. On May 26, 2021, the Department launched a violent crime reduction strategy strengthening PSN based on these core principles: fostering trust and legitimacy in our communities, supporting community-based organizations that help prevent violence from occurring in the first place, setting focused and strategic enforcement priorities, and measuring the results.
Source: United States House of Representatives – Congresswoman Sydney Kamlager California (37th District)
WASHINGTON, DC — In anticipation of Secretary of State Marco Rubio’s first appearance before the House Foreign Affairs Committee, Congresswoman Sydney Kamlager-Dove (D-CA) led 55 lawmakers in a bipartisan letter to Secretary Rubio inquiring about the State Department’s plans to ensure quick and secure visa processing for the expected influx of visitors coming to the U.S. for the 2026 FIFA World Cup, 2028 Olympic Games, and other major international sporting competitions. Reps. Young Kim (R-CA), Darin LaHood (R-IL), and Nikema Williams (D-GA) joined as co-leads.
Currently, six countries–Canada, Colombia, Honduras, India, Turkey, and UAE—have at least one U.S. diplomatic post with visa appointment wait times that extend beyond the start of the first FIFA26 game in the United States.
“The Olympics have the potential to bring up to 15 million visitors to the U.S. and produce an estimated $18 billion in economic impact. Over 5 billion viewers are projected to watch the FIFA World Cup, which could bring millions of visitors to the United States across 11 cities and generate an estimated $3.75 billion in economic revenue,” the lawmakers wrote.
They continued, “However, the success of these games hinges on the State Department’s ability to efficiently process the visa applications of spectators, athletes, and media, including providing adequate visa appointment availability and strategically offering visa interview waiver services where appropriate.
“To meet the moment, the State Department must not take a business-as-usual approach. Accommodating the anticipated surge in international visitation will require innovative solutions in the visa adjudication process that will allow us to maintain security safeguards while reducing unnecessary bureaucratic hurdles. It is critical to begin preparations now to demonstrate our nation’s ability to welcome the world,” the lawmakers concluded.
The letter also encouraged the Administration to update its current visa process to address visa processing challenges, including strategies to:
Develop a visa issuance process that maintains necessary security protocols while expediting processing for accredited individuals and entities participating in the games;
Ensure Consular Affairs is sufficiently resourced to support visa processing offices at overseas posts, disseminate information to Consular Affairs officers regarding games-related visa appointments, and handle the increased demand for visas well ahead of the games;
Establish protocols for visa issuance and entry from countries that are sanctioned or do not have U.S. consular offices, ensuring that all eligible athletes and support staff can participate in the games; and
Consider regulatory adjustments or other measures to reduce visa appointment wait times.
The full letter is HERE.
Reps. Sydney Kamlager-Dove, Young Kim, Darin LaHood, and Nikema Williams were joined by Reps. David Valadao, Bonnie Watson Coleman, Jonathan L. Jackson, Gilbert Ray Cisneros Jr., Sheila Cherfilus-McCormick, Aumua Amata Coleman, María Elvira Salazar, Henry C. “Hank” Johnson Jr., Pramila Jayapal, Jasmine Crockett, Kweisi Mfume, Ken Calvert, Josh Gottheimer, Nanette Diaz Barragán, Ted W. Lieu, Raja Krishnamoorthi, LaMonica McIver, Eric Swalwell, Frederica S. Wilson, Stephen F. Lynch, Nydia M. Velázquez, Emanuel Cleaver, Don Bacon, William R. Keating, Luz M. Rivas, Kevin Mullin, Dina Titus, Greg Stanton, Rick Larsen, Brendan F. Boyle, Tom Cole, Julia Brownley, Suzan K. DelBene, Michael T. McCaul, Michael V. Lawler, Robert Garcia, Mikie Sherrill, Emily Randall, Gabe Amo, Zoe Lofgren, Ami Bera, Suhas Subramanyam, Pete Aguilar, Dan Goldman, Sylvia R. Garcia, Julie Johnson, Nellie Pou, Derrick Van Orden, Kevin Kiley, Laura Friedman, and Jay Obernolte.
Source: United States Senator for Illinois Dick Durbin
May 21, 2025
WASHINGTON – U.S. Senate Democratic Whip Dick Durbin (D-IL), Ranking Member of the Senate Judiciary Committee, today delivered an opening statement during a Senate Judiciary Committee hearing on the nominations of Joseph Edlow, to be Director of United States Citizenship and Immigration Services (USCIS); Elliot Gaiser, to be Assistant Attorney General for the Office of Legal Counsel (OLC); John Squires, to be Under Secretary of Commerce for Intellectual Property and Director of the United States Patent and Trademark Office (USPTO); and Stanley Woodward, to be Associate Attorney General. Durbin’s opening statement focused on whether the nominees’ allegiance is to the President or to the rule of law.
Key Quotes:
“Earlier this year, I asked Justice Department nominees a simple question: may a public official defy a court order? Shockingly, the nominees, including the future Solicitor General John Sauer, refused to give an unequivocal answer. Just days ago, Mr. Sauer repeated this egregious error before the Supreme Court. During arguments in the case challenging the President’s illegal birthright citizenship executive order, Justice Barrett, …a Trump nominee, asked Mr. Sauer if the Administration would follow circuit court rulings. Mr. Sauer responded that the federal government’s policy is to ‘generally respect circuit precedent but not necessarily in every case.’ As our colleague Senator Kennedy said earlier this year, ‘don’t ever, ever, take the position that you’re not going to follow the order of a federal court. Ever.’”
“Mr. Gaiser has been nominated to lead the Office of Legal Counsel, which provides legal advice to the President and all executive branch agencies. I want to hear whether he believes that the policy of the federal government [should be] to ignore court rulings that don’t suit the President’s whims.”
“Beyond unlawfully attempting to end birthright citizenship, which is enshrined in the Constitution, the Administration has made it harder for legal immigrants to apply for citizenship and naturalize. This Administration has made it harder for Dreamers, who want to do the right thing. Now these were kids who were brought to the United States by their parents… They want to apply for programs like DACA so that they can receive work permits and continue to contribute to the American economy. I am disappointed to hear that Mr. Edlow, nominated to lead USCIS, opposes DACA, when even President Trump claims that he doesn’t want to deport Dreamers. Despite his personal opinions, I want to hear how Mr. Edlow will ensure that USCIS will promptly process DACA applications of eligible Dreamers.”
“In the name of carrying out Trump’s mass deportation agenda, Attorney General Bondi has made DOJ a shell of itself. Thousands of federal law enforcement agents have been diverted from preventing drug trafficking and violent crime to deporting immigrants who pose no threat to our safety. Mr. Woodward, nominated to be the number three official at the Justice Department, would oversee Justice Department grantmaking, the Civil Rights Division, and many other components that are now under attack.”
“The Justice Department, at the direction of DOGE, took their chainsaw to hundreds of millions of dollars in federal grants to support public safety and our police. Programs supporting violence reduction, victims’ services, child protection, and substance use and mental health treatment have been gutted… For nearly 70 years, under Republican and Democratic Administrations alike, the Civil Rights Division protected the civil and constitutional rights of all Americans. Once known as the ‘crown jewel’ of the Justice Department, it has now been reduced to litigating a narrow set of cases aligned with the MAGA agenda. This is anathema to how this Division has operated historically.”
“I want to hear from Mr. Woodward whether the Justice Department will continue to capitulate or if he will help restore the Justice Department to its intended function—to protect the safety and rights of all Americans.”
Video of Durbin’s opening statement is available here.
Audio of Durbin’s opening statement is available here.
Footage of Durbin’s opening statement is available here for TV Stations.
-30-
Source: United States Senator for New York Kirsten Gillibrand
Today, U.S. Senator Kirsten Gillibrand held a virtual press conference to discuss her Supporting Healthy Moms and Babies Act, bipartisan legislation that would require insurance companies to fully cover the costs associated with childbirth, including labor and delivery and prenatal, neonatal, perinatal, and postpartum care. Even with insurance, childbirth can cost families thousands of dollars, and expenses are even greater for women who have additional health complications during pregnancy, a high-deductible health plan, or gaps in their coverage. As a result, new mothers are twice as likely as other young women to have medical debt.
The Supporting Healthy Moms and Babies Act would require that costs associated with birth be categorized as essential health benefits (EHB) and would remove the relevant services from insurance cost-sharing.
Senators Cindy Hyde-Smith (R-MS), Tim Kaine (D-VA), and Josh Hawley (R-MO) cosponsor this legislation.
“The costs associated with having a baby can be astronomical, and we should be doing everything we can to lower them,”said Senator Gillibrand.“The fear of an enormous bill leads some women to delay seeking prenatal or postpartum care, or to avoid it entirely, which creates worse outcomes for both women and their babies. That is unacceptable. I am proud to be introducing this bipartisan legislation to require insurance companies to fully cover care throughout pregnancy and a year postpartum. I look forward to working with my colleagues across the aisle to get this bill passed.”
The Supporting Healthy Moms and Babies Act would eliminate cost-sharing for a variety of services, including:
Ultrasounds
Delivery services, including anesthesiology, fetal monitoring, consultations with specialists, and services relating to postpartum health
Comprehensive postpartum care for physical and mental health conditions caused or exacerbated by pregnancy, such as diabetes, hypertension, obesity, and postpartum depression and anxiety
Mental health care and treatment for substance use disorder related to new parenthood for adoptive parents
Care for miscarriages
The bill is expected to cause only a minor increase of $30 annually per enrollee in average premiums. Any rise in premiums due to covering out-of-pocket pregnancy costs will be likely less than annual inflation in premiums.
The Supporting Healthy Moms and Babies Act is supported by medical providers and pro-family advocates, including the American College of Obstetrics and Gynecology, American Medical Association, American Hospital Association, American Society for Reproductive Medicine, Association of Women’s Health, Obstetrics and Neonatal Nurses, Association of Maternal and Child Health Programs, Catholic Health Association, March of Dimes, American Principles Project, Concerned Women for America, and the Jesuit Conference Office of Justice and Ecology.
The full text of the legislation is available here.
Source: United States Senator Alex Padilla (D-Calif.)
WASHINGTON, D.C. — U.S. Senators Alex Padilla, Ranking Member of the Senate Judiciary Immigration Subcommittee, and Adam Schiff (both D-Calif.) blasted the Trump Administration’s recent harmful revocations of international student visas, including on ideological grounds, underscoring the lack of due process regarding these revocations and the chilling effect of these actions in suppressing freedom of thought and expression. In their letter to Secretary of State Marco Rubio and Department of Homeland Security (DHS) Secretary Kristi Noem, the Senators condemn the revocation of hundreds of California student visas and Immigration and Customs Enforcement’s (ICE) termination of several hundred California students’ Student and Exchange Visitor Information System (SEVIS) records.
The Senators called on the State Department to immediately stop their “Catch and Revoke” AI-powered initiative, an effort to monitor millions of social media accounts of student visa holders and green card holders to gather evidence of alleged terrorist sympathies. The technology is reportedly being used to monitor international students’ speech through SEVIS and other publicly available resources, leading to the revocation of student visas or green cards for students exercising peaceful expression, without due process. This step to surveil international students’ activity is an unprecedented leap toward stifling students’ First Amendment rights and their freedom of speech. The Senators pushed for restoring revoked visas and full transparency.
While the Department of Justice has reversed the termination of students’ SEVIS records, the student visa revocations under Catch and Revoke remain ongoing and are instilling fear and uncertainty among international students at colleges and universities in California and across the country.
“These visa revocations and record terminations constitute unprecedented and unconstitutional attacks on freedom of thought and expression that impact international and U.S. citizen students alike at our nation’s colleges and universities,” wrote the Senators. “While we welcome the news that the Administration has taken steps to rectify the SEVIS record terminations, these actions taken all together still call into question our nation’s bedrock commitment to freedom of expression. We urge the State Department and DHS to suspend the ‘Catch and Revoke’ initiative, which continues to cause uncertainty, erode due process, and chill free speech and expression among students.”
“The actions taken as part of the ‘Catch and Revoke’ initiative suggest a troubling pattern of misusing immigration enforcement to suppress dissent, intimidate politically active students, and chill Constitutionally protected expression,” continued the Senators. “Without transparency or independent oversight, the risk of abuse continues to grow. In fact, USCIS is now openly targeting speech by noncitizens with other immigration statuses, not just students.”
The Senators detailed a series of other alarming incidents targeting international students, as ICE has detained students on university campuses, at ports of entry, and in their own homes, often without notice or time to contact an attorney. Many of these cruel arrests were based on limited information within these students’ visa applications and violate the right to due process.
