NewzIntel.com

Category: Eurozone

  • MIL-OSI: Euronext launches an offering of bonds due 2032 convertible into new shares and/or exchangeable for existing shares (“OCEANEs”) for a nominal amount of €425 million

    Source: GlobeNewswire (MIL-OSI)

    Euronext launches an offering of bonds due 2032 convertible into new shares and/or exchangeable for existing shares (“OCEANEs”) for a nominal amount of €425 million

    Amsterdam, Brussels, Dublin, Lisbon, Milan, Oslo and Paris – 22 May 2025 – Euronext (ISIN Code: NL0006294274) (the “Company”), the leading European capital market infrastructure, announces today the launch of an offering of senior unsecured bonds due 2032 convertible into new shares and/or exchangeable for existing shares of the Company (“OCEANEs”) (the “Bonds”), by way of a placement to qualified investors only (within the meaning of Article 2(e) of the Prospectus Regulation (as defined below)), for a nominal amount of €425 million (the “Offering”).

    On 17 April 2025, the Company entered into a bridge loan facility with, among others, affiliates of the joint bookrunners appointed in the context of the Offering, to finance the acquisition of Admincontrol. The net proceeds from the Offering will be used by the Company for the repayment of a portion of such bridge financing and general corporate purposes.

    Main terms of the Bonds

    The Bonds will be issued with a denomination of €100,000 each (the “Principal Amount”), will be convertible and/or exchangeable into new and/or existing shares of Euronext (the “Shares”) and are expected to pay a fixed coupon at a rate between 1.5% and 2.0% per annum, payable semi-annually in arrear on 30 May and 30 November of each year (or on the following business day if this date is not a business day), and for the first time on 30 November 2025.

    The initial conversion price of the Bonds will be set between 30% and 35% above the Company’s reference share price on the regulated market of Euronext in Paris (“Euronext Paris”)1. The final terms and conditions of the Bonds are expected to be determined following the completion of the bookbuilding process later today, and settlement and delivery of the Bonds is expected to take place on 30 May 2025 (the “Issue Date”).

    Unless previously converted, exchanged, redeemed or purchased and cancelled, the Bonds will be redeemed at par on 30 May 2032 (or on the following business day if such date is not a business day) (the “Maturity Date”).

    The Bonds may be redeemed prior to the Maturity Date at the option of the Company, under certain conditions.

    In particular, the Bonds may be fully redeemed early at par plus any accrued interest at the Company’s option, subject to a prior notice of at least 30 (but not more than 60) calendar days, (i) at any time from 20 June 2030 (inclusive), if the arithmetic average, calculated over a period of 10 consecutive trading days chosen by the Company from among the 20 consecutive trading days preceding the day of the publication of the early redemption notice, of the daily products on each of such 10 consecutive trading days of the volume weighted average price of the Shares on Euronext Paris over the applicable conversion price on each such trading day, exceeds 130%; or (ii) at any time if 80% or more in principal amount of the Bonds issued (which shall, for the avoidance of doubt, include any tap issues of the Bonds) have been converted/exchanged and/or redeemed and/or purchased by the Company and cancelled.

    Bondholders will be granted the right to convert or exchange the Bonds into new and/or existing Shares (the “Conversion/Exchange Right”) which they may exercise at any time from the 41st day (inclusive) following the Issue Date up to the 7th business day (inclusive) preceding the Maturity Date or, as the case may be, the relevant early redemption date.

    The conversion ratio of the Bonds will be set at the Principal Amount divided by the prevailing initial conversion price, subject to standard adjustments, including anti-dilution and dividend protections, as described in the terms and conditions of the Bonds. Upon exercise of their Conversion/Exchange Right, holders of the Bonds will receive at the option of the Company new and/or existing Shares, carrying in all cases all rights attached to existing Shares as from the date of delivery.

    Application will be made for the admission of the Bonds to trading on Euronext AccessTM in Paris to occur within 30 calendar days from the Issue Date.

    Legal framework of the Offering and placement

    The Bonds will be issued by way of a placement to qualified investors only (within the meaning of Regulation (EU) 2017/1129 (as amended, the “Prospectus Regulation”)) (excluding the United States of America, Australia, Japan, Canada or South Africa), pursuant to the authorization granted by the Company’s annual general meeting held on 15 May 2025 (15th and 16th resolution), without an offer to the public (other than to qualified investors) in any country.

    Existing shareholders of the Company shall have no preferential subscription rights, and there will be no priority subscription period in connection with the issuance of the Bonds or any underlying new Shares to be issued upon conversion.

    Intentions of existing shareholders

    The Company is not aware of the intention of any of its main shareholders to participate in the Offering.

    Lock-up undertaking

    In the context of the Offering, the Company will agree to a lock-up undertaking with respect to its Shares and securities giving access to share capital of the Company for a period starting from the announcement of the final terms of the Bonds and ending 90 calendar days after the Issue Date, subject to certain customary exceptions or waiver from the joint global coordinators appointed in the context of the Offering.

    Dilution

    For illustrative purposes, considering a nominal amount of €425 million, a reference share price of €145.02 and a 32.5% conversion premium corresponding to the mid-point of the marketing range, the potential dilution would represent approximately 2.1% of the Company’s outstanding share capital, if the Conversion/Exchange Right was exercised for all the Bonds and the Company decided to deliver new Shares only upon exercise of the Conversion/Exchange Right.

    Available information
            
    Neither the offering of the Bonds, nor the admission of the Bonds to trading on Euronext AccessTM is subject to a prospectus approved by the Stichting Autoriteit Financiële Markten (AFM) in Netherlands or the Autorité des marchés financiers (AMF) in France. No key information document required by the PRIIPs Regulation or the UK PRIIPs Regulation (as defined below) has been or will be prepared. Detailed information about Company, including its business, results, prospects and the risk factors to which the Company is exposed are described in the Company’s universal registration document for the financial year ended 31 December 2024, filed with the AFM on 28 March 2025 and the Company’s first quarter 2025 results press release which includes the unaudited financial statements of the Company as at and for the three months ended 31 March 2025, which are all available on the Company’s website (https://www.euronext.com/en/investor-relations).

    Important information

    This press release does not constitute or form part of any offer or solicitation to purchase or subscribe for or to sell securities to any U.S. person or to any person in the United States, Australia, Japan, Canada or South Africa or in any jurisdiction to whom or in which such offer is unlawful, and the Offering of the Bonds is not an offer to the public in any jurisdiction (other than to qualified investors within the meaning of Article 2(e) of the Prospectus Regulation) or an offer to retail investors as such term is defined below.

    CONTACTS  

    ANALYSTS & INVESTORS ir@euronext.com

    Investor Relations        Aurélie Cohen                 

            Judith Stein        +33 6 15 23 91 97          

    MEDIA – mediateam@euronext.com 

    Europe        Aurélie Cohen         +33 1 70 48 24 45   

            Andrea Monzani         +39 02 72 42 62 13 

    Belgium        Marianne Aalders         +32 26 20 15 01                 

    France, Corporate        Flavio Bornancin-Tomasella        +33 1 70 48 24 45                 

    Ireland        Catalina Augspach        +33 6 82 09 99 70                

    Italy         Ester Russom         +39 02 72 42 67 56                 

    The Netherlands        Marianne Aalders         +31 20 721 41 33                 

    Norway         Cathrine Lorvik Segerlund        +47 41 69 59 10                 

    Portugal         Sandra Machado        +351 91 777 68 97                                 

    About Euronext  

    Euronext is the leading European capital market infrastructure, covering the entire capital markets value chain, from listing, trading, clearing, settlement and custody, to solutions for issuers and investors. Euronext runs MTS, one of Europe’s leading electronic fixed income trading markets, and Nord Pool, the European power market. Euronext also provides clearing and settlement services through Euronext Clearing and its Euronext Securities CSDs in Denmark, Italy, Norway and Portugal.

    As of March 2025, Euronext’s regulated exchanges in Belgium, France, Ireland, Italy, the Netherlands, Norway and Portugal host nearly 1,800 listed issuers with €6.3 trillion in market capitalisation, a strong blue-chip franchise and the largest global centre for debt and fund listings. With a diverse domestic and international client base, Euronext handles 25% of European lit equity trading. Its products include equities, FX, ETFs, bonds, derivatives, commodities and indices.

    For the latest news, go to euronext.com or follow us on X and LinkedIn.

    Disclaimer

    This press release is for information purposes only: it is not a recommendation to engage in investment activities and is provided “as is”, without representation or warranty of any kind. While all reasonable care has been taken to ensure the accuracy of the content, Euronext does not guarantee its accuracy or completeness. Euronext will not be held liable for any loss or damages of any nature ensuing from using, trusting or acting on information provided. No information set out or referred to in this publication may be regarded as creating any right or obligation. The creation of rights and obligations in respect of financial products that are traded on the exchanges operated by Euronext’s subsidiaries shall depend solely on the applicable rules of the market operator. All proprietary rights and interest in or connected with this publication shall vest in Euronext. This press release speaks only as of this date. Euronext refers to Euronext N.V. and its affiliates. Information regarding trademarks and intellectual property rights of Euronext is available at www.euronext.com/terms-use.

    © 2025, Euronext N.V. – All rights reserved. 

    The Euronext Group processes your personal data in order to provide you with information about Euronext (the “Purpose”). With regard to the processing of this personal data, Euronext will comply with its obligations under Regulation (EU) 2016/679 of the European Parliament and Council of 27 April 2016 (General Data Protection Regulation, “GDPR”), and any applicable national laws, rules and regulations implementing the GDPR, as provided in its privacy statement available at: www.euronext.com/privacy-policy. In accordance with the applicable legislation you have rights with regard to the processing of your personal data: for more information on your rights, please refer to: www.euronext.com/data_subjects_rights_request_information. To make a request regarding the processing of your data or to unsubscribe from this press release service, please use our data subject request form at connect2.euronext.com/form/data-subjects-rights-request or email our Data Protection Officer at dpo@euronext.com.

    Disclaimer

    The contents of this announcement have been prepared by and are the sole responsibility of the Company.

    The information contained in this announcement is for information purposes only and does not purport to be full or complete. No reliance may be placed by any person for any purpose on the information contained in this announcement or its accuracy, fairness or completeness.

    This announcement is not for publication or distribution, directly or indirectly, in or into the United States. The distribution of this announcement may be restricted by law in certain jurisdictions and persons into whose possession any document or other information referred to herein comes should inform themselves about and observe any such restriction. Any failure to comply with these restrictions may constitute a violation of the securities laws of any such jurisdiction.

    This announcement is an advertisement and not a prospectus within the meaning of Prospectus Regulation.

    This announcement does not contain or constitute an offer of, or the solicitation of an offer to buy, Bonds to any U.S. person or to any person in the United States, Australia, Canada, South Africa or Japan or in any jurisdiction to whom or in which such offer or solicitation is unlawful. The Bonds and the Shares, if any, to be issued upon exercise of the Conversion/Exercise Right (together, the “Securities”) referred to herein may not be offered or sold in the United States, or to, or for the account or benefit of, U.S. persons unless registered under the US Securities Act of 1933 (the “Securities Act”) or offered in a transaction exempt from, or not subject to, the registration requirements of the Securities Act.

    In addition, until 40 days after the commencement of the Offering, an offer or sale of Bonds within the United States by a dealer (whether or not it is participating in the Offering) may violate the registration requirements of the Securities Act.

    The offer and sale of Securities referred to herein has not been and will not be registered under the Securities Act or under the applicable securities laws of Australia, Canada, South Africa or Japan. Subject to certain exceptions, the Bonds referred to herein may not be offered or sold in Australia, Canada, South Africa or Japan or to, or for the account or benefit of, any national, resident or citizen of Australia, Canada, South Africa or Japan. There will be no public offer of the Securities in the United States, Australia, Canada, South Africa or Japan or elsewhere.

    In member states of the European Economic Area (the “EEA”), this announcement and any offer is directed exclusively at persons who are “qualified investors” within the meaning of Article 2(e) of the Prospectus Regulation (“Qualified Investors”). In the United Kingdom this announcement and any offer is directed exclusively at persons who are “qualified investors” within the meaning of Article 2(e) of the Prospectus Regulation as it forms part of UK domestic law by virtue of the European Union (Withdrawal) Act 2018 (“EUWA”) (i) who have professional experience in matters relating to investments falling within Article 19(5) of the Financial Services and Markets Act 2000 (Financial Promotion) Order 2005, as amended (the “Order”), (ii) who fall within Article 49(2)(A) to (D) of the Order, or (iii) to whom it may otherwise lawfully be communicated (all such persons together with Qualified Investors in the EEA being referred to herein as “Relevant Persons”). This document is directed only at Relevant Persons and must not be acted on or relied on by persons who are not Relevant Persons. Any investment or investment activity to which this document relates is available only to Relevant Persons and will be engaged in only with Relevant Persons.

    This announcement may include statements that are, or may be deemed to be, “forward-looking statements”. These forward-looking statements may be identified by the use of forward-looking terminology, including the terms “believes”, “estimates”, “plans”, “projects”, “anticipates”, “expects”, “intends”, “may”, “will” or “should” or, in each case, their negative or other variations or comparable terminology, or by discussions of strategy, plans, objectives, goals, future events or intentions. Forward-looking statements may and often do differ materially from actual results. Any forward-looking statements reflect the Company’s current view with respect to future events and are subject to risks relating to future events and other risks, uncertainties and assumptions relating to the Company’s and its group’s business, results of operations, financial position, liquidity, prospects, growth or strategies. Forward-looking statements speak only as of the date they are made.

    Each of the Company, the joint bookrunners appointed in the context of the Offering and their respective affiliates expressly disclaims any obligation or undertaking to update, review or revise any forward-looking statement contained in this announcement, whether as a result of new information, future developments or otherwise.

    Each of the joint bookrunners appointed in the context of the Offering is acting exclusively for the Company and no-one else in connection with the Offering. They will not regard any other person as their respective client in relation to the Offering and will not be responsible to anyone other than the Company for providing the protections afforded to their respective clients, nor for providing advice in relation to the Offering, the contents of this announcement or any transaction, arrangement or other matter referred to herein.

    In connection with the Offering, the joint bookrunners appointed in the context of the Offering and any of their affiliates may take up a portion of the Bonds in the Offering as a principal position and in that capacity may retain, purchase, sell, offer to sell for their own accounts such Bonds and other securities of the Company or related investments in connection with the Offering or otherwise. Accordingly, references to the Bonds being issued, offered, subscribed, acquired, placed or otherwise dealt in should be read as including any issue or offer to, or subscription, acquisition, placing or dealing by, the joint bookrunners appointed in the context of the Offering and any of their affiliates acting in such capacity. In addition, the joint bookrunners appointed in the context of the Offering and any of their affiliates may enter into financing arrangements (including swaps, warrants or contracts for differences) with investors in connection with which the joint bookrunners appointed in the context of the Offering and any of their affiliates may from time to time acquire, hold or dispose of Bonds and/or Shares. The joint bookrunners appointed in the context of the Offering do not intend to disclose the extent of any such investment or transactions otherwise than in accordance with any legal or regulatory obligations to do so.