“Reports indicate that ICE has arrested students based on vague or previously disclosed information in their visa applications — such as social media posts, protest participation, or lawful political associations — as justification for their detention,” added the Senators. “If true, these practices represent not just an overreach of immigration authority but a violation of students’ First Amendment rights. These processes do not appear to be conducted with consideration for students’ due process and require immediate remediation.”
Padilla and Schiff highlighted the immense contributions international students make to colleges and universities in California and nationwide. California’s more than 140,000 international students contribute roughly $6.4 billion to the U.S. economy and support about 55,114 jobs. These students also strengthen and help the United States secure its global leadership in science, technology, and research; protect U.S. national security interests; and promote innovation.
The Senators emphasized the critical role California’s higher education system plays in powering the U.S. economy and warned that the attacks on the state’s international students jeopardize the country’s economic future.
“California’s higher education system is the largest in the nation and considered one of the best in the world, driving global economic mobility—and fueling California’s growth into the fourth largest economy in the world,” wrote the Senators. “These institutions serve as beacons of opportunity and economic potential that transform the lives of hundreds of thousands of students in providing a better life for themselves, their families, and future generations. However, this Administration’s attacks on institutions of higher education and international students, who add immense value to our universities, puts our nation’s economic future at risk.”
Last month, Senators Padilla and Schiff joined 34 Democrats in pressing the Trump Administration to reconsider recent decisions to revoke student visas. In 2021, Padilla led a group of 23 Senators in calling on the State Department to address the backlog of visas for international students. Padilla also chaired a hearing entitled “Strengthening our Workforce and Economy through Higher Education and Immigration” in 2022, highlighting the challenges undocumented students and international students face in seeking higher education and obtaining jobs in the United States.
Full text of the letter is available here and below:
Dear Secretary Rubio and Secretary Noem:
We write to express our increasing concern about actions targeting international students by the State Department and by Immigration and Customs Enforcement (ICE). Starting earlier this year, the State Department began revoking hundreds of student visas including on apparent ideological grounds, revoking roughly a hundred visas in California alone. These revocations have been conducted by the State Department through its AI-enabled “Catch and Revoke” initiative, instructing affected students to leave the country voluntarily or risk facing deportation proceedings. At the same time, ICE began terminating Student and Exchange Visitor Information System (SEVIS) records for thousands of students—leaving them uncertain about their ability to continue their studies. This includes at least two hundred students in California.
These visa revocations and record terminations constitute unprecedented and unconstitutional attacks on freedom of thought and expression that impact international and U.S. citizen students alike at our nation’s colleges and universities. While we welcome the news that the Administration has taken steps to rectify the SEVIS record terminations, these actions taken all together still call into question our nation’s bedrock commitment to freedom of expression. We urge the State Department and DHS to suspend the “Catch and Revoke” initiative, which continues to cause uncertainty, erode due process, and chill free speech and expression among students.
Colleges and universities across the U.S. have long benefitted from the enrollment and participation of international students, who contribute immensely to academic, scientific, and cultural life at schools all around the country. This should not be a partisan issue—there are over 1.1 million international students all over the country, across many states, and the District of Columbia. California enrolls more than 140,850 international students who contribute approximately $6.4 billion to our economy, supporting around 55,114 jobs. Nationally, over 1.12 million international students contribute roughly $43.8 billion to the U.S. economy and support over 370,000 jobs. They also strengthen our national security by fostering global partnerships, cross-cultural understanding, and long-term diplomatic ties with future world leaders educated in the U.S. By attracting top talent from around the globe, we bolster our workforce, drive innovation, and better position ourselves to maintain our competitive edge in science, technology, and research.
In addition to the State Department visa revocations, multiple alarming incidents have surfaced in recent months involving international students detained by immigration enforcement at university campuses, ports of entry, and even in their homes. In a significant departure from normal practice, these students were, in many cases, not provided prior notice and given no time to contact an attorney, leaving many with few options to defend their nonimmigrant status and their ability to continue studying in the United States. Reports indicate that ICE has arrested students based on vague or previously disclosed information in their visa applications—such as social media posts, protest participation, or lawful political associations—as justification for their detention. If true, these practices represent not just an overreach of immigration authority but a violation of students’ First Amendment rights. These processes do not appear to be conducted with consideration for students’ due process and require immediate remediation.
The actions taken as part of the “Catch and Revoke” initiative suggest a troubling pattern of misusing immigration enforcement to suppress dissent, intimidate politically active students, and chill Constitutionally protected expression. Without transparency or independent oversight, the risk of abuse continues to grow. In fact, USCIS is now openly targeting speech by noncitizens with other immigration statuses, not just students.
California’s higher education system is the largest in the nation and considered one of the best in the world, driving global economic mobility—and fueling California’s growth into the fourth largest economy in the world. These institutions serve as beacons of opportunity and economic potential that transform the lives of hundreds of thousands of students in providing a better life for themselves, their families, and future generations. However, this Administration’s attacks on institutions of higher education and international students, who add immense value to our universities, puts our nation’s economic future at risk.
We urge your agencies to take immediate corrective action by suspending the Catch and Revoke initiative, restoring revoked visas, and providing full transparency to ensure that our immigration system is not misused to police speech at our colleges and universities and maintain beneficial international exchange at universities. We look forward to your prompt response.
Sincerely,
This weekend marked the national day of Norway, Syttende Mai. I have previously written about the celebrations connected to the national day, including the rules pertaining to the national (Bunad) dresses. Today, I describe the patent act that was in force when the Scandinavian Cheese Slicer (Ostehøvel) first got patented in 1925, 100 years ago this year.
In 1925, the 1910 Patent Act (Lov om patenter (LOV-1910-07-02-4) was in force. The law can be located either in the Norsk Lovtidende Avd. 1 for the year 1910 or in the Almindelig Norsk Lovsamling. The amendments made in 1920 can be found in Norsk Lovtidende Avd. 1 1920. (Lov om midlertidig tillegg til lovene om patenter av 16. juni 1885 og 2. juli 1910 (LOV-1920-07-16-9).)
Section 1 of the 1910 Patent Act provides that:
A patent protects, in accordance with this law, new inventions, which can be utilized in industry.
However, the following are excluded:
a) Inventions, the exercise of which would be contrary to law, morality or public order;
b) Inventions, the object of which is a nutritional, recreational or medicinal product or a chemical compound; however, a patent may be granted on the special manufacturing process.
In order to obtain a patent for an invention, a patent claim must be submitted to the Styret for det Industrielle Retsvern [literally Board of Industrial Legal Protection] in accordance with the provisions of this Act. (Chapter 1§1 Lov om Patenter. Translation by author.)
The law provided protection against the production and use of a patented product (§ 4) but also allowed for the use by the public, subject to compensation. (§ 8.) A patent holder that had not started production of a product within three years was required to allow others to produce the patented product. (§ 9.)
The Ostehøvel
Thor Bjørklund applied for a patent for his cheese slicer (ostehøvel) after being inspired by the plane (høvel) he used in his woodshop, as a better way to cut the cheese economically. The slicer was specialized to cut cheese thin and straight. The cheese slicer was introduced at a time in Norway when the population was poorer than today and cheese needed to last longer. A video on how to use it can be viewed here. A memorial book was published in 2000, Skjær pent av osten, (literally “carefully cut off the cheese”) inspired by a 1971 interview with Thor Bjørklund.
The patent was published in the Norsk tidende for det industrielle retsvern (1926) in no. 48, p. 234. The patent entered into force on February 27, 1925.
Patent application number 43377. Screenshot of Norsk Tidende for Det Industrielle Retsvern, p. 234, made available by the National Library of Norway (Nasjonalbiblioteket) at https://www.nb.no/items/bad74105002005ed8d2f8a1e8645c01a?page=7
The patent itself is also made available at Stiftelsen Lillehammer Museum with both the 1925 patent announcement and patent text. An additional patent for changes to the cheese slicer was awarded in 1928.
The 1925 patent text specifically describes the invention in relation to a planer as:
“This invention relates to a knife for cutting cheese etc. of the type that acts like a planer, where the cutting edge is formed by cutting out and bending down a platform-shaped part or is characterized mainly in that the portions of the plate-shaped part that are located at both ends are cut, are elastic and flexible so that the cheese, even if the angle of the blade in relation to the cheese surface changes during cutting.
A characteristic feature of the invention further consists in that the thickness of the cheese slice is regulated in a manner known during cutting by bending the plate-shaped part.” (Translation by author.)
The ostehøvel has become one of the most loved Norwegian inventions.
Norwegian Patent Law Today
Today, Norway regulates patent law in Lov om patenter (patentloven)(LOV-1967-12-15-9) (the Patent Act). An unofficial English translation of the Patent Act is published on the Norwegian Industrial Property Office website. Norway is a party to the Paris Convention for the Protection of Industrial Property (1885), the Patent Cooperation Treaty (PTC)(1980), and the Budapest Treaty on the International Recognition of the Deposit of Microorganisms for the Purposes of Patent Procedure (1977). Norway has ratified the European Patent Convention (EPC) and is a member of the European Patent Office (EPO).
Today, a patent application can be made by presenting an application to the Norwegian Industrial Property Office and paying the applicable fee. Applications can be made as an EPC application or a Norwegian application. If the patent is awarded, there is an annual fee to maintain the patent.
Examples of Law Library holdings related to Norwegian Patent Law:
Additional Law Library of Congress Online Resources onNorwegianLaw:
Subscribe to In Custodia Legis – it’s free! – to receive interesting posts drawn from the Law Library of Congress’s vast collections and our staff’s expertise in U.S., foreign, and international law.
The comprehensive approach to the CAP Initiative also includes up to $150 million to transform cultural experiences in and around Albany’s Downtown, such as renovating the New York State Museum and upgrading the exhibits to be more inviting to Albany families and tourists alike. It also includes funding to invest in improvements at the Empire State Plaza to strengthen connections with the surrounding community and make the space a vibrant and inviting part of the fabric of downtown Albany.
Additionally, Governor Hochul has committed up to $40 million to advance plans to reimagine I-787 which would include reconnecting Albany and surrounding communities and enhancing access to the Hudson River waterfront. This summer, the New York State Department of Transportation (NYSDOT) will release a Planning and Environment Linkages (PEL) study on potential ways to reimagine I-787, a travel corridor in the Capital Region that provides high speed access to the City of Albany and other communities along the river, including Green Island, Watervliet and Menands. Building upon the work completed under the PEL study, up to $40 million will be utilized by NYSDOT to begin an Environmental Impact Statement, which will lay the groundwork for a future project along the I-787 corridor. The environmental review will examine ways to enhance waterfront access along the Hudson River for all users of the road, connect neighborhoods and key destinations in communities along the corridor, and address the infrastructure of I-787, the South Mall Expressway, the Dunn Memorial Bridge, and additional infrastructure along the study area.
Governor Hochul previously announced $19.5 million in State investments to improve public safety in Albany, which included a $1 million commitment to the City of Albany Police Department and $500,000 for the Albany County Sheriff’s Office. These investments reflect a record level of State funding for public safety in the City of Albany and Capital Region. These resources are delivered through a series of nation-leading programs supported by the Division of Criminal Justice Services (DCJS), including the Gun Involved Violence Elimination (GIVE) initiative, the Capital Region Crime Analysis Center, the SNUG Street Outreach and Social Work Program and Project RISE (Respond, Invest, Sustain and Empower). Working together, these efforts have helped reduce violence and improve community safety.
Albany is not only our great state’s capital city, it’s also a place I call home. This investment isn’t just about dollars and cents, it’s about jobs, innovation and a brighter future for our community.
Governor Kathy Hochul
Informed by input from local stakeholders and the community, the CAP Initiative will unfold through a comprehensive public engagement process to identify key opportunities to promote business development, bolster public safety, encourage housing, attract visitors and enhance affordability.
Empire State Development President, CEO and Commissioner Hope Knight said, “Since Governor Hochul first proposed the Championing Albany’s Potential initiative in her State of the State, ESD has been working to establish the foundation upon which this historic investment in our Capital City will build. Working together, we will utilize this generational funding to support transformational projects that reflect the needs of those who live, work and visit the city, and encourage even more people to experience and explore Downtown Albany.”
New York State Office of General Services Commissioner Jeanette Moy said, “The historic investment Governor Hochul is making through the Championing Albany’s Potential initiative will help revitalize our capital city. It will also strengthen the ties between state government and our neighbors living and working in the communities surrounding the Capitol and Empire State Plaza. CAP is a sustainable plan for long-term growth that will spur public-private partnerships, build a thriving city center, and create a vibrant downtown for residents and visitors alike.”