    None of the joint bookrunners appointed in the context of the Offering or any of their respective directors, officers, employees, advisers or agents accepts any responsibility or liability whatsoever for or makes any representation or warranty, express or implied, as to the truth, accuracy or completeness of the information in this announcement (or whether any information has been omitted from the announcement) or any other information relating to the Company, its subsidiaries or associated companies, whether written, oral or in a visual or electronic form, and howsoever transmitted or made available, or for any loss howsoever arising from any use of this announcement or its contents or otherwise arising in connection therewith.

    Information to Distributors: Solely for the purposes of the product governance requirements of Directive 2014/65/EU on markets in financial instruments, as amended and supplemented (“MiFID II”) and local implementing measures (together, the “Product Governance Requirements”), and disclaiming all and any liability, whether arising in tort, contract or otherwise, which any “manufacturer” (for the purposes of the Product Governance Requirements) may otherwise have with respect thereto, the Bonds have been subject to a product approval process, which has determined that: (i) the target market for the Bonds is eligible counterparties and professional clients only, each as defined in MiFID II; and (ii) all channels for distribution of the Bonds to eligible counterparties and professional clients are appropriate. Any person subsequently offering, selling or recommending the Bonds (a “distributor”) should take into consideration the manufacturers’ target market assessment; however, a distributor (for the purposes of the Product Governance Requirements) is responsible for undertaking its own target market assessment in respect of the Bonds (by either adopting or refining the manufacturers’ target market assessment) and determining appropriate distribution channels.

    The target market assessment is without prejudice to the requirements of any contractual or legal selling restrictions in relation to any offering of the Bonds.

    For the avoidance of doubt, the target market assessment does not constitute: (a) an assessment of suitability or appropriateness for the purposes of MiFID II; or (b) a recommendation to any investor or group of investors to invest in, or purchase, or take any other action whatsoever with respect to the Bonds.

    PRIIPs Regulation / Prospectus Regulation / Prohibition of sales to EEA and UK retail investors – The Bonds are not intended to be offered, sold or otherwise made available to and should not be offered, sold or otherwise made available to any retail investor in the EEA or the UK. For these purposes, a “retail investor” means (a) in the EEA, a person who is one (or more) of: (i) a retail client as defined in point (11) of Article 4(1) of MiFID II; or (ii) a customer within the meaning of Directive (EU) 2016/97 as amended or superseded (the “Insurance Distribution Directive”), where that customer would not qualify as a professional client as defined in point (10) of Article 4(1) of MiFID II; or (iii) not a Qualified Investor as defined in Article 2(e) of the Prospectus Regulation and (b) in the UK, a person who is one (or more) of (i) a retail client within the meaning of Regulation (EU) No. 2017/565 as it forms part of UK domestic law by virtue of the EUWA or (ii) a customer within the meaning of the provisions of the Financial Services and Markets Act 2000 of the UK (the “FSMA”) and any rules or regulations made under the FSMA to implement Directive (EU) 2016/97, where that customer would not qualify as a professional client, as defined in point (8) of Article 2(1) of Regulation (EU) No. 600/2014 as it forms part of UK domestic law by virtue of the EUWA or (iii) not a Qualified Investor as defined in Article 2(e) of the Prospectus Regulation as it forms part of UK domestic law by virtue of the EUWA. Consequently, no key information document required by Regulation (EU) No 1286/2014 (as amended, the “EU PRIIPs Regulation”) or the EU PRIIPS Regulation as it forms part of UK domestic law by virtue of the EUWA (the “UK PRIIPS Regulation”) for offering or selling the Bonds or otherwise making them available to retail investors in the EEA or UK has been prepared and therefore offering or selling the Bonds or otherwise making them available to any retail investor in the EEA or the UK may be unlawful under the EU PRIIPs Regulation and/or the UK PRIIPs Regulation.

    1 The reference share price will be equal to the volume-weighted average price (VWAP) of the Shares recorded on Euronext Paris from the launch of the Offering today until the determination of the final terms (pricing) of the Bonds on the same day.
    2 i.e. Euronext’s share price on Euronext Paris, at close of trading on 21 May 2025

    Attachment

    The MIL Network

  • MIL-OSI: Temenos survey reveals banks doubling down on technology modernization to drive customer experience

    Source: GlobeNewswire (MIL-OSI)

    MADRID, Spain, May 22, 2025 (GLOBE NEWSWIRE) — At the Temenos Community Forum ’25 in Madrid, Temenos, a global leader in banking technology, shared insights from a global study by Hanover Research of 424 business and technology leaders in financial services that underscores a bold shift in banking priorities.

    The research shows financial institutions are accelerating investments in technology, and placing customer experience, innovation, and operational efficiency at the top of their strategic agendas. Investing in technology to improve customer experience emerged as the top strategic priority for 46% of banks worldwide, followed closely by the launch of new products and services (35%), and the pursuit of greater operational efficiency (34%).

    In the face of rapid geopolitical changes, banks need to modernize to be able to predict, understand and adapt rapidly to market changes; capabilities their legacy systems are not equipped to deliver. To meet these demands, (77%) of financial institutions are investing in data analytics and AI-driven insights and 68% in cloud-based core banking systems, all while maintaining a strong focus on protecting both themselves and their customers as a priority.

    Amid the turbulence of inflation, tariffs and trade tensions, most banks anticipate they will increase investment in technology to better protect customers (84%) and technology to enhance operational efficiency (81%). In addition, three quarters of banks plan to increase their investments to improve systems integration (75%) and data analytics (73%).

    Most professionals (81%) agree that if banks do not implement artificial intelligence they will fall behind competitors. While only 11% of banks have fully implemented generative AI today, 43% are in the process, indicating more than half are moving forward with real deployment. Notably, 60% of banking professionals view AI as a tool to augment, not replace the human workforce.

    In her plenary keynote at TCF, Isabelle Guis, Chief Marketing Officer, Temenos, said: “The message is clear: while banks continue to invest in modernization, they’re doing so with a close eye on evolving market dynamics. Financial institutions understand that staying competitive means being ready to adapt and there’s a growing recognition that failing to embrace AI soon could leave them behind.”

    The study results pertaining to AI and Gen AI were discussed on a recent webinar with Jerry Silva, Program Vice President, IDC, Maya Mikhailov, Founder and Chief Executive Officer, Savvi AI and Isabelle Guis, Chief Marketing Officer at Temenos (link).

    About the research

    Conducted by Hanover Research in April 2025, the survey captured insights from 424 senior banking executives across retail, commercial, credit union, and wealth management sectors. All respondents held director-level or higher roles in IT or business functions overseeing products, services, or strategy. The survey had a global reach, with participants from North America (47%), Europe (24%), the Middle East & Africa (17%), Latin America (6%), and Australia/New Zealand (6%).

    The MIL Network

  • MIL-OSI: Temenos sets new benchmark for scalability of AI-powered banking with Microsoft

    Source: GlobeNewswire (MIL-OSI)

    MADRID, Spain, May 22, 2025 (GLOBE NEWSWIRE) — – Temenos (SIX: TEMN), a global leader in banking technology, today announced the results of a highwater benchmark for its cloud-native core banking solutions running on Microsoft Azure. The results will be presented at the Temenos Community Forum 2025.

    The record-setting benchmark showcased the speed and efficiency of Temenos’ latest technology in handling high volumes of digital transactions and AI services, delivering maximum scalability with a minimal cloud footprint.

    The benchmark simulated a bank with 25 million customers and 50 million accounts processing 16,600 transactions per second while taking additional AI workloads. It tested the full end-to-end capabilities of Temenos’ banking solutions, including core and digital banking, payments, data hub and AI services on Microsoft Azure.

    Thanks to advances in Temenos’ leaner, more sustainable architecture and Microsoft Azure Cobalt 100 ARM processors, the test showed over 40% improvement in efficiency compared to the 2024 benchmark exercise.

    These results highlight the power of Temenos’ banking solutions to process large volumes of transactions and data quickly and securely, using less hardware. This helps banks of all sizes scale on demand, and maintain peak performance and availability, while meeting the growing demand for AI and Gen AI-powered services. The benchmark also tested banking APIs through Microsoft Open AI Service interfaces to ensure it meets banking customers’ AI and Gen AI demand in the future.

    According to a recent Hanover Research survey for Temenos, 75% of banks are exploring Generative AI deployment, while 82% are investing in technology to improve operating efficiency. Among banks already deploying Gen AI or exploring opportunities, 43% plan to increase their investment in the technology this year compared to last year.

    Bola Rotibi, Chief of Enterprise Research, CCS Insight, said: “As banks adopt new technologies such as Generative AI, the need for flexible and scalable core systems becomes critical. Benchmarking exercises like this on Microsoft Azure demonstrate the potential for Temenos’ solutions to support high transaction volumes while managing infrastructure efficiency. For banks, such capabilities can contribute to operational agility and sustainability goals. As with all benchmarks, real-world outcomes will depend on deployment specifics and broader integration contexts.”

    Barb Morgan, Chief Product and Technology Officer, Temenos, commented: “As banks evolve to meet customer needs and embrace AI, they need modular banking solutions that are fast, efficient and future-ready. We consistently invest in cloud and SaaS technology and this benchmark shows that Temenos delivers banking capabilities with the speed and scalability needed for the next generation of banking.”

    Christian Sarafidis. General Manager, EMEA Financial Services, Microsoft, added: “We are thrilled to see the strategic collaboration between Microsoft and Temenos once again raise the bar for core banking in the cloud. Together we can help banks run smarter, scale efficiently, and unlock the full potential of AI to transform customer experiences and drive meaningful innovation.”

    The MIL Network

  • MIL-OSI: Tyton Partners and Ufi Ventures Release Q1 2025 VocTech Market Report: Policy Uncertainty, European Resurgence and the Continued Rise of AI Investment

    Source: GlobeNewswire (MIL-OSI)

    LONDON, May 22, 2025 (GLOBE NEWSWIRE) — Tyton Partners, the leading strategy consulting and investment banking firm focused on the education sector, and Ufi Ventures, the UK’s specialist investor in vocational technology (VocTech), today released their Q1 2025 VocTech Market Report. The quarterly publication analyses economic, political and investment developments that are shaping the vocational learning and workforce development landscape across the UK, Europe and North America.

    The report arrives at a time of profound global uncertainty. Early 2025 has brought renewed inflationary pressure, shifting policy landscapes, and intensifying debate around the implications of artificial intelligence, both as a disruptor and an enabler of economic growth. Meanwhile, labour market fragility, skills shortages and social pressures continue to shape employer and policymaker priorities.

    Against this backdrop, Tyton and Ufi’s latest report identifies five major developments shaping the VocTech investment and innovation environment:

    Key Takeaways

    1. Inevitably, we need to talk about US trade tariffs. The disruption they may represent and the uncertainty of their introduction will weigh heavily on policy and investment decisions in the VocTech sector in the UK and Europe. Caution and delay are the most likely effects.
    2. By contrast, Germany’s loosening of governmental spending is likely to improve the outlook for the economic and investment environment and make Europe and the UK look like a reliable and interesting place to deploy capital, particularly relative to the US.
    3. Big AI-related venture rounds in education and the Future of Work continue to be made, predominantly in the US but also – patchily – in Europe.
    4. The UK Curriculum Review is progressing, but the interim report gave little away.
    5. Some organisations are forcing a full-time return to the office to increase productivity. This may, in fact, make them less attractive employers.

    Macroeconomic indicators across the UK, US and Eurozone reflect rising inflation and slowing growth. The UK’s core inflation reached 3.7% in January, while GDP forecasts were halved in the Spring Statement. Unemployment edged upwards to 4.4% and youth disengagement from education and employment reached nearly one million. Meanwhile, Germany’s €500B stimulus package and reform of its “debt brake” has positioned it—and, by association, Europe—as an increasingly attractive investment environment.

    Amid political turbulence, the report also notes significant shifts in defence and green economy priorities, the accelerating role of AI across sectors, and evolving models of work and training. Notably, while HR tech investments declined in the UK, both Europe and the US saw a strong rebound in Q1, with major funding rounds in AI-powered learning, recruitment and workforce management solutions.

    Helen Gironi, Director at Ufi Ventures, commented:
    “With macroeconomic headwinds and geopolitical uncertainty reshaping priorities, it is essential that VocTech investment adapts accordingly. This quarter’s report offers insight into the risks and opportunities that lie ahead for building a more inclusive and productive future of work.”

    Nick Kind, Managing Director at Tyton Partners, added:
    “AI continues to attract capital at scale, especially in the US—but caution is warranted as political and trade dynamics grow more complex. Our goal is to equip investors, educators and policymakers with the insight needed to navigate this complexity and drive meaningful workforce innovation.”

    To access the full Q1 2025 VocTech Market Report, visit: https://tytonpartners.com/key-learnings-from-voctech-market-activity-q1-2025/

    About Tyton Partners

    Tyton Partners is the leading provider of strategy consulting and investment banking services to the global knowledge and information services sector. With offices in Boston and New York City, the firm has an experienced team of bankers and consultants who deliver a unique spectrum of services from mergers and acquisitions and capital markets access to strategy development that helps companies, organizations, and investors navigate the complexities of the education, media, and information markets. Tyton Partners leverages a deep foundation of transactional and advisory experience and an unparalleled level of global relationships to make its clients’ aspirations a reality and to catalyze innovation in the sector. Learn more at tytonpartners.com.

    About Ufi Ventures

    Ufi Ventures is the investment arm of Ufi VocTech Trust. Ufi supports the adoption and deployment of technology to improve skills for work and deliver better outcomes for all. By leveraging its depth of experience Ufi Ventures supports its growing portfolio through access to capital, and its wide expert pool and network. Learn more at www.ufi.co.uk/ventures.

    Media Contact
    Zoe Wright-Neil
    Director of Marketing and Business Development
    zwrightneil@tytonpartners.com
    Tyton Partners

    The MIL Network

  • MIL-OSI New Zealand: Seventy-four new constables heading to districts in a week

    Source: New Zealand Police

    Commissioner Richard Chambers, members of the police executive and wing patron former police assistant commissioner, Allan Boreham congratulated 74 graduating constables from Wing 384 today. 

    Also attending the graduation and presenting a prize in absence of the Minister of Police was her worship Anita Baker, the Mayor of Porirua.

    Families and friends celebrated the newly attested police officers at Te Rauparaha Arena, Porirua this afternoon to acknowledge the successful completion of their initial training course. 

    There are some likeminded individuals in the wing with 11 of the graduates having family members currently working in police.

    Four graduating officers made the change from non-constabulary roles to police officers.

    The wing is very diverse with eighteen recruits speaking more than one language and 19 recruits who were born overseas. The top prize winner was born and raised in France.

    Top of wing, Constable Diane Aspalvo is a French-trained and certified clinical psychologist. She has worked as a psychologist in Paris and in Tairawhiti New Zealand before deciding to join the New Zealand Police.