New York State Homes & Community Renewal Commissioner RuthAnne Visnauskas said, “Albany deserves a downtown that is a place people want to visit, live, work, connect, and celebrate. It’s a place rich with history that has been wounded by planning decisions that negatively impacted entire neighborhoods. This $400 million investment will directly boost the city’s potential as an attractive destination by unwinding past mistakes and disinvestment. We’ve made strides recently in Governor Hochul’s administration, investing in upgrading affordable housing and reclaiming vacant land and buildings for development. Now, through CAP, there’s real momentum to rebuild, replan holistically with community involvement and revive our beautiful Capital City for those who live and work here now and for those who will enjoy its future.”
New York State Department of Transportation Commissioner Marie Therese Dominguez said, “The Hudson River is one of the Capital Region’s greatest natural assets, and over the past few years the Department of Transportation has made key investments to reconnect residents and visitors with the waterfront, including projects like the Albany Skyway – a linear park; building the Empire State Trail and today, the Livingston Avenue Rail Bridge, which is currently in construction. The I-787 corridor is a vital piece in reimagining the City of Albany and its waterfront, which is why the Governor’s investment in the next stage of this project is so important. For a number of years now, the project team at NYSDOT has engaged with communities all along the Hudson River to gather ideas and feedback and most importantly, listen to local residents – the people who work and live here, on the future of this corridor. The funding for the next stage of this project – an Environmental Impact Statement – was included in this year’s budget and brings us one step closer to advancing from the ideation stage to the preliminary design and eventual construction phase, as we work to study the real potential this corridor offers for travel, recreation and tourism as well as economic growth throughout the Capital Region.”
New York State Division of Criminal Justice Services Commissioner Rossana Rosado said, “Through Governor Hochul’s unparalleled leadership on public safety, cities across New York State are receiving record resources to ensure safer and stronger communities. These investments and initiatives – spanning evidence-based policing strategies, crime analysis center support, community violence interventions, and neighborhood empowerment programs – help keep New Yorkers safe, ensure a fair and effective justice system, and build opportunities for young people and families. Here in the Capital Region, DCJS is proud to support dozens of our law enforcement and community-based partners as they continue to drive down gun violence and crime.”
State Senator Patricia Fahy said. “I’m incredibly proud that the core of our Capital Region and the 46th District, downtown Albany, will receive $400 million in transformative, once-in-a-generation funding. For years, I’ve engaged with our community to chart a new path forward for Albany that includes Reimagining I-787, making the State Museum a 21st Century destination-location, expanding the core of our Capital Region: downtown Albany, and so much more. That’s why I’m so proud this year’s budget includes $200 million for downtown revitalization, $150 million for upgrading the New York State Museum, $40 million for the next phase of the reimagining I-787 study, and $1 million for addressing public safety in our neighborhoods. Now, the hard work begins in earnest. I look forward to engaging our community, stakeholders, and residents as we move forward with this funding. Make no mistake: together, these initiatives will usher in a new day for the Capital Region, the impacts of which will be felt for years, if not generations to come—if we get it right. I want to thank my legislative colleagues and the Governor for recognizing the value of investing in our Capital City’s success, and for helping deliver this funding in this year’s state budget.”
Assemblymember John T. McDonald III, RPh said “This historic funding is incredible news for the City of Albany and the entire Capital Region. The revitalization of the New York State Museum, the reimagining of I-787, much-needed improvements to the Empire State Plaza and other investments are transformative projects that will enhance connectivity, celebrate our history, and create new opportunities for residents and visitors alike. These efforts reflect years of advocacy and collaboration, and I thank Governor Hochul for her continued commitment to supporting the City of Albany and strengthening the Capital Region as a whole.”
Assemblymember Gabriella A. Romero said, “These investments truly are an investment in Albany’s potential and in making it a city all New Yorkers can be proud to call our capital. Revitalizing downtown, strengthening small business, expanding affordable housing – these are all valuable steps to uplift Albany. I thank the Governor for her leadership in championing this historic investment and Championing Albany’s Potential.”
Embedded Flickr Album
Albany County Executive Daniel P. McCoy said, “Governor Hochul’s Championing Albany’s Potential (CAP) Initiative has the potential to be transformational. It’s a historic commitment to the heart of Albany County that will bring new housing, new business, and new life into downtown. A reimagined Albany is exactly what we need, and I’m proud to stand with the governor in this effort.”
Albany Mayor Kathy Sheehan said, “This $400 million investment is a testament to the hard work of the City of Albany over the last 12 years to be ready to write the next great chapter in the history of New York’s Capital City. The pandemic taught us that we need to reimagine our downtowns to get more feet on the street by creating more housing, supporting our small businesses, enhancing public safety, and attracting world-class amenities, and this transformative investment will do just that and more. To steal a phrase from President Biden, this is truly a ‘big effing deal.’ My sincere thanks and appreciation to Governor Hochul for seeing what we all see in the City of Albany: a city that’s full of pride and potential and ready to soar to even greater heights. I also want to thank Senator Fahy, Assemblymember Romero, and Assemblymember McDonald, as well as the entire State Legislature for making this critical investment in their home away from home.”
Advance Albany County Alliance CEO Kevin O’Connor said, “The Advance Albany County Alliance thanks Governor Hochul for her thoughtful leadership and timely commitment to revitalizing New York’s Capital City. The City of Albany is not only the front door of state government, it is the heartbeat of Upstate New York’s fastest-growing county and the springboard for the local economy. The Governor’s disciplined approach through the CAP Initiative will ensure that state funding achieves the greatest possible positive impact. Through this partnership, we will supercharge our placemaking efforts, improve public spaces, secure a safe and welcoming downtown environment, and stimulate the central corridor of the Capital Region.”
Capitalize Albany Corporation President Ashley Mohl said, “With Governor Hochul’s focus and support fueled by this historic more than $400 million investment, New York’s capital city stands on the brink of transformative growth. Our board and staff look forward to working with ESD and MIG alongside our many local and other state economic development partners to maximize this funding and seize this incredible opportunity. To build on the Governor’s CAP Initiative, Capitalize Albany is looking forward to advancing its planned solicitation for qualified development teams interested in acquisition and redevelopment of the Liberty Park site. Our RFP will engage the market directly with the aim to attract strong interest and a range of RFP responses. If you’re a developer or team with a project for the Liberty Park site, we welcome your response.”
Downtown Albany BID Executive Director Georgette Steffens said, “In my 25 years of doing economic development in Downtown Albany, this is the largest investment we’ve ever seen. On behalf of nearly 200 property owners and over 120 restaurants and retail-related businesses, I want to express my profound gratitude to Governor Hochul and the Legislature for their commitment to Albany. We are already seeing the effects of the CAP initiative, with a renewed wave of investment interest in Downtown Albany beginning to percolate. The future of our city’s core is incredibly bright thanks to the Governor’s investment, and I look forward to working together to make Downtown a stronger and more vibrant place to live, work, and experience.”
Source: The Conversation (Au and NZ) – By Milad Haghani, Associate Professor & Principal Fellow in Urban Risk & Resilience, The University of Melbourne
Now, SUVs and light commercial vehicles comprise almost 80% of the market. Four in five new vehicles sold in Australia today are an SUV, ute, van or light truck.
As larger vehicles become the new norm, they bring more road wear, urban congestion and demands on infrastructure such as parking.
It’s time to ask: should drivers of larger vehicles pay for the damage and disruption they cause, through higher registration charges? Generally, yes. Bigger cars mean bigger costs for everyone else. It’s only fair those costs are reflected in how we price their use of public roads.
Reasons for going big
There are several reasons for the shift to larger passenger vehicles in Australia. They include perceptions that bigger cars are safer and more prestigious, as well as lifestyle preferences.
A loophole in the luxury car tax also encourages car buyers to go big. The tax was introduced on imports in 2000 and this financial year applies to vehicles worth more than A$80,576.
Many utes and SUVs are exempt because they’re classified as light commercial vehicles. The exemption applies regardless of whether the car is used privately or for business.
Counting the costs on our roads
Larger vehicles – no matter how they are powered – generally impose bigger costs on society than smaller cars.
Large SUVs and utes (if powered by fossil fuels) have a far greater climate impact. On average, a small car emits 2,040 kilograms less carbon dioxide (CO₂) a year than a pickup truck.
But even big electric vehicles can cause climate harm. The substantial resources required to manufacture a large EV creates emissions, which may undermine the climate benefits electrification promises.
Large passenger vehicles also create health system costs. In road crashes, for example, they may better protect their occupants, but pose greater risks to others – especially pedestrians and those in smaller vehicles.
Bigger vehicles also need more space. Standards Australia has proposed making car-parking spaces larger to accommodate the trend to larger cars. Cities such as Paris have introduced higher parking fees for SUVs on these grounds.
In real-world terms, these differences add up. In the United States in 2011, the annual cost of light-duty trucks on congestion and lost productivity was estimated at more than US$2 billion.
Then there’s the cost of road wear. You might think heavier vehicles just wear roads a bit faster than smaller ones. But in reality, the relationship is far more dramatic.
Let’s compare a vehicle with an axle weight of 500 kg and a vehicle with an axle weight of 1,000 kg. The second vehicle doesn’t produce double the road damage – it produces 16 times the damage. This phenomenon is known as the “fourth power rule”.
Vehicle registration offers a way to recoup the societal costs caused by large vehicles.
Part of car registration fees go toward administration, but they also help governments pay for the broader cost of vehicles on public infrastructure and shared spaces.
In Australia, car registration systems vary widely between states. Not all reflect the impact of the vehicles on the road.
In Victoria, fees are based mostly on location – whether the car is registered in a metropolitan, outer-metro or rural area. In the Australian Capital Territory, fees are calculated on a vehicle’s emissions.
Queensland and Tasmania use the number of engine cylinders to set fees – a rough proxy for vehicle size, but not a precise one.
South Australia and the Northern Territory apply different models again, using a combination of settings not directly based on weight.
A fairer system
Larger vehicles take up more road space, contribute more to congestion, and cause exponentially more damage to road surfaces. These are exactly the kinds of impacts a vehicle registration system should help account for.
So, what would a truly equitable registration fee model look like? Based on the evidence, it would not only account for vehicle size and weight, but also how often the vehicle is driven. After all, a heavy car parked in a garage all year causes less impact than one on the road every day.
Several countries, including New Zealand, have adopted distance-based or road-use charging schemes for certain types of vehicles, which uses a combination of vehicle weight and distance travelled.
Milad Haghani does not work for, consult, own shares in or receive funding from any company or organisation that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.
As Australia’s prime minister, Anthony Albanese, said on election night:
We do not need to beg or borrow or copy from anywhere else. We do not need to seek our inspiration overseas. We find it right here in our values – and in our people.
Those values should guide a principled and evidence-based response to the global refugee crisis. This response should be grounded in fairness, humanity and respect for Australia’s international human rights obligations.
A principled reset
Australia is a signatory to the 1951 Refugee Convention, which defines a refugee as a person who has a well-founded fear of persecution based on:
race
religion
nationality
membership of a particular social group
political opinion.
However, aspects of Australia’s current approach to refugees have drawn criticism from the United Nations High Commissioner for Refugees, Filippo Grandi.
The new Labor government could use its strength in parliament to initiate a principled and evidence-based reset. This could include:
creating a new emergency visa for humanitarian crises to assist people fleeing conflict
making immigration detention an option that could be used at the discretion of the Department of Home Affairs, instead of being mandatory
giving people access to independent review of their detention
improving systems for LGBTQ+ asylum seekers (many of whom face heightened risks, are not always believed about their sexuality, and lack culturally sensitive support).
There are four key areas in particular need of reform.
1. Ending the legal limbo
A crucial priority is resolving the status of some 7,000 people who are part of what’s known as the “legacy caseload”.
These people were refused refugee status under a problematic and now-defunct process known as the “fast track assessment”. They are now on bridging visas and in legal limbo.
A solution is also needed for the roughly 1,000 people who were detained in offshore processing centres in Manus Island and Nauru but are now living in Australia. They are also on bridging visas, also in a state of legal uncertainty.
One option is to allow people in both groups who were previously refused protection to apply for a permanent visa without requiring yet another drawn-out assessment of their protection claims.
Community organisations, legal experts and mental health professionals could help the government develop clear, trauma-informed and evidence-based processes for reviewing their cases.
2. Expanding the numbers
Australia’s main way of accepting refugees is via what’s known as the humanitarian program. But the number of refugees accepted under this program doesn’t currently reflect the scale of global displacement.
Labor has proposed expanding the number of refugees Australia takes.
It has suggested Australia take 27,000 through the core Refugee and Humanitarian Program and an additional 10,000 through two pathways:
It’s also worth noting current policy prohibits asylum seekers registered with the United Nations High Commissioner for Refugees in Indonesia after June 2014 from being resettled to Australia.