    She previously volunteered for the French Army as a reserve after a call-up for national security due to the terrorist attacks in France in 2015. She is a keen swimmer, skier and is also into CrossFit.

    “I decided to join the New Zealand Police at 41 years old, so I am a living proof that it is never too late to achieve your dreams.”

    Diane will be deployed to Eastern District.

    Second Top Award winner Constable Hunta Sutherland, Ngāti Kuia is also a sporting talent, representing her district, Tasman, in football up to high school level.

    Not only is she a ‘Golden Boot’ winner for the most goals scored  in a regional competition (39), she’s into running track, cross country, and road races with many podium finishes. Hunta has worked as a teacher’s aide with troubled and autistic youth which she found inspiring.

    “While training at college I found strength I never knew I had, and a purpose I’ll never forget.”

    Hunta will be based in Tasman District.

    Leadership Award winner Constable Charise Perez is also a keen sports person excelling in netball. She was born in Wellington and raised by her Fijian dad and Samoan mother. Charise has experience in hospitality, service and politics. 

    She began her employment at the Electoral Commission as an administrator. She was a community liaison and worked on the 2020 elections and has also managed administration for an emergency housing organization called Tuatahi Centre. 

    As the leadership award winner, Charise gave a speech to the wing.

    “I stand here today as a product of the relationships and bonds between the members of wing 384. Together we began our journey as strangers, but today we stand as brothers and sisters.

    As we take the next step in our police journey, I believe that each and every one of wing 384 are more than capable of fulfilling the oath that we have just taken.”

    Charise, a former Authorised Officer for Police, will be based back in Wellington District to start policing.

    The wing is dispersed as follows:

    Deployment:

    Northland 3, Tāmaki Makaurau a total of 23 and broken down as follows: Waitematā – 9, Counties Manukau – 14, Waikato – 4, Bay of Plenty – 8, Eastern – 3, Central – 8, Wellington – 9, Tasman – 6, Canterbury – 3, Southern – 7.
    The new constables will start their first week of duty in their Police districts from Monday 2 June 2025 and will continue their training on the job as probationary constables.

    Awards:

    Minister’s Award recognising top student: Constable Diane Aspavlo, posted to Eastern District. 
    Commissioner’s Award for Leadership: Constable Charise Perez, posted to Wellington District.
    Patron’s Award for second in wing recognising second top student: Constable Hunta Sutherland, posted to Tasman District.
    Driver Training and Road Policing Practice Award: Constable Ethan Baldwin posted to Waitematā District.

    Demographics:

    25.7 percent are female, 74.3 percent are male. New Zealand European make up 56.8 percent of the wing, with Māori 12.2 percent, Pasifika 17.6 percent, Asian 10.8 percent, LAAM 2.7 percent. 

    383 Wing Patron: Allan Boreham:

    Allan Boreham is a retired Assistant Commissioner of Police and former head of Youth Justice for Oranga Tamariki, Ministry for Children. Allan holds the New Zealand Police in very high esteem and is honoured to be the patron for Wing 384.

    He says he is looking forward to supporting the wing members to succeed and gain all the satisfaction a Police career offers. Allan joined Police in 1985 (in Wing 97) and served for more than 33 years. He was also a Deputy Chief Executive in the public service for five years in charge of Youth Justice.

    His Police career was varied and involved completing a wide range of roles in public safety, investigations, and road policing. These included postings in Auckland, Tokoroa, Hamilton and Wellington.

    He received an award for his leadership in solving the 1997 kidnapping and murder of an Auckland businessman, Graham Kirkwood.

    Allan holds a Bachelor Arts, majoring in Sociology, from Massey University. He is currently learning to speak Spanish and is also a keen motorcyclist and skier.

    His father Bruce, now in his eighties, also served in the Police for 32 years.

    ENDS

    Watch out for our Ten One story coming soon with more images and stories.

    If you’re interested in joining police check out newcops.govt.nz

    Issued by Police Media Centre

    MIL OSI New Zealand News

  • MIL-OSI Russia: Cargo flight connects Urumqi and Tallinn

    Translation. Region: Russian Federal

    Source: People’s Republic of China in Russian – People’s Republic of China in Russian –

    Source: People’s Republic of China – State Council News

    BEIJING, May 22 (Xinhua) — A cargo flight linking the cities of Urumqi and Tallinn opened on Wednesday, the Tianshan news portal reported.

    The plane carrying 51 tons of parcels departed that day from Tianshan Airport in Urumqi, the capital of the Xinjiang Uyghur Autonomous Region, and after a stop in Uzbekistan will arrive in the capital of Estonia in about 11 hours.

    According to the plan, the Urumqi-Tallinn flight will be operated once a week.

    The plane will deliver mainly clothing and other consumer goods sold through cross-border e-commerce to Estonia.

    The launch of the new air route has filled a gap in air cargo transportation between Xinjiang and the Baltics, which will stimulate the export of textiles, clothing, electronics and other competitive goods made in China.

    Currently, cargo flights connect Urumqi with 20 foreign cities, including 12 European ones. -0-

    MIL OSI Russia News

  • MIL-OSI United Kingdom: UK and South Korea sign first of its kind agreement to support global infrastructure development and Ukraine’s reconstruction

    Source: United Kingdom – Executive Government & Departments

    World news story

    UK and South Korea sign first of its kind agreement to support global infrastructure development and Ukraine’s reconstruction

    The UK has signed a MoU with South Korea to jointly support Ukraine’s reconstruction and global infrastructure, boosting trade and sustainable development.

    The United Kingdom of Great Britain and Northern Ireland (UK) has signed a Memorandum of Understanding (MoU) with the Republic of Korea (ROK).

    The MoU enhances cooperation between the UK Department for Business and Trade (DBT) and the Korean Overseas Infrastructure & Urban Development Corporation (KIND) to work on Ukrainian reconstruction projects, as well as global infrastructure development in other markets.

    This first of its kind agreement signals an exciting opportunity for British and South Korean businesses to make a difference in Ukraine, as well as demonstrate their expertise to the global market, boosting both countries’ economies while being a force for good.

    This agreement was signed in the Old Admiralty Building in London on Thursday 22nd May 2025, between the UK Business and Trade Minister, Gareth Thomas MP, and the KIND CEO, Mr. Bok Hwan Kim. It is KIND’s inaugural MoU with DBT and the UK Government.

    The MoU will promote new UK-South Korean business partnerships across third markets in the fields of sustainable transport, healthcare infrastructure, smart cities and urban development, clean energy, water and waste management, and sustainable infrastructure and related technologies. In Ukraine, this agreement will kickstart urgent repairs to critical national infrastructure, including housing, hospitals and power generators.

    The partnership will advance the UK’s strong diplomatic and trade ties with the Republic of Korea as set out in the 2023 Downing Street Accord. It is also underpinned by £16.3 billion in bilateral trade and supported through the existing UK-ROK Free Trade Agreement, which the Government has committed to upgrading.

    The agreement also builds on the UK’s landmark 100-Year Partnership with Ukraine, whereby reconstruction programmes form a key part of the £5bn the UK Government has provided to Ukraine in non-military support.

    Business and Trade Minister Gareth Thomas said:

    This agreement is the first of its kind and strengthens our relationship with the Republic of Korea. 

    As part of our Plan for Change it will secure vital opportunities for UK businesses to work with KIND and South Korean companies in overseas infrastructure and deepen our commitment to supporting Ukrainian reconstruction efforts.