The new government could also consider lifting this arbitrary restriction to give these vulnerable refugees access to durable solutions.
3. Strengthening the rights of children and young people
Immigration systems are largely designed around adults. Children and young people are too often overlooked.
Children (including those born in Australia) can’t sponsor their parents via family sponsorship processes. They’re denied a say in decisions that deeply affect their lives.
The Migration Act should be amended to require that all decisions affecting children give primary consideration to the best interests and views of the child. This would be in line with Australia’s obligations under the UN Convention on the Rights of the Child.
Similar principles are already embedded in Australian family law and child protection policy, providing a clear model for reform.
4. Reviewing Australia’s boat turnback policy
Since 2013, Australia has intercepted boats under Operation Sovereign Borders, using turnbacks and takebacks with little independent oversight.
The United Nations High Commissioner for Refugees has raised concerns about this policy.
Sometimes during these interactions Australian officials detain and interview people on boats about their reason for trying to enter Australia, but details about what happens during such encounters are kept largely secret. Most of these encounters end with the boat and people on it being returned to the country from which they came.
A recent document published by the Commonwealth Ombudsman reported on conditions aboard vessels used for maritime detention.
It found serious problems, including no private spaces for sensitive interviews and no interpreters on board.
The Department of Home Affairs responded by saying formal interviews use accredited interpreters. However, the report highlights many crucial interactions do not.
There is also no time limit on detention at sea, and no independent monitoring of how protection claims are assessed.
Mary Anne Kenny is a member of the Migration Institute of Australia and the Law Council of Australia and an affiliate of the UNSW Kaldor Centre for International Refugee Law. She was on the Ministerial Council on Asylum Seekers and Detention (an independent advisory body) between 2012 and 2018.
Crime and public safety are usually the domain of state politics. But the Coalition tried to elevate them as key issues for voters in the recent federal election.
Claiming crime had been “allowed to fester” under Labor, the opposition promised a A$750 million Operation Safer Communities plan, which included police strike teams targeting drugs, a national child sex offender register, and more money for Neighbourhood Watch.
A Coalition government would also have given grants to community groups to install public lighting, bollards and CCTV cameras.
But in the end, crime did not appear to be a deciding factor in the election, which was easily won by Labor.
What does that tell us about leveraging public fear – either existing crime fears and general anxieties, or latent concerns that can be triggered – for political gain in Australia? Can it be a successful strategy?
Stoking anxiety
In culturally diverse countries, such as Australia and the United States, law and order rhetoric sometimes calls for supporting aggressive crime policies at the expense of racial and ethnic minorities, many of whom are immigrants.
These policies can be effective in stoking public fear to win votes. US President Donald Trump’s exhortations on immigration and crime were a significant part of his election campaigns in 2016 and 2024.
However, what experts call “protective factors”, such as strong communities and social cohesion, are important. They can reduce the influence of political narratives that try to define crime in narrowly punitive or racialised terms.
Australia is not America
Our peer-reviewed research, which will be published in the Journal of Criminology, investigated how public concerns about crime and safety in Australia and the US were associated with demographic factors that evolved over time. The study drew on data from the World Values Survey and indicated key differences in what makes Australians and Americans feel unsafe.
We have found that in Australia in 2018, supporters of left-leaning parties (Labor/Green) reported feeling significantly safer than other voters. However, this gap disappeared when researchers took into account attitudes that blame crime problems on immigrants. This suggests immigrant-blaming in Australia can drive feelings of community fear and insecurity.
The World Values Survey uncovered a different pattern in the US.
Between 2011 and 2017, Republican voters reported feeling safer than other Americans – the opposite of Australia’s trend. The political divide in the US couldn’t be explained by immigrant-blaming attitudes. Rather, it was attributed to the “self-isolation” of American conservatives in more culturally homogeneous communities.
Our study indicated that while immigration continued to influence safety perceptions in the US, it appeared to operate through different mechanisms than in Australia. Racial and ethnic minorities reported greater fear as the 2010s unfolded.
Social connectedness also plays differently in each country. In Australia, trust in others and confidence in public institutions consistently influences safety perceptions. In the US, these factors have little impact.
Social scientists have observed that in modern societies, responsibility for personal safety has increasingly shifted from the government to individuals. This trend is strong in the US, where market-focused, neoliberal economic and social policies dominate policies.
By contrast, European research suggests stronger social welfare systems can reduce safety concerns by addressing underlying economic anxieties. Australia’s more robust social support appears to foster greater feelings of safety.
Our research indicates social cohesion further helps reduce fear.
Crime fears are not a vote winner
Electoral strategies that seek to leverage public insecurities need to be understood in the context of these fear-mitigating factors. Media diversity can also counter fear-based messaging.
In the 2018 Victorian election, crime became a prominent political issue through racialised commentary targeting “African gangs”. However, it failed to gain decisive political traction.
Research found fear of crime was relatively rare in Victoria. Media reports of crime and comments by political leaders were distant from their own experiences
With more diverse news sources and online platforms, political actors can no longer promote narratives unopposed. Fear-based messaging can backfire, especially when it overreaches.
Outdated strategy
Perceptions of crime are often shaped by a combination of actual crime rates and broader anxieties about social change, cultural difference, and uncertainty. This is frequently expressed as unease about the increasing presence of culturally diverse groups.
While the coalition’s pivot to law-and-order rhetoric represented a familiar strategy, Labor positioned itself as the party of unity. This was underscored by Foreign Minister Penny Wong’s declaration after Labor won the election, in which she acknowledged
[…] the power in our 26 million people from more than 300 ancestries […] from the oldest continuing civilisation on the planet and I acknowledge the traditional owners. Friends, we love this country.
Foreign Minister Penny Wong on election night.
While harnessing fears of crime and cultural diversity was not effective in this election cycle, this is not the end of law and order politics. But the unique characteristics of this election appear to have rendered the formula less potent.
Trump’s threat to democracy and the constitutional rule of law in the US may have fostered a sense of solidarity and social cohesion among Australian voters. Our research suggests this helped to mitigate fears about crime.
The temptation to capitalise on law and order may continue to appeal to politicians. But in Australia, at least, there is no guarantee it will work.
The authors do not work for, consult, own shares in or receive funding from any company or organisation that would benefit from this article, and have disclosed no relevant affiliations beyond their academic appointment.
Source: United States Senator for Delaware Christopher Coons
WASHINGTON – U.S. Senators Chris Coons (D-Del.) and John Cornyn (R-Texas), co-chairs of the bipartisan Senate Law Enforcement Caucus, celebrated the caucus’ new members for the 119th Congress during National Police Week, which started on May 11 and ended May 17.
Senator Coons and Cornyn welcome U.S. Senators Ruben Gallego (D-Ariz.), Jim Justice (R-W.Va.), and Dave McCormick (R-Pa.).
Senator Coons launched the Senate Law Enforcement Caucus over a decade ago with former Senator Roy Blunt (R-Mo.). Since then, the caucus has held briefings on policing issues like recruitment and retention, emerging threats such as generative AI’s impact on children, and best practices shared by law enforcement officials working on the ground.
The caucus is more committed than ever to supporting law enforcement, protecting families, and strengthening communities across the country.
A full member list can be found on the Senate Law Enforcement website and below:
U.S. Senators Chris Coons (D-Del.), John Cornyn (R-Texas), Richard Blumenthal (D-Conn.), John Boozman (R-Ark.), Ted Budd (R-N.C.), Catherine Cortez Masto (D-Nev.), Dick Durbin (D-Ill.), Ruben Gallego (D-Ariz.), Lindsey Graham (R-S.C.), Mazie Hirono (D-Hawaii), John Hoeven (R-N.D.), Cindy Hyde-Smith (R-Miss.), Jim Justice (R-W.Va.), Amy Klobuchar (D-Minn.), Roger Marshall (R-Kan.), Dave McCormick (R-Pa.), Jeff Merkley (D-Ore.), Jerry Moran (R-Kan.), Lisa Murkowski (R-Alaska), Chris Murphy (D-Conn.), Gary Peters (D-Mich.), Mike Rounds (R-S.D.), Chuck Schumer (D-N.Y.), and Thom Tillis (R-N.C.).
During the action day, authorities in both countries seized assets worth at least several millions euros, including apartments and companies, as well as various luxury vehicles. . Large amounts of cash and quantities of cocaine and heroin were also seized. A full and complete evaluation of the seizures will be carried out in the coming days.
No complete estimate of the total profits of the cooperation between the three OCGs is available. However, information obtained through the JIT shows that the criminal networks were involved in payments, often in cash, of close to EUR 5 million and the trafficking of at least 1 800 kilos of cocaine and heroin.
Investigations into the linked criminal organisations were initiated in 2016 by the Public Prosecutor’s Office of Bari and the Special Anti-Corruption and Organised Crime Prosecutor’s Office of Tirana and the Albanian Police. On the Albanian side, one OCG, which operated from Durres, was responsible for the transport and wholesale distribution of large quantities of cocaine, heroin and cannabis trafficked between the Balkans, Northern Europe, South America and Puglia in Italy.
Two Italian-led criminal gangs carried out the cutting and packaging of illicit drugs and supplied cocaine and heroin from Latin America and Turkey to local gangs in organisations in Bari, Brindisi and Lecce.
The arrests in Italy and Albania are the result of a long-term collaboration through the JIT. This involved the use of wiretaps, intensive video surveillance, the monitoring of suspects and the analysis of encrypted chats. These chats were decrypted following intensive cooperation through Eurojust.
Since 2020, Eurojust has supported the authorities in Italy and Albania with the JIT. Furthermore, the Agency provided assistance with the execution of requests for Mutual Legal Assistance during the action day and gave cross-border judicial support. Albania is one of the twelve countries outside the European Union with a Liaison Prosecutor at Eurojust. The investigations were also coordinated and supported by the office of the dedicated security expert at the Italian Embassy in Tirana.
The judicial cooperation between Italy and Albania has already proven effective in recent years. Between 2018 and 2021, the Anti-Mafia Investigation Directorate of Bari issued and executed 118 arrest warrants against alleged drug traffickers operating in both countries. As a result, various defendants were sentenced up to 20 years imprisonment.
This week’s operation was carried out at the request of and by the following authorities:
Italy: Public Prosecutor’s Office Bari – District Anti-Mafia Directorate; Anti-Mafia Investigation Directorate Bari, under the coordination of the National Anti-Mafia and Anti-Terrorism Directorate Rome, with support of the Office of the Security Expert at the Italian Embassy in Tirana
Albania: Special Anti-Corruption and Organised Crime Prosecutor’s Office (SPAK) of Tirana; Albanian Police
Source: United States Bureau of Alcohol Tobacco Firearms and Explosives (ATF)
RICHMOND, Va. – A Richmond man was sentenced today to five years in prison for possession of a firearm by a convicted felon.
According to court documents, on March 16, 2023, Richmond Police detectives performed a traffic stop on a vehicle with no front license plate. James Marvin Smith, 43, was driving the vehicle. While speaking with Smith and a passenger, the detectives observed a crumpled lottery ticket near the cupholders and noticed that the passenger had white powder on his nose. The detectives asked Smith and the passenger to get out of the car.
While searching the vehicle for drug evidence, a detective found a firearm and a detached extended magazine. The firearm had one round of ammunition in the chamber and the magazine was loaded with 21 rounds of ammunition.
Prior to his arrest, Smith had been convicted of, among other crimes, possession of heroin, obstruction of justice, resisting arrest with force, possession of cocaine, breaking and entering, using a firearm in the commission of a felony, robbery, unlawful wounding, illegal possession of a firearm, assault and battery, possession of a firearm by a convicted violent felon, and grand larceny. As a previously convicted felon, Smith cannot legally possess a firearm or ammunition.
Erik S. Siebert, U.S. Attorney for the Eastern District of Virginia; Anthony A. Spotswood, Special Agent in Charge of the Bureau of Alcohol, Tobacco, Firearms and Explosives Washington Field Division; Rick Edwards, Chief of Richmond Police; and Colette Wallace McEachin, Commonwealth’s Attorney for the City of Richmond, made the announcement after sentencing by Senior U.S. District Judge John A. Gibney Jr.
Special Assistant U.S. Attorney Katherine E. Groover, an Assistant Commonwealth’s Attorney with the Richmond Commonwealth’s Attorney Office, prosecuted the case.
This case is part of Project Safe Neighborhoods (PSN), a program bringing together all levels of law enforcement and the communities they serve to reduce violent crime and gun violence, and to make our neighborhoods safer for everyone. On May 26, 2021, the Department launched a violent crime reduction strategy strengthening PSN based on these core principles: fostering trust and legitimacy in our communities, supporting community-based organizations that help prevent violence from occurring in the first place, setting focused and strategic enforcement priorities, and measuring the results.