    KIND CEO, Bok Hwan KIM, said:

    This Memorandum of Understanding with the UK government marks a historic moment that elevates infrastructure cooperation between Korea and the United Kingdom to a new level. KIND is delighted to contribute to Ukraine’s reconstruction and sustainable infrastructure development worldwide through this partnership. By combining our countries’ expertise and technological capabilities, we can make a tangible impact across various sectors, from critical infrastructure repairs to clean energy and smart cities. This collaboration goes beyond business opportunities—it represents our joint response to global challenges, and we are honoured to embark on this important journey alongside British companies.

    Background

    • KIND was established in June 2018 by the Government of the Republic of Korea to support Korean companies for project planning, feasibility studies, project information and project bankability.

    • The UK works with partner countries to jointly deliver high-quality infrastructure projects in third markets through the Third Country Cooperation (TCC) model.

    • The TCC partnership builds on the complementary strengths of both countries: South Korea brings globally recognised contracting expertise and cost-effective project delivery; the UK offers advisory services, engineering, project finance (including through UK Export Finance), and high-tech solutions.

    • Ukraine is a priority TCC market for both sides, although the agreement will also allow cooperation with other third countries.

    • Early reconstruction is vital to Ukraine’s resilience and ultimate victory, and the UK government is committed to mobilising British businesses to support this effort – helping to rebuild critical infrastructure, drive investment, and ensure Ukraine emerges stronger in the face of Russian aggression.

    • According to the World Bank’s Fourth Rapid Damage and Needs Assessment (RDNA4), as of 31 December 2024, the total cost of reconstruction and recovery in Ukraine is $524 billion (€506 billion) over the next decade, which is approximately 2.8 times the estimated nominal GDP of Ukraine for 2024.

    • The RDNA4 finds that direct damage in Ukraine has now reached $176 billion (€170 billion), up from $152 billion (€138 billion) in the RDNA3 of February 2024, with housing, transport, energy, commerce and industry, and education as the most affected sectors.

    • We have developed strong relationships with Ukrainian ministers, local mayors, and officials to identify immediate reconstruction needs, as prioritised by the Government of Ukraine. By promoting the expertise and capabilities of UK businesses, we can ensure UK companies are well-positioned to maximise their contribution to Ukraine’s recovery and reconstruction.

    Updates to this page

    Published 22 May 2025

    MIL OSI United Kingdom

  • MIL-OSI China: Real Madrid’s Endrick could miss Club World Cup

    Source: People’s Republic of China – State Council News

    Real Madrid forward Endrick has suffered a muscle injury that is likely to rule him out of this summer’s FIFA Club World Cup.

    “Following tests carried out today on our player Endrick by the Real Madrid Medical Services, he has been diagnosed with an injury to the conjoint tendon in his right hamstring,” informs the club.

    Real Madrid’s Endrick (L) vies with Real Valladolid’s Selim Amallah during La Liga football match between Real Madrid and Real Valladolid in Madrid, Spain, Aug. 25, 2024. (Photo by Gustavo Valiente/Xinhua)

    As usual, Real Madrid did not provide a timeline for the 18-year-old’s return. The club, which signed Endrick last summer, stated only that “his recovery will be assessed,” though the severity of the injury makes his participation in the Club World Cup highly unlikely.

    Real Madrid is set to debut in the tournament on June 18 against Saudi Arabian side Al-Hilal, followed by matches against Mexican club Pachuca on June 22 and Austria’s RB Salzburg on June 27 in the group stage.

    The injury brings a premature end to what has been a slightly disappointing debut season for Endrick, who has been behind Kylian Mbappe, Rodrygo and Vinicius Jr in the attacking pecking order.

    Endrick scored just one goal in 22 La Liga appearances–19 of those as a substitute–but found more success in cup competitions, netting five times in the Copa del Rey and once in the Champions League. 

    MIL OSI China News

  • MIL-OSI China: WADA welcomes additional funding from Qatar for scientific research

    Source: People’s Republic of China – State Council News

    The World Anti-Doping Agency (WADA) has welcomed Qatar’s decision to provide additional funding to support the organization’s scientific research efforts.

    The Ministry of Sports and Youth in Qatar will contribute an extra 1.5 million U.S. dollars, in addition to the country’s annual payment of more than 200,000 dollars to WADA, the agency announced on Wednesday.

    “WADA is appreciative of the continued support of our partners within Qatar’s Ministry of Sports and Youth. The additional funding will make a significant impact on anti-doping research globally and within Qatar itself,” said WADA President Witold Banka.

    “This is another indication of the strong support WADA receives from governments around the world, which believe in and trust us to deliver on our clean sport mission and understand the importance of cutting-edge scientific research to being ahead of those who seek to cheat the system.”

    Earlier this month, Japan pledged an additional 196,000 dollars to support anti-doping capacity and capability development in Asia and Oceania. According to WADA, Japan has contributed roughly 2.5 million dollars in additional funding over the past two decades.

    In the past 10 years, WADA has also received additional contributions from countries including Australia, Azerbaijan, Brazil, Canada, China, Denmark, Egypt, France, India, Kuwait, Poland, Saudi Arabia, Switzerland and the United States.

    Banka stated earlier this year that WADA invests heavily in anti-doping research, allocating about 10 percent of its annual budget to scientific and social science initiatives. The agency has also called on its partners to support ongoing research efforts, including recent work focused on unintentional doping.

    WADA has set a budget of more than 50 million dollars for 2025.

    The United States, which failed to pay its 2024 annual fee of 3.62 million dollars–amounting to 14 percent of WADA’s budget–automatically loses its seat on the organization’s executive committee for the year.

    “It is so important for athletes that WADA is properly resourced and that it has certainty around the funds it receives,” said Yuhan Tan, Belgium’s former badminton player and WADA Athlete Council representative on the Foundation Board.

    “I call on all governments to fulfill their commitments and make their annual contributions to WADA in a predictable and timely fashion so the work upholding the World Anti-Doping Code and supporting athletes around the world can continue. Clearly, anti-doping is becoming more and more politicized, which must be avoided as it puts all athletes and the entire system at risk,” he commented when WADA released its budget plan earlier this year. 

    MIL OSI China News

  • MIL-OSI NGOs: UN Ocean Conference draft declaration fails to address the ocean crisis

    Source: Greenpeace Statement –

    Paris, France, 22 May 2025 – Greenpeace International is alarmed by the state of the UN Ocean Conference draft declaration which falls far short of expectations, with less than three weeks to the start in Nice, France. Rather than  establishing the ambition shown by states to protect the oceans,the current text – set to be published as the final text of the upcoming conference – lacks the necessary ambition to address the crisis facing the oceans.  

    The third, and supposedly final, draft declaration fails to include the key measures needed to ensure the ocean recovers from decades of abuse and can withstand the impacts of global climate change. 

    Megan Randles, UNOC Head of Delegation for Greenpeace International, said: “We’re shocked after all the fine words from the organisers of this conference to find a declaration text that lacks the ambition needed to protect the oceans. The UN Ocean Conference was supposed to be the moment when governments turned the tide and showcased genuine progress. Instead, we are handed a weak political declaration with glaring omissions and weak language. 

    “The current text makes clear governments once again aren’t serious about protecting the oceans, and are satisfied to say fine words but not deliver real change at sea. It also fails to recognise the rights and leadership of coastal communities and Indigenous Peoples, who are on the frontlines of ocean stewardship. Unless this Declaration is drastically improved, the UN Ocean Conference will become a meaningless talking shop.”