A copy of this press release is located on the website of the U.S. Attorney’s Office for the Eastern District of Virginia. Related court documents and information are located on the website of the District Court for the Eastern District of Virginia or on PACER by searching for Case No. 3:24-cr-23.
Source: United States Bureau of Alcohol Tobacco Firearms and Explosives (ATF)
Jacksonville, Florida – U.S. District Judge Harvey Schlesinger has sentenced Alton Wayne Cope, III (64, St. Augustine) to four years and three months in federal prison for possessing a firearm as a convicted felon and conspiring to deal firearms without a license. Cope entered a guilty plea in October 2024.
According to court documents, agents began investigating Cope and a co-conspirator when agents learned that Cope may have been illegally selling firearms. During the summer of 2024, agents conducted multiple controlled purchase operations during which they purchased 11 firearms from Cope and a co-conspirator. Throughout the investigation, agents learned that Braden Hobbs was the original purchaser of multiple firearms purchased from Cope and a co-conspirator. Cellphone records later showed that the co-conspirator regularly purchased firearms from Hobbs. Additionally, at least two of the firearms sold by Cope and a co-conspirator had previously been reported stolen. In August 2024, agents executed a federal search warrant at Cope’s residence. During the search, agents found an additional firearm in his bedroom.
Although he engaged in the business of dealing firearms, Cope is not a federally licensed firearms dealer, as required by federal law. Additionally, Cope was previously convicted of multiple felonies, including two counts of possession of cocaine and possession of a firearm by a convicted felon. Therefore, he is prohibited from possessing firearms or ammunition under federal law.
In related court proceedings, co-conspirator Braden Hobbs has been charged by indictment and is scheduled for trial later this year. If convicted, Hobbs faces a minimum sentence of 5 years, up to 95 years, in federal prison. An indictment is merely a formal charge that a defendant has committed one or more violations of federal criminal law, and every defendant is presumed innocent unless, and until, proven guilty.
This case was investigated by the Bureau of Alcohol, Tobacco, Firearms and Explosives, the Internal Revenue Service – Criminal Investigation, the United States Secret Service, the North Florida HIDTA Tri-County Narcotics Task Force with the Florida Department of Law Enforcement, the St. Johns County Sheriff’s Office, and the Jacksonville Sheriff’s Office. It is being prosecuted by Assistant United States Attorney Elisibeth Adams.
This case is part of Project Safe Neighborhoods (PSN), a program bringing together all levels of law enforcement and the communities they serve to reduce violent crime and gun violence, and to make our neighborhoods safer for everyone. On May 26, 2021, the Department launched a violent crime reduction strategy strengthening PSN based on these core principles: fostering trust and legitimacy in our communities, supporting community-based organizations that help prevent violence from occurring in the first place, setting focused and strategic enforcement priorities, and measuring the results.
News In Brief – Source: US Computer Emergency Readiness Team
Executive Summary
This joint cybersecurity advisory (CSA) highlights a Russian state-sponsored cyber campaign targeting Western logistics entities and technology companies. This includes those involved in the coordination, transport, and delivery of foreign assistance to Ukraine. Since 2022, Western logistics entities and IT companies have faced an elevated risk of targeting by the Russian General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (85th GTsSS), military unit 26165—tracked in the cybersecurity community under several names (see “Cybersecurity Industry Tracking”). The actors’ cyber espionage-oriented campaign, targeting technology companies and logistics entities, uses a mix of previously disclosed tactics, techniques, and procedures (TTPs). The authoring agencies expect similar targeting and TTP use to continue.
Executives and network defenders at logistics entities and technology companies should recognize the elevated threat of unit 26165 targeting, increase monitoring and threat hunting for known TTPs and indicators of compromise (IOCs), and posture network defenses with a presumption of targeting.
This cyber espionage-oriented campaign targeting logistics entities and technology companies uses a mix of previously disclosed TTPs and is likely connected to these actors’ wide scale targeting of IP cameras in Ukraine and bordering NATO nations.
The following authors and co-sealers are releasing this CSA:
United States National Security Agency (NSA)
United States Federal Bureau of Investigation (FBI)
United Kingdom National Cyber Security Centre (NCSC-UK)
Germany Federal Intelligence Service (BND) Bundesnachrichtendienst
Germany Federal Office for Information Security (BSI) Bundesamt für Sicherheit in der Informationstechnik
Germany Federal Office for the Protection of the Constitution (BfV) Bundesamt für Verfassungsschutz
Czech Republic Military Intelligence (VZ) Vojenské zpravodajství
Czech Republic National Cyber and Information Security Agency (NÚKIB) Národní úřad pro kybernetickou a informační bezpečnost
Czech Republic Security Information Service (BIS) Bezpečnostní informační služba
Poland Internal Security Agency (ABW) Agencja Bezpieczeństwa Wewnętrznego
Poland Military Counterintelligence Service (SKW) Służba Kontrwywiadu Wojskowego
United States Cybersecurity and Infrastructure Security Agency (CISA)
United States Department of Defense Cyber Crime Center (DC3)
United States Cyber Command (USCYBERCOM)
Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC)
Canadian Centre for Cyber Security (CCCS)
Danish Defence Intelligence Service (DDIS) Forsvarets Efterretningstjeneste
Estonian Foreign Intelligence Service (EFIS) Välisluureamet
Estonian National Cyber Security Centre (NCSC-EE) Küberturvalisuse keskus
French Cybersecurity Agency (ANSSI) Agence nationale de la sécurité des systèmes d’information
Netherlands Defence Intelligence and Security Service (MIVD) Militaire Inlichtingen- en Veiligheidsdienst
Download the PDF version of this report:
Russian GRU Targeting Western Logistics Entities and Technology Companies (PDF, 1,081KB)
For a downloadable list of IOCs, visit:
Introduction
For over two years, the Russian GRU 85th GTsSS, military unit 26165—commonly known in the cybersecurity community as APT28, Fancy Bear, Forest Blizzard, BlueDelta, and a variety of other identifiers—has conducted this campaign using a mix of known tactics, techniques, and procedures (TTPs), including reconstituted password spraying capabilities, spearphishing, and modification of Microsoft Exchange mailbox permissions. In late February 2022, multiple Russian state-sponsored cyber actors increased the variety of cyber operations for purposes of espionage, destruction, and influence—with unit 26165 predominately involved in espionage. [1] As Russian military forces failed to meet their military objectives and Western countries provided aid to support Ukraine’s territorial defense, unit 26165 expanded its targeting of logistics entities and technology companies involved in the delivery of aid. These actors have also targeted Internet-connected cameras at Ukrainian border crossings to monitor and track aid shipments. Note: This advisory uses the MITRE ATT&CK® for Enterprise framework, version 17. See Appendix A: MITRE ATT&CK tactics and techniques for a table of the threat actors’ activity mapped to MITRE ATT&CK tactics and techniques. This advisory uses the MITRE D3FEND® framework, version 1.0.
Description of Targets
The GRU unit 26165 cyber campaign against Western logistics providers and technology companies has targeted dozens of entities, including government organizations and private/commercial entities across virtually all transportation modes: air, sea, and rail. These actors have targeted entities associated with the following verticals within NATO member states, Ukraine, and at international organizations:
Defense Industry
Transportation and Transportation Hubs (ports, airports, etc.)
Maritime
Air Traffic Management
IT Services
In the course of the targeting lifecycle, unit 26165 actors identified and conducted follow-on targeting of additional entities in the transportation sector that had business ties to the primary target, exploiting trust relationships to attempt to gain additional access [T1199].
The actors also conducted reconnaissance on at least one entity involved in the production of industrial control system (ICS) components for railway management, though a successful compromise was not confirmed [TA0043].
The countries with targeted entities include the following, as illustrated in Figure 1:
Bulgaria
Czech Republic
France
Germany
Greece
Italy
Moldova
Netherlands
Poland
Romania
Slovakia
Ukraine
United States
Figure 1: Countries with Targeted Entities
Initial Access TTPs
To gain initial access to targeted entities, unit 26165 actors used several techniques to gain initial access to targeted entities, including (but not limited to):
The actors abused vulnerabilities associated with a range of brands and models of small office/home office (SOHO) devices to facilitate covert cyber operations, as well as proxy malicious activity via devices with geolocation in proximity to the target [T1665]. [2]
Credential Guessing/Brute Force
Unit 26165 actors’ credential guessing [T1110.001] operations in this campaign exhibit some similar characteristics to those disclosed in the previous CSA “Russian GRU Conducting Global Brute Force Campaign to Compromise Enterprise and Cloud Environments.” [3] Based on victim network investigations, the current iteration of this TTP employs a similar blend of anonymization infrastructure, including the use of Tor and commercial VPNs [T1090.003]. The actors frequently rotated the IP addresses used to further hamper detection. All observed connections were made via encrypted TLS [T1573].
Spearphishing
GRU unit 26165 actors’ spearphishing emails included links [T1566.002] leading to fake login pages impersonating a variety of government entities and Western cloud email providers’ webpages. These webpages were typically hosted on free third-party services or compromised SOHO devices and often used legitimate documents associated with thematically similar entities as lures. The subjects of spearphishing emails were diverse and ranged from professional topics to adult themes. Phishing emails were frequently sent via compromised accounts or free webmail accounts [T1586.002, T1586.003]. The emails were typically written in the target’s native language and sent to a single targeted recipient.
Some campaigns employed multi-stage redirectors [T1104] verifying IP-geolocation [T1627.001] and browser fingerprints [T1627] to protect credential harvesting infrastructure or provide multifactor authentication (MFA) [T1111] and CAPTCHA relaying capabilities [T1056]. Connecting endpoints failing the location checks were redirected to a benign URL [T1627], such as msn.com. Redirector services used include:
Webhook[.]site
FrgeIO
InfinityFree
Dynu
Mocky
Pipedream
Mockbin[.]org
The actors also used spearphishing to deliver malware (including HEADLACE and MASEPIE) executables [T1204.002] delivered via third-party services and redirectors [T1566.002], scripts in a mix of languages [T1059] (including BAT [T1059.003] and VBScript [T1059.005]) and links to hosted shortcuts [T1204.001].
CVE Usage
Throughout this campaign, GRU unit 26165 weaponized an Outlook NTLM vulnerability (CVE-2023-23397) to collect NTLM hashes and credentials via specially crafted Outlook calendar appointment invitations [T1187]. [4],[5] These actors also used a series of Roundcube CVEs (CVE-2020-12641, CVE-2020-35730, and CVE-2021-44026) to execute arbitrary shell commands [T1059], gain access to victim email accounts, and retrieve sensitive data from email servers [T1114].
Since at least fall 2023, the actors leveraged a WinRAR vulnerability (CVE-2023-38831) allowing for the execution of arbitrary code embedded in an archive as a means of initial access [T1659]. The actors sent emails with malicious attachments [T1566.001] or embedded hyperlinks [T1566.002] that downloaded a malicious archive prepared using this CVE.
Post-Compromise TTPs
After an initial compromise using one of the above techniques, unit 26165 actors conducted contact information reconnaissance to identify additional targets in key positions [T1589.002]. The actors also conducted reconnaissance of the cybersecurity department [T1591], individuals responsible for coordinating transport [T1591.004], and other companies cooperating with the victim entity [T1591.002].
The actors used native commands and open source tools, such as Impacket and PsExec, to move laterally within the environment [TA0008]. Multiple Impacket scripts were used as .exe files, in addition to the python versions, depending on the victim environment. The actors also moved laterally within the network using Remote Desktop Protocol (RDP) [T1021.001] to access additional hosts and attempt to dump Active Directory NTDS.dit domain databases [T1003.003] using native Active Directory Domain Services commands, such as in Figure 2: Example Active Directory Domain Services command:
C:Windowssystem32ntdsutil.exe "activate instance ntds" ifm "create full C:temp[a-z]{3}" quit quit
Figure 2: Example Active Directory Domain Services command
Additionally, GRU unit 26165 actors used the tools Certipy and ADExplorer.exe to exfiltrate information from the Active Directory. The actors installed python [T1059.006] on infected machines to enable the execution of Certipy. Accessed files were archived in .zip files prior to exfiltration [T1560]. The actors attempted to exfiltrate archived data via a previously dropped OpenSSH binary [T1048].