    The glaring omissions or regressions from earlier draft texts are:

    • Pitifully weak language on deep sea mining, with no reference to a moratorium on this dangerous industry, and the removal of any reference to applying the precautionary principle, which appeared in early drafts. [1] 
    • The lack of any urgency on the Global Ocean Treaty ratification, or reflection that the governmental self-set deadline to reach 60 ratifications by this Conference is set to be missed. [2] 
    • Failure to recognise that the Global Ocean Treaty is fundamental to deliver on the 30 by 30 target agreed under the Convention on Biological Diversity, as the Global Ocean Treaty is the only legal tool that can deliver this universally agreed and binding UN target on the high seas, which make ⅔ of the world’s ocean. [3]
    • The absence of a clear reference to the need to reduce plastic production. While there is a brief mention in the text on the development of an internationally binding instrument on plastic, it makes no mention of the need to reduce production.[4]
    • No mention of key issues such as addressing labour and human rights abuses in distant water fishing fleets or ensuring the protection of vulnerable marine ecosystems from the impact of destructive fishing practices – crucial issues that are fundamental to global marine conservation.
    • The removal of a “human rights-based” approach to protecting the oceans which undermines accountability in ocean governance. Otherwise, there is no guarantee that policies will protect the rights of those most dependent on — and essential to — ocean stewardship. This weakens the foundation for just, inclusive, and effective marine protection, and must be urgently addressed.[5]
    • No concrete commitments to additional financial resources.

    From aboard the Rainbow Warrior in the Tasman Sea, Georgia Whitaker, Senior Oceans Campaigner at Greenpeace Australia Pacific, said: “The Australian government has the opportunity to step up and showcase true global leadership on ocean protection at the UN Oceans Conference. The eyes of the world are now on the re-elected Albanese government that signed the Global Ocean Treaty in 2023, but has been dragging its feet, yet to bring its promise into law. We are calling on the Australian government to ratify the Global Ocean Treaty in the first 100 days of government, and propose ocean sanctuaries in the Lord Howe Rise and South Tasman Sea between Australia and Aotearoa-New Zealand, to help protect precious marine life being decimated by brutal industrial fishing.”

    A new analysis released this week by Greenpeace Australia Pacific has revealed the shocking extent of ocean destruction and shark bycatch in the Pacific Ocean in lieu of protection possible under the treaty. 

    “Australia’s approach to deep sea mining will be watched closely by the rest of the world. The Albanese government must join the 33 other countries, including some of our Pacific neighbours, and back a moratorium on deep sea mining to protect our precious blue backyard,” Whitaker added.

    The UN Ocean Conference follows the world’s first deep sea mining application for the international seabed, recently submitted by The Metals Company to the US government, as opposed to the UN regulator, amid high political controversy. This unilateral action undermines the UN, potentially is in violation of international law, and should be condemned by all States at the UN Ocean Conference.

    As of today, 21 countries have ratified the Global Ocean Treaty, and 33 countries support a moratorium on deep sea mining. 

    The United Nations Oceans Conference will be held in Nice, France from 9 – 13 June.

    — ENDS —

    Media contact:

    Magali Rubino, Greenpeace France:  +33 7 78 41 78 78 / [email protected] (CET)

    Kimberley Bernard, Greenpeace Australia Pacific: +61 407 581 404 / [email protected] (AEST) (WhatsApp best)

    Notes for editors: 

    The draft political declaration is available upon request.

    Greenpeace Australia Pacific spokespeople will be available from Nice, Australia and from the Rainbow Warrior in the Tasman Sea.

    [1]  The Zero Draft of the Political Declaration “emphasized the importance of a precautionary approach” in relation to seabed mining. The reference has been deleted from the final draft.

    [2]  The Treaty will only enter into force 120 days after 60 countries have ratified. The UN Secretary-General is required to convene the first meeting of the COP to the Agreement no later than one year after its entry into force. France had targeted for the Global Ocean Treaty to enter into force by the conference.

    [3] Paragraph 21 of the Zero Draft of the Political Declaration stated “We recognise the important role the Agreement will play in achieving 30×30.” That reference has been removed from the final draft.

    [4] The final version of the Political Declaration deletes critical mentions to the urgency of addressing plastics pollution or its human health impacts, which were present in earlier drafts. Astrid Puentes Riaño, Special Rapporteur on the human right to a clean, healthy and sustainable environment, stated on May 20th that “Human rights must be the core of ocean governance and of every ocean pledge”

    [5]  Paragraph 2 of the second version of the Draft Political Declaration stated that “We must act with urgency to face this challenge with bold, ambitious, human rights-based, just and transformative action.” The reference to human-right based actions has been removed.

    MIL OSI NGO

  • MIL-OSI China: UN recognizes 3 new Chinese sites as globally important agricultural heritage systems

    Source: People’s Republic of China – State Council News

    Aerial photo taken on March 14, 2021 shows a farmer working in a pearl-cultivation area in Deqing County of Huzhou City, east China’s Zhejiang Province. [Photo/Xinhua]

    Three new sites in China were officially recognized by the United Nations Food and Agriculture Organization (FAO) as Globally Important Agricultural Heritage Systems (GIAHS) on Wednesday.

    The newly-designated sites are the Deqing Freshwater Pearl Mussels Composite Fishery System in Zhejiang Province, the Fuding White Tea Culture System in Fujian Province, and the Gaolan Shichuan Ancient Pear Orchard System in Gansu Province. With the latest inclusions, China continues to lead globally in the number of GIAHS sites, now totaling 25

    The 800-year-old Deqing system, which is focused on shelled pearl mussel cultivation, integrates aquaculture, agriculture, and traditional craftsmanship. It produces pearls, rice, silk, and other goods. This circular system offers valuable global insights into sustainable farming, ecological balance, and rural development, the FAO said.

    An aerial drone photo taken on May 7, 2024 shows workers picking tea leaves at a tea garden in Xingcun Town in Wuyishan City, southeast China’s Fujian Province. [Photo/Xinhua]

    Meanwhile, the centuries-old Fuding White Tea Culture System combines ecological knowledge with artisanal practices. It integrates tea gardens with forests and crops, preserving 18 varieties of tea trees. In addition to tea, the system also supports more than 120 other agricultural species, contributing to biodiversity and food system resilience.

    The Gaolan Shichuan Ancient Pear Orchard System, located along the Yellow River in the arid Loess Plateau, has a 600-year history of dryland agroforestry. It showcases techniques adapted to water scarcity and erosion-prone soils, supporting agrobiodiversity, food security, and rural livelihoods. The system produces over 2 million kg of pears annually, which are used to produce local specialities such as dried pears.

    Photo taken on April 13, 2020 shows blooming pear trees in Shichuan Township of Gaolan County, northwest China’s Gansu Province. [Photo/Xinhua]

    “Agricultural heritage systems are living examples of harmony between people and nature that have thrived and evolved through generations and have much to teach us as we adapt to an uncertain future,” said Kaveh Zahedi, director of the Office of Climate Change, Biodiversity and Environment at FAO.

    Other newly-recognized GIAHS sites beyond China include the shade-grown erva mate system in Parana, Brazil; the metepantle ancestral agricultural system in Tlaxcala, Mexico; and the agricultural systems in jable and volcanic sands on Spain’s Lanzarote Island.

    With the latest additions, the FAO’s global agricultural heritage network now comprises 95 systems across 28 countries.

    MIL OSI China News

  • MIL-OSI China: Bellingham to miss start of season after shoulder surgery

    Source: People’s Republic of China – State Council News

    Real Madrid’s England midfielder, Jude Bellingham looks likely to miss the first six weeks of the 2025-26 La Liga season due to an operation to cure a longstanding shoulder injury.