Incident response investigations revealed that the actors would take steps to locate and exfiltrate lists of Office 365 users and set up sustained email collection. The actors used manipulation of mailbox permissions [T1098.002] to establish sustained email collection at compromised logistics entities, as detailed in a Polish Cybercommand blog. [6]
After initial authentication, unit 26165 actors would change accounts’ folder permissions and enroll compromised accounts in MFA mechanisms to increase the trust-level of compromised accounts and enable sustained access [T1556.006]. The actors leveraged python scripts to retrieve plaintext passwords via Group Policy Preferences [T1552.006] using Get-GPPPassword.py and a modified ldap-dump.py to enumerate the Windows environment [T1087.002] and conduct a brute force password spray [T1110.003] via Lightweight Directory Access Protocol (LDAP). The actors would additionally delete event logs through the wevtutil utility [T1070.001].
After gaining initial access to the network, the actors pursued further access to accounts with access to sensitive information on shipments, such as train schedules and shipping manifests. These accounts contained information on aid shipments to Ukraine, including:
sender,
recipient,
train/plane/ship numbers,
point of departure,
destination,
container registration numbers,
travel route, and
cargo contents.
In at least one instance, the actors attempted to use voice phishing [T1566.004] to gain access to privileged accounts by impersonating IT staff.
Malware
Unit 26165’s use of malware in this campaign ranged from gaining initial access to establishing persistence and exfiltrating data. In some cases, the attack chain resulted in multiple pieces of malware being deployed in succession. The actors used dynamic link library (DLL) search order hijacking [T1574.001] to facilitate malware execution. There were a number of known malware variants tied to this campaign against logistics sector victims, including:
HEADLACE [7]
MASEPIE [8]
While other malware variants, such as OCEANMAP and STEELHOOK, [8] were not directly observed targeting logistics or IT entities, their deployment against victims in other sectors in Ukraine and other Western countries suggest that they could be deployed against logistics and IT entities should the need arise.
Persistence
In addition to the abovementioned mailbox permissions abuse, unit 26165 actors also used scheduled tasks [T1053.005], run keys [T1547.001], and placed malicious shortcuts [T1547.009] in the startup folder to establish persistence.
Exfiltration
GRU unit 26165 actors used a variety of methods for data exfiltration that varied based on the victim environment, including both malware and living off the land binaries. PowerShell commands [T1059.001] were often used to prepare data for exfiltration; for example, the actors prepared zip archives [T1560.001] for upload to their own infrastructure.
The actors also used server data exchange protocols and Application Programming Interfaces (APIs) such as Exchange Web Services (EWS) and Internet Message Access Protocol (IMAP) [T1114.002] to exfiltrate data from email servers. In multiple instances, the actors used periodic EWS queries [T1119] to collect new emails sent and received since the last data exfiltration [T1029]. The actors typically used infrastructure in close geographic proximity to the victim. Long gaps between exfiltration, the use of trusted and legitimate protocols, and the use of local infrastructure allowed for long-term collection of sensitive data to go undetected.
Connections to Targeting of IP Cameras
In addition to targeting logistics entities, unit 26165 actors likely used access to private cameras at key locations, such as near border crossings, military installations, and rail stations, to track the movement of materials into Ukraine. The actors also used legitimate municipal services, such as traffic cams.
The actors targeted Real Time Streaming Protocol (RTSP) servers hosting IP cameras primarily located in Ukraine as early as March 2022 in a large-scale campaign, which included attempts to enumerate devices [T1592] and gain access to the cameras’ feeds [T1125]. Actor-controlled servers sent RTSP DESCRIBE requests destined for RTSP servers, primarily hosting IP cameras [T1090.002]. The DESCRIBE requests were crafted to obtain access to IP cameras located on logically distinct networks from that of the routers that received the request. The requests included Base64-encoded credentials for the RTSP server, which included publicly documented default credentials and likely generic attempts to brute force access to the devices [T1110]. An example of an RTSP request is shown in Figure 3.
Successful RTSP 200 OK responses contained a snapshot of the IP camera’s image and IP camera metadata such as video codec, resolution, and other properties depending on the IP camera’s configuration.
From a sample available to the authoring agencies of over 10,000 cameras targeted via this effort, the geographic distribution of victims showed a strong focus on cameras in Ukraine and border countries, as shown in Table 1:
Table 1: Geographic distribution of targeted IP cameras
Country
Percentage of Total Attempts
Ukraine
81.0%
Romania
9.9%
Poland
4.0%
Hungary
2.8%
Slovakia
1.7%
Others
0.6%
Mitigation Actions
General Security Mitigations
Architecture and Configuration
Employ appropriate network segmentation [D3-NI] and restrictions to limit access and utilize additional attributes (such as device information, environment, and access path) when making access decisions [D3-AMED].
Consider Zero Trust principles when designing systems. Base product choices on how those products can solve specific risks identified as part of the end-to-end design. [9]
Ensure that host firewalls and network security appliances (e.g., firewalls) are configured to only allow legitimately needed data flows between devices and servers to prevent lateral movement [D3-ITF]. Alert on attempts to connect laterally between host devices or other unusual data flows.
Use automated tools to audit access logs for security concerns and identify anomalous access requests [D3-RAPA].
For organizations using on-premises authentication and email services, block and alert on NTLM/SMB requests to external infrastructure [D3-OTF].
Utilize endpoint, detection, and response (EDR) and other cybersecurity solutions on all systems, prioritizing high value systems with large amounts of sensitive data such as mail servers and domain controllers [D3-PM] first.
Perform threat and attack modeling to understand how sensitive systems may be compromised within an organization’s specific architecture and security controls. Use this to develop a monitoring strategy to detect compromise attempts and select appropriate products to enact this strategy.
Collect and monitor Windows logs for certain events, especially for events that indicate that a log was cleared unexpectedly [D3-SFA].
Enable optional security features in Windows to harden endpoints and mitigate initial access techniques [D3-AH]:
Enable attack surface reduction rules to prevent executable content from email [D3-ABPI].
Enable attack surface reduction rules to prevent execution of files from globally writeable directories, such as Downloads or %APPDATA% [D3-EAL].
Unless users are involved in the development of scripts, limit the local execution of scripts (such as batch scripts, VBScript, JScript/JavaScript, and PowerShell [10]) to known scripts [D3-EI], and audit execution attempts.
Disable Windows Host Scripting functionality and configure PowerShell to run in Constrained mode [D3-ACH].
Where feasible, implement allowlisting for applications and scripts to limit execution to only those needed for authorized activities, blocking all others by default [D3-EAL].
Consider using open source SIGMA rules as a baseline for detecting and alerting on suspicious file execution or command parameters [D3-PSA].
Use services that provide enhanced browsing services and safe link checking [D3-URA]. Significant reductions in successful spearphishing attempts were noted when email providers began offering link checking and automatic file detonation to block malicious content.
Where possible, block logins from public VPNs, including exit nodes in the same country as target systems, or, if they need to be allowed, alert on them for further investigation. Most organizations should not need to allow incoming traffic, especially logins to systems, from VPN services [D3-NAM].
Educate users to only use approved corporate systems for relevant government and military business and avoid the use of personal accounts on cloud email providers to conduct official business. Network administrators should also audit both email and web request logs to detect such activity.
Many organizations may not need to allow outgoing traffic to hosting and API mocking services, which are frequently used by GRU unit 26165. Organizations should consider alerting on or blocking the following services, with exceptions allowlisted for legitimate activity [D3-DNSDL].
*.000[.]pe
*.1cooldns[.]com
*.42web[.]io
*.4cloud[.]click
*.accesscan[.]org
*.bumbleshrimp[.]com
*.camdvr[.]org
*.casacam[.]net
*.ddnsfree[.]com
*.ddnsgeek[.]com
*.ddnsguru[.]com
*.dynuddns[.]com
*.dynuddns[.]net
*.free[.]nf
*.freeddns[.]org
*.frge[.]io
*.glize[.]com
*.great-site[.]net
*.infinityfreeapp[.]com
*.kesug[.]com
*.loseyourip[.]com
*.lovestoblog[.]com
*.mockbin[.]io
*.mockbin[.]org
*.mocky[.]io
*.mybiolink[.]io
*.mysynology[.]net
*.mywire[.]org
*.ngrok[.]io
*.ooguy[.]com
*.pipedream[.]net
*.rf[.]gd
*.urlbae[.]com
*.webhook[.]site
*.webhookapp[.]com
*.webredirect[.]org
*.wuaze[.]com
Heuristic detections for web requests to new subdomains, including of the above providers, may uncover malicious phishing activity [D3-DNRA]. Logging the requests for each sub-domain requested by users on a network, such as in DNS or firewall logs, may enable system administrators to identify new targeting and victims.
Identity and Access Management
Organizations should take measures to ensure strong access controls and mitigate against common credential theft techniques:
Use MFA with strong factors, such as passkeys or PKI smartcards, and require regular re-authentication [D3-MFA]. [11], [12] Strong authentication factors are not guessable using dictionary techniques, so they resist brute force attempts.
Implement other mitigations for privileged accounts: including limiting the number of admin accounts, considering using hardware MFA tokens, and regularly reviewing all privileged user accounts [D3-JFAPA].
Separate privileged accounts by role and alert on misuse of privileged accounts [D3-UAP]. For example, email administrator accounts should be different from domain administrator accounts.
Reduce reliance on passwords; instead, consider using services like single sign-on [D3-TBA].
For organizations using on-premises authentication and email services, plan to disable NTLM entirely and migrate to more robust authentication processes such as PKI certificate authentication.
Do not store passwords in Group Policy Preferences (GPP). Remove all passwords previously included in GPP and change all passwords on the corresponding accounts [D3-CH]. [13]
Use account throttling or account lockout [D3-ANET]:
Throttling is preferred to lockout. Throttling progressively increases time delay between successive login attempts.
Account lockout can leave legitimate users unable to access their accounts and requires access to an account recovery process.
Account lockout can provide a malicious actor with an easy way to launch a Denial of Service (DoS).
If using lockout, then allowing 5 to 10 attempts before lockout is recommended.
Use a service to check for compromised passwords before using them [D3-SPP]. For example, “Have I Been Pwned” can be used to check whether a password has been previously compromised without disclosing the potential password.
Change all default credentials [D3-CRO] and disable protocols that use weak authentication (e.g., clear-text passwords or outdated and vulnerable authentication or encryption protocols) or do not support multi-factor authentication [D3-ACH] [D3-ET]. Always configure access controls carefully to ensure that only well-maintained and well-authenticated accounts have access. [13]
IP Camera Mitigations
The following mitigation techniques for IP cameras can be used to defend against this type of malicious activity:
Ensure IP cameras are currently supported. Replace devices that are out of support.
Apply security patches and firmware updates to all IP cameras [D3-SU].
Disable remote access to the IP camera, if unnecessary [D3-ITF].
Ensure cameras are protected by a security appliance, if possible, such as by using a firewall to prevent communication with the camera from IP addresses not on an allowlist [D3-NAM].
If remote access to IP camera feeds is required, ensure authentication is enabled [D3-AA] and use a VPN to connect remotely [D3-ET]. Use MFA for management accounts if supported [D3-MFA].
Disable Universal Plug and Play (UPnP), Peer-to-Peer (P2P), and Anonymous Visit features on IP cameras and routers [D3-NI].
Turn off other ports/services not in use (e.g., FTP, web interface, etc.) [D3-ACH].
If supported, enable authenticated RTSP access only [D3-AA].
Review all authentication activity for remote access to make sure it is valid and expected [D3-UBA]. Investigate any unexpected or unusual activity.
Audit IP camera user accounts to ensure they are an accurate reflection of your organization and that they are being used as expected [D3-UAP].
Configure, tune, and monitor logging—if available—on the IP camera.
Indicators of Compromise (IOCs)
Note: Specific IoCs may no longer be actor controlled, may themselves be compromised infrastructure or email accounts, or may be shared infrastructure such as public VPN or Tor exit nodes. Care should be taken when basing triaging logs or developing detection rules on these indicators. GRU unit 26165 almost certainly uses extensive further infrastructure and TTPs not specifically listed in this report.
Utilities and scripts
Legitimate utilities
Unauthorized or unusual use of the following legitimate utilities can be an indication of a potential compromise:
ntdsutil – A legitimate Windows executable used by threat actors to export contents of Active Directory
wevtutil – A legitimate Windows executable used by threat actors to delete event logs
vssadmin – A legitimate Windows executable possibly used by threat actors to make a copy of the server’s C: drive
ADexplorer – A legitimate window executable to view, edit, and backup Active Directory Certificate Services
OpenSSH – The Windows version of a legitimate open source SSH client
schtasks – A legitimate Windows executable used to create persistence using scheduled tasks
whoami – A legitimate Windows executable used to retrieve the name of the current user
tasklist – A legitimate Windows executable used to retrieve the list of running processes
hostname – A legitimate Windows executable used to retrieve the device name
arp – A legitimate Windows executable used to retrieve the ARP table for mapping the network environment
systeminfo – A legitimate Windows executable used to retrieve a comprehensive summary of device and operating system information
net – A legitimate Windows executable used to retrieve detailed user information
wmic – A legitimate Windows executable used to interact with Windows Management Instrumentation (WMI), such as to retrieve letters assigned to logical partitions on storage drives
cacls – A legitimate Windows executable used to modify permissions on files
icacls – A legitimate Windows executable used to modify permissions to files and handle integrity levels and ownership
ssh – A legitimate Windows executable used to establish network shell connections
reg – A legitimate Windows executable used to add to or modify the system registry
Note: Additional heuristics are needed for effective hunting for these and other living off the land (LOTL) binaries to avoid being overwhelmed by false positives if these legitimate management tools are used regularly. See the joint guide, Identifying and Mitigating Living Off the Land Techniques, for guidance on developing a multifaceted cybersecurity strategy that enables behavior analytics, anomaly detection, and proactive hunting, which are part of a comprehensive approach to mitigating cyber threats that employ LOTL techniques.
Malicious scripts
Certipy – An open source python tool for enumerating and abusing Active Directory Certificate Services
Get-GPPPassword.py – An open source python script for finding insecure passwords stored in Group Policy Preferences
ldap-dump.py – A script for enumerating user accounts and other information in Active Directory
Hikvision backdoor string: “YWRtaW46MTEK”
Suspicious command lines
While the following utilities are legitimate, and using them with the command lines shown may also be legitimate, these command lines are often used during malicious activities and could be an indication of a compromise:
edge.exe “-headless-new -disable-gpu”
ntdsutil.exe “activate instance ntds” ifm “create full C:temp[a-z]{3}” quit quit
Disclaimer: These IP addresses date June 2024 through August 2024. The authoring agencies recommend organizations investigate or vet these IP addresses prior to taking action, such as blocking.
June 2024
July 2024
August 2024
192[.]162[.]174[.]94
207[.]244[.]71[.]84
31[.]135[.]199[.]145
79[.]184[.]25[.]198
91[.]149[.]253[.]204
103[.]97[.]203[.]29
162[.]210[.]194[.]2
31[.]42[.]4[.]138
79[.]185[.]5[.]142
91[.]149[.]254[.]75
209[.]14[.]71[.]127
46[.]112[.]70[.]252
83[.]10[.]46[.]174
91[.]149[.]255[.]122
109[.]95[.]151[.]207
46[.]248[.]185[.]236
83[.]168[.]66[.]145
91[.]149[.]255[.]19
64[.]176[.]67[.]117
83[.]168[.]78[.]27
91[.]149[.]255[.]195
64[.]176[.]69[.]196
83[.]168[.]78[.]31
91[.]221[.]88[.]76
64[.]176[.]70[.]18
83[.]168[.]78[.]55
93[.]105[.]185[.]139
64[.]176[.]70[.]238
83[.]23[.]130[.]49
95[.]215[.]76[.]209
64[.]176[.]71[.]201
83[.]29[.]138[.]115
138[.]199[.]59[.]43
70[.]34[.]242[.]220
89[.]64[.]70[.]69
147[.]135[.]209[.]245
70[.]34[.]243[.]226
90[.]156[.]4[.]204
178[.]235[.]191[.]182
70[.]34[.]244[.]100
91[.]149[.]202[.]215
178[.]37[.]97[.]243
70[.]34[.]245[.]215
91[.]149[.]203[.]73
185[.]234[.]235[.]69
70[.]34[.]252[.]168
91[.]149[.]219[.]158
192[.]162[.]174[.]67
70[.]34[.]252[.]186
91[.]149[.]219[.]23
194[.]187[.]180[.]20
70[.]34[.]252[.]222
91[.]149[.]223[.]130
212[.]127[.]78[.]170
70[.]34[.]253[.]13
91[.]149[.]253[.]118
213[.]134[.]184[.]167
70[.]34[.]253[.]247
91[.]149[.]253[.]198
70[.]34[.]254[.]245
91[.]149[.]253[.]20
Detections
Customized NTLM listener
rule APT28_NTLM_LISTENER {
meta:
description = "Detects NTLM listeners including APT28's custom one"
( any of ($sysinternals_*) and any of ($psexec_*) )
or
( 2 of ($network_*) and 2 of ($psexec_*))
)
}
The cybersecurity industry provides overlapping cyber threat intelligence, IOCs, and mitigation recommendations related to GRU unit 26165 cyber actors. While not all encompassing, the following are the most notable threat group names related under MITRE ATT&CK G0007 and commonly used within the cybersecurity community:
APT28 [14]
Fancy Bear [14]
Forest Blizzard [14]
Blue Delta [15]
Note: Cybersecurity companies have different methods of tracking and attributing cyber actors, and this may not be a 1:1 correlation to the U.S. government’s understanding for all activity related to these groupings.
Further Reference
To search for the presence of malicious email messages targeting CVE-2023-23397, network defenders may consider using the script published by Microsoft: https://aka.ms/CVE-2023-23397ScriptDoc.
For the Impacket TTP, network defenders may consider using the following publicly available Impacket YARA detection rule: https://github.com/Neo23x0/signature-base/blob/master/yara/gen_impacket_tools.yar
Works Cited
[1] Microsoft. Defending Ukraine: Early Lessons from the Cyber War. 2022. https://blogs.microsoft.com/on-the-issues/2022/06/22/defending-ukraine-early-lessons-from-the-cyber-war/ [2] FBI et al. Russian Cyber Actors Use Compromised Routers to Facilitate Cyber Operations. 2024. https://media.defense.gov/2024/Feb/27/2003400753/-1/-1/0/CSA-Russian-Actors-Use-Routers-Facilitate-Cyber_Operations.PDF [3] NSA et al. Russian GRU Conducting Global Brute Force Campaign to Compromise Enterprise and Cloud Environments. 2021. https://media.defense.gov/2021/Jul/01/2002753896/-1/-1/0/CSA_GRU_GLOBAL_BRUTE_FORCE_CAMPAIGN_UOO158036-21.PDF [4] ANSSI. Campagnes d'attaques du mode opératoire APT28 depuis 2021. 2023. https://cert.ssi.gouv.fr/cti/CERTFR-2023-CTI-009/ [5] ANSSI. Targeting and compromise of french entities using the APT28 intrusion set. 2025. https://cert.ssi.gouv.fr/cti/CERTFR-2025-CTI-007/ [6] Polish Cyber Command. Detecting Malicious Activity Against Microsoft Exchange Servers. 2023. https://www.wojsko-polskie.pl/woc/articles/aktualnosci-w/detecting-malicious-activity-against-microsoft-exchange-servers/ [7] IBM. Israel-Hamas Conflict Lures to Deliver Headlace Malware. 2023. https://securityintelligence.com/x-force/itg05-ops-leverage-israel-hamas-conflict-lures-to-deliver-headlace-malware/ [8] CERT-UA. APT28: From Initial Attack to Creating Domain Controller Threats in an Hour. 2023. https://cert.gov.ua/article/6276894 [9] NSA. Embracing a Zero Trust Security Model. 2021. https://media.defense.gov/2021/Feb/25/2002588479/-1/-1/0/CSI_EMBRACING_ZT_SECURITY_MODEL_UOO115131-21.PDF [10] NSA et al. Keeping PowerShell: Security Measures to Use and Embrace. 2022. https://media.defense.gov/2022/Jun/22/2003021689/-1/-1/0/CSI_KEEPING_POWERSHELL_SECURITY_MEASURES_TO_USE_AND_EMBRACE_20220622.PDF [11] National Institute of Standards and Technology (NIST). Special Publication 800-63B: Digital Identity Guidelines – Authentication and Lifecycle Management. 2020. https://pages.nist.gov/800-63-3/sp800-63b.html [12] NSA. Selecting Secure Multi-factor Authentication Solutions. October 16, 2020. https://media.defense.gov/2024/Jul/31/2003515137/-1/-1/0/MULTIFACTOR_AUTHENTICATION_SOLUTIONS_UOO17091520.PDF [13] NSA and CSA. NSA and CISA Red and Blue Teams Share Top Ten Cybersecurity Misconfigurations. 2023. https://media.defense.gov/2023/Oct/05/2003314578/-1/-1/0/JOINT_CSA_TOP_TEN_MISCONFIGURATIONS_TLP-CLEAR.PDF
[14] Department of Justice. Justice Department Conducts Court-Authorized Disruption of Botnet Controlled by the Russian Federation’s Main Intelligence Directorate of the General Staff (GRU). 2024. https://www.justice.gov/archives/opa/pr/justice-department-conducts-court-authorized-disruption-botnet-controlled-russian [15] Recorded Future. GRU’s BlueDelta Targets Key Networks in Europe with Multi-Phase Espionage Campaigns. 2024. https://go.recordedfuture.com/hubfs/reports/CTA-RU-2024-0530.pdf
Disclaimer of endorsement
The information and opinions contained in this document are provided "as is" and without any warranties or guarantees. Reference herein to any specific commercial products, process, or service by trade name, trademark, manufacturer, or otherwise, does not constitute or imply its endorsement, recommendation, or favoring by the United States Government, and this guidance shall not be used for advertising or product endorsement purposes.
Purpose
This document was developed in furtherance of the authoring agencies’ cybersecurity missions, including their responsibilities to identify and disseminate threats and to develop and issue cybersecurity specifications and mitigations. This information may be shared broadly to reach all appropriate stakeholders.
Contact
United States organizations
National Security Agency (NSA)
Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI)
U.S. organizations are encouraged to reporting suspicious or criminal activity related to information in this advisory to CISA via the agency’s Incident Reporting System, its 24/7 Operations Center (report@cisa.gov or 888-282-0870), or your local FBI field office. When available, please include the following information regarding the incident: date, time, and location of the incident; type of activity; number of people affected; type of equipment user for the activity; the name of the submitting company or organization; and a designated point of contact.
Department of Defense Cyber Crime Center (DC3)
United Kingdom organizations
Germany organizations
Czech Republic organizations
Poland organizations
Australian organizations
Visit cyber.gov.au or call 1300 292 371 (1300 CYBER 1) to report cybersecurity incidents and access alerts and advisories.
Canadian organizations
Estonia organizations
French organizations
French organizations are encouraged to report suspicious activity or incident related to information found in this advisory by contacting ANSSI/CERT-FR by email at cert-fr@ssi.gouv.fr or by phone at: 3218 or +33 9 70 83 32 18.
See Table 2 through Table 14 for all the threat actor tactics and techniques referenced in this advisory.
Table 2: Reconnaissance
Tactic/Technique Title
ID
Use
Reconnaissance
TA0043
Conducted reconnaissance on at least one entity involved in the production of ICS components for railway management.
Conducted contact information reconnaissance to identify additional targets in key positions.
Gather Victim Org Information
T1591
Conducted reconnaissance of the cybersecurity department.
Gather Victim Org Information: Identify Roles
T1591.004
Conducted reconnaissance of individuals responsible for coordinating transport.
Gather Victim Org Information: Business Relationships
T1591.002
Conducted reconnaissance of other companies cooperating with the victim entity.
Gather Victim Host Information
T1592
Attempted to enumerate Real Time Streaming Protocol (RTSP) servers hosting IP cameras.
Table 3: Resource development
Tactic/Technique Title
ID
Use
Compromise Accounts: Email Accounts
T1586.002
Sent phishing emails using compromised accounts.
Compromise Accounts: Cloud Accounts
T1586.003
Sent phishing emails using compromised accounts.
Table 4: Initial Access
Tactic/Technique Title
ID
Use
Trusted Relationship
T1199
Conducted follow-on targeting of additional entities in the transportation sector that had business ties to the primary target, exploiting trust relationships to attempt to gain additional access.
Phishing
T1566
Used spearphishing for credentials and delivering malware to gain initial access to targeted entities.
Phishing: Spearphishing Attachment
T1566.001
Sent emails with malicious attachments.
Phishing: Spearphishing Link
T1566.002
Used spearphishing with included links to fake login pages. Sent emails with embedded hyperlinks that downloaded a malicious archive.
Phishing: Spearphishing Voice
T1566.004
Attempted to use voice phishing to gain access to privileged accounts by impersonating IT staff.
External Remote Services
T1133
Exploited Internet-facing infrastructure, including corporate VPNs, to gain initial access to targeted entities.
Exploit Public-Facing Application
T1190
Exploited public vulnerabilities and SQL injection to gain initial access to targeted entities.
Content Injection
T1659
Leveraged a WinRAR vulnerability allowing for the execution of arbitrary code embedded in an archive.
Table 5: Execution
Tactic/Technique Title
ID
Use
User Execution: Malicious Link
T1204.001
Used malicious links to hosted shortcuts in spearphishing.
User Execution: Malicious File
T1204.002
Delivered malware executables via spearphishing.
Scheduled Task/Job: Scheduled Task
T1053.005
Used scheduled tasks to establish persistence.
Command and Scripting Interpreter
T1059
Delivered scripts in spearphishing. Executed arbitrary shell commands.
Command and Scripting Interpreter: PowerShell
T1059.001
PowerShell commands were often used to prepare data for exfiltration.
Command and Scripting Interpreter: Windows Command Shell
T1059.003
Used BAT script in spearphishing.
Command and Scripting Interpreter: Visual Basic
T1059.005
Used VBScript in spearphishing.
Command and Scripting Interpreter: Python
T1059.006
Installed python on infected machines to enable the execution of Certipy.
Enrolled compromised accounts in MFA mechanisms to increase the trust-level of compromised accounts and enable sustained access.
Hijack Execution Flow: DLL Search Order Hijacking
T1574.001
Used DLL search order hijacking to facilitate malware execution.
Boot or Logon Autostart Execution: Registry Run Keys / Startup Folder
T1547.001
Used run keys to establish persistence.
Boot or Logon Autostart Execution: Shortcut Modification
T1547.009
Placed malicious shortcuts in the startup folder to establish persistence.
Table 7: Defense Evasion
Tactic/Technique Title
ID
Use
Indicator Removal: Clear Windows Event Logs
T1070.001
Deleted event logs through the wevtutil utility.
Table 8: Credential access
Tactic/Technique Title
ID
Use
Brute Force
Sent requests with Base64-encoded credentials for the RTSP server, which included publicly documented default credentials, and likely were generic attempts to brute force access to the devices.
Brute Force: Password Guessing
T1110.001
Used credential guessing to gain initial access to targeted entities.
Brute Force: Password Spraying
T1110.003
Used brute force to gain initial access to targeted entities. Conducted a brute force password spray via LDAP.
Multi-Factor Authentication Interception
Used multi-stage redirectors to provide MFA relaying capabilities in some campaigns.
Input Capture
Used multi-stage redirectors to provide CAPTCHA relaying capabilities in some campaigns.
Forced Authentication
Used an Outlook NTLM vulnerability to collect NTLM hashes and credentials via specially crafted Outlook calendar appointment invitations.
OS Credential Dumping: NTDS
T1003.003
Attempted to dump Active Directory NTDS.dit domain databases.
Unsecured Credentials: Group Policy Preferences
T1552.006
Retrieved plaintext passwords via Group Policy Preferences using Get-GPPPassword.py.
Table 9: Discovery
Tactic/Technique Title
ID
Use
Account Discovery: Domain Account
T1087.002
Used a modified ldap-dump.py to enumerate the Windows environment.
Table 10: Command and Control
Tactic/Technique Title
ID
Use
Hide Infrastructure
T1665
Abused SOHO devices to facilitate covert cyber operations, as well as proxy malicious activity, via devices with geolocation in proximity to the target.
Proxy: External Proxy
T1090.002
Actor-controlled servers sent RTSP DESCRIBE requests destined for RTSP servers.
Proxy: Multi-hop Proxy
T1090.003
Used Tor and commercial VPNs as part of their anonymization infrastructure
Encrypted Channel
T1573
Connected to victim infrastructure using encrypted TLS.
Multi-Stage Channels
T1104
Used multi-stage redirectors for campaigns.
Table 11: Defense evasion (mobile framework)
Tactic/Technique Title
ID
Use
Execution Guardrails
Used multi-stage redirectors to verify browser fingerprints in some campaigns.
Execution Guardrails: Geofencing
T1627.001
Used multi-stage redirectors to verify IP-geolocation in some campaigns.
Table 12: Lateral movement
Tactic/Technique Title
ID
Use
Lateral Movement
Used native commands and open source tools, such as Impacket and PsExec, to move laterally within the environment.
Remote Services: Remote Desktop Protocol
T1021.001
Moved laterally within the network using RDP.
Table 13: Collection
Tactic/Technique Title
ID
Use
Email Collection
Retrieved sensitive data from email servers.
Email Collection: Remote Email Collection
T1114.002
Used server data exchange protocols and APIs such as Exchange Web Services (EWS) and IMAP to exfiltrate data from email servers.
Automated Collection
Used periodic EWS queries to collect new emails.
Video Capture
Attempted to gain access to the cameras’ feeds.
Archive Collected Data
Accessed files were archived in .zip files prior to exfiltration.
Archive Collected Data: Archive via Utility
T1560.001
Prepared zip archives for upload to the actors’ infrastructure.
Table 14: Exfiltration
Tactic/Technique Title
ID
Use
Exfiltration Over Alternative Protocol
Attempted to exfiltrate archived data via a previously dropped OpenSSH binary.
Scheduled Transfer
Used periodic EWS queries to collect new emails sent and received since the last data exfiltration.
Appendix B: CVEs exploited
Table 15: Exploited CVE information
CVE
Vendor/Product
Details
CVE-2023-38831
RARLAB WinRAR
Allows execution of arbitrary code when a user attempts to view a benign file within a ZIP archive.
CVE-2023-23397
Microsoft Outlook
External actors could send specially crafted emails that cause a connection from the victim to an untrusted location of the actor’s control, leaking the Net-NTLMv2 hash of the victim that the actor could then relay to another service to authenticate as the victim.
CVE-2021-44026
Roundcube Webmail
Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to a potential SQL injection via search or search params.
CVE-2020-35730
Roundcube Webmail
An XSS issue was discovered in Roundcube Webmail before 1.2.13, 1.3.x before 1.3.16 and 1.4.x before 1.4.10, where a plaintext email message with JavaScript in a link reference element is mishandled by linkref_addindex in rcube_string_replacer.php.
CVE-2020-12641
Roundcube Webmail
Roundcube Webmail before 1.4.4 allows arbitrary code execution via shell metacharacters in a configuration setting for im_convert_path or im_identify_path in rcube_image.php.
Appendix C: MITRE D3FEND Countermeasures
Table 16: MITRE D3FEND countermeasures
Countermeasure Title
ID
Details
Network Isolation
Employ appropriate network segmentation. Disable Universal Plug and Play (UPnP), Peer-to-Peer (P2P), and Anonymous Visit features on IP cameras and routers.
Access Mediation
Limit access and utilize additional attributes (such as device information, environment, and access path) when making access decisions. Configure access controls carefully to ensure that only well-maintained and well-authenticated accounts have access.
Inbound Traffic Filtering
Implement host firewall rules to block connections from other devices on the network, other than from authorized management devices and servers, to prevent lateral movement.
Resource Access Pattern Analysis
Use automated tools to audit access logs for security concerns and identify anomalous access requests.
Outbound Traffic Filtering
Block NTLM/SMB requests to external infrastructure.
Platform Monitoring
Install EDR/logging/cybersecurity solutions onto high value systems with large amounts of sensitive data such as mail servers and domain controllers.
System File Analysis
Collect and monitor Windows logs for certain events, especially for events that indicate that a log was cleared unexpectedly.
Application Hardening
Enable optional security features in Windows to harden endpoints and mitigate initial access techniques.
Application-based Process Isolation
Enable attack surface reduction rules to prevent executable content from email.
Executable Allowlisting
Enable attack surface reduction rules to prevent execution of files from globally writeable directories, such as Downloads or %APPDATA%.
Execution Isolation
Unless users are involved in the development of scripts, limit the execution of scripts (such as batch, JavaScript, and PowerShell) to known scripts.
Application Configuration Hardening
Disable Windows Host Scripting functionality and configure PowerShell to run in Constrained mode. Disable protocols that use weak authentication (e.g., clear-text passwords, or outdated and vulnerable authentication or encryption protocols) or do not support multi-factor authentication. Turn off other ports/services not in use (e.g., FTP, web interface, etc.).
Process Spawn Analysis
Use open source SIGMA rules as a baseline for detecting and alerting on suspicious file execution or command parameters.
URL Reputation Analysis
Use services that provide enhanced browsing services and safe link checking.
Network Access Mediation
Do not allow incoming traffic, especially logins to systems, from public VPN services. Where possible, logins from public VPNs, including exit nodes in the same country as target systems, should be blocked or, if allowed, alerted on for further investigation. Ensure cameras and other Internet of Things devices are protected by a security appliance, if possible.
DNS Denylisting
D3-DNSDL
Do not allow outgoing traffic to hosting and API mocking services frequently used by malicious actors.
Domain Name Reputation Analysis
Heuristic detections for web requests to new subdomains may uncover malicious phishing activity. Logging the requests for each sub-domain requested by users on a network, such as in DNS or firewall logs, may enable system administrators to identify new targeting and victims.
Multi-factor Authentication
Use MFA with strong factors and require regular re-authentication, especially for management accounts.
Job Function Access Pattern Analysis
D3-JFAPA
Implement other mitigations for privileged accounts: including limiting the number of admin accounts, considering using hardware MFA tokens, and regularly reviewing all privileged user accounts.
User Account Permissions
Separate privileged accounts by role and alert on misuse of privileged accounts. Audit user accounts on all devices to ensure they are an accurate reflection of your organization and that they are being used as expected.
Token-based Authentication
Reduce reliance on passwords; instead, consider using services like single sign-on.
Credential Hardening
Do not store passwords in Group Policy Preferences (GPP). Remove all passwords previously included in GPP and change all passwords on the corresponding accounts.
Authentication Event Threshholding
Use account throttling or account lockout. Throttling progressively increases time delay between successive login attempts. If using account lockout, allow between 5 to 10 attempts before lockout.
Strong Password Policy
Use a service to check for compromised passwords before using them.
Credential Rotation
Change all default credentials.
Encrypted Tunnels
Disable protocols that use weak authentication (e.g., clear-text passwords, or outdated and vulnerable authentication or encryption protocols). Use a VPN for remote connections to devices.
Software Update
Apply security patches and firmware updates to all devices. Ensure devices are currently supported. Replace devices that are end-of-life.
Agent Authentication
Ensure authentication is enabled for remote access to devices. If supported on IP cameras, enable authenticated RTSP access only.
User Behavior Analysis
Review all authentication activity for remote access to make sure it is valid and expected. Investigate any unexpected or unusual activity.
WASHINGTON – The Department of Homeland Security today announced that Immigration and Customs Enforcement (ICE) lodged a detainer for a 24-year-old illegal alien from Venezuela who posed as a teenager to attend an Ohio high school.
On May 19, the Perrysburg Ohio Police Department arrested and charged Anthony Emmanuel Labrador-Sierra with forgery. On May 20, ICE issued a detainer.
Mug shot from Wood County Jail.
“Anthony Emmanuel Labrador-Sierra is a 24-year-old illegal alien from Venezuela who has been posing as teenager and attending Perrysburg High School in Ohio,” said Assistant Secretary Tricia McLaughlin. “Labrador was arrested and charged with forgery by the Perrysburg Ohio Police Department on May 19 for using fake documents to become enrolled in the high school. ICE lodged a detainer to ensure that this criminal illegal alien is removed from this community and no longer able to prey on the students of Perrysburg High School. It is disturbing that a grown man would impersonate a teenager and infiltrate the lives of underage girls and boys to fool them into doing God knows what.”
Labrador has illegally been in the U.S. since March 24, 2020.
The Council has not discussed the possible inclusion of Mexican cartels on the list of persons, groups and entities covered by the measures in Article 2 and 3 of Common Position 2001/931/CFSP (‘CP 931’) .
The Council can, at any time, adopt a decision to add additional persons, groups, or entities to the above-mentioned list, or to remove persons, groups or entities from that list. The listing of a person, group or entity under CP 931 must satisfy the conditions laid down in Article 1(2) to 1(4) of that Common Position, which, inter alia, provides a definition of ‘terrorist act’ and ‘persons, groups and entities involved in terrorist acts’ for this purpose.
As regards the question on coordination with the United States on drug-related matters, EU-US cooperation on combatting transnational organised crime and drug trafficking is a central focus of the longstanding EU-US Dialogue on Justice and Home Affairs held at ministerial and senior official level twice a year. The EU and the United States also regularly hold an EU-US Dialogue on Drugs in order to exchange information, strengthen bilateral cooperation and enhance coordination of actions undertaken globally to address drug-related issues. The discussions in these meetings focus on reducing d rug supply by enhancing security, reducing drug demand through prevention, treatment and care services, and addressing drug-related harm, in line with the EU Drugs Strategy 2021-2025.