    Jude Bellingham (L) of Real Madrid vies with Clement Lenglet of Atletico de Madrid during the UEFA Champions League Round of 16 second leg football match between Atletico de Madrid and Real Madrid in Madrid, Spain, on March 12, 2025. (Photo by Gustavo Valiente/Xinhua)

    The Athletic and the BBC both reported that the 21-year-old will have the operation after the Club World Cup which will be played in the United States in June and July and where his side is the one of the favorites.

    Bellingham has struggled with his shoulder problem since 2023 when he injured it in a La Liga match with Rayo Vallecano and has had to play with a strapping to prevent further damage.

    The midfielder scored only 14 goals in 52 games this seaon, compared with 23 goals in 43 appearances in his debut campaign with the Spanish giant.

    If Bellingham has the operation in the middle of July, he will miss the pre-season and around six weeks of the next La Liga campaign. 

    MIL OSI China News

  • MIL-OSI China: Q&A: What to know about China’s visa-free policies

    Source: People’s Republic of China – State Council News

    BEIJING, May 21 — China’s visa-exemption policies have boosted inbound travel. Since the start of this year, “China Travel” has kept trending. On Wednesday, the Consular Department of the Ministry of Foreign Affairs of China released a list of frequently asked questions about these policies.

    Q: Who does the visa waiver apply to?

    A: Nationals of 43 countries including Brunei, France, Germany, Italy, Spain, Holland, Malaysia, Switzerland, Ireland, Hungary, Austria, Belgium, Luxembourg, New Zealand, Australia, Poland, Portugal, Greece, Cyprus, Slovenia, Slovakia, Norway, Finland, Denmark, Iceland, Andorra, Monaco, Liechtenstein, the Republic of Korea, Bulgaria, Romania, Croatia, Montenegro, North Macedonia, Malta, Estonia, Latvia, Japan, Brazil, Argentina, Chile, Peru and Uruguay (Brazil, Argentina, Chile, Peru and Uruguay take effect from June 1, 2025) holding valid ordinary passports can be exempted from visa requirement if entering China for the purpose of business, tourism, family or friend visits, exchange and transit. They can stay in China for no more than 30 days without a visa.

    Q: Do foreign nationals eligible for a visa waiver need to make declarations to Chinese embassies and consulates in advance?

    A: Foreign nationals eligible for a visa waiver do not need to declare in advance to Chinese embassies and consulates before entering China without a visa.

    Q: Will the purpose of the intended stay in China be examined by Chinese border inspection authorities when entering China? How will it be done? Are other documents needed for entering China in addition to a passport?

    A: Foreign nationals traveling for purposes of business, tourism, family or friend visits, exchange and transit that meet the visa waiver requirements, can be allowed to enter China without a visa upon examination and approval in accordance with the law by border inspection authorities. Entry into China shall be denied by border inspection authorities in accordance with the law to foreign nationals who travel for purposes that do not meet the visa waiver requirements or who are not allowed to enter China in accordance with laws and regulations. It is recommended to take documents such as invitation letters, air tickets and reservations of accommodation as proof corresponding to the purposes of entry into China. Visa waiver does not apply to those who come to China for work, study, journalistic or similar purposes.

    Q: Is there any additional requirement for minors eligible for a visa waiver?

    A: Visa waiver requirements for minors are the same as for adults.

    Q: Are there any requirements regarding the type and validity of entry documents?

    A: For foreign nationals, an ordinary passport valid for at least the duration of the intended stay in China is needed. Holders of travel documents or temporary or emergency documents other than ordinary passports are not allowed to enter China without a visa.

    Q: How to calculate the duration of stay of 30 days?

    A: The duration of stay without a visa is calculated from the day after entry and lasts continuously for 30 calendar days.

    Q: Does the visa waiver apply to foreign nationals who travel from a third country?

    A: Eligible foreign nationals can depart for China from any country or region.

    Q: Does the visa waiver apply to foreign nationals who travel via modes of transport other than aviation?

    A: The visa waiver applies to all travelers coming to China through any sea, road and airport open to foreign nationals — except where laws, regulations or bilateral arrangements specify otherwise. For arrivals in China by way of private transport, certain procedures for entry and exit of means of transport shall be processed in accordance with relevant laws and regulations of China.

    Q: Does the visa waiver apply to tour groups?

    A: The visa waiver applies to eligible foreign nationals either in tour groups or as individuals.

    Q: If the length of intended stay exceeds 30 days, can the visa waiver be extended?

    A: Foreign nationals planning to stay in China for over 30 days shall apply for visas corresponding to their purposes of stay in advance at Chinese embassies or consulates. If they have to stay longer than 30 days for appropriate and sufficient reasons after entering China without a visa, they shall apply for stay permits to the exit and entry administrations of public security authorities of China.

    Q: Does the visa waiver allow multiple entries? Is there any requirement on the length of intervals between each entry, or any restriction on the number of entries without a visa or total days of stay?

    A: Foreign nationals eligible for the visa waiver can enter China without a visa multiple times. Currently, there is no restriction on the number of entries or total days of stay, but those who enjoy visa-free travel to China shall not engage in activities inconsistent with their purpose of entry.

    MIL OSI China News

  • MIL-OSI China: Top-seed Sun cruises into last 16 at TT worlds

    Source: People’s Republic of China – State Council News

    Top-seeded Chinese Sun Yingsha defeated France’s Charlotte Lutz in straight sets to reach the women’s singles last 16 at the World Table Tennis Championships on Wednesday.

    Sun Yingsha serves during the women’s singles round of 32 match between Sun Yingsha of China and Charlotte Lutz of France at ITTF World Table Tennis Championships Finals Doha 2025 in Doha, Qatar, May 21, 2025. (Xinhua/Xiao Yijiu)

    “Go go Shasha!” rooted for by a loud crowd, the 24-year-old superstar clinched an 11-4, 11-6, 11-6, 11-1 victory over the 20-year-old and world No. 92.

    “This was our first meeting, and I had studied her match videos,” said Sun after a 29-minute match. “She is young and promising.”

    Sun will next play against South Korea’s Shin Yu-bin, who advanced over Italy’s Gaia Monfardini in a score of 11-5, 8-11, 11-9, 14-12, 16-14.

    MIL OSI China News

  • MIL-OSI China: Flick extends Barcelona contract until 2027

    Source: People’s Republic of China – State Council News

    FC Barcelona announced on Wednesday that coach Hansi Flick has agreed to extend his contract with the club until the end of June 2027.

    “The German coach will sign on Wednesday the extension of his contract until 2027 – for one more season – The act will be held in the offices at the Camp Nou,” confirmed a statement from the club.

    Hansi Flick gestures on the touchline during the Group E match between Germany and Japan at the 2022 FIFA World Cup at Khalifa International Stadium in Doha, Qatar, Nov. 23, 2022. (Xinhua/Cao Can)

    The extension on Flick’s original deal, which was due to expire in 2026, comes after the former Bayern Munich and German national team boss has led Barca to this season’s La Liga title, the Copa del Rey and the Spanish Supercup in his first season in charge.

    Flick’s only disappointment was a narrow defeat after extra time to Inter Milan in the semifinals of the Champions League.

    MIL OSI China News

  • MIL-OSI China: Man City’s Guardiola demands slimmer squad for next season

    Source: People’s Republic of China – State Council News

    Manchester City coach Pep Guardiola has urged the club to reduce the size of the first team squad or he will consider leaving for the good of his “soul” as he hates to leave players in the stands.

    Guardiola made the remarks after Tuesday night’s 3-1 win at home to Bournemouth thanks to goals from Omar Marmoush, Bernardo Silva and Nico Gonzalez. The win lifted City to third in the Premier League and it needs just a point from next weekend’s visit to play Fulham to assure a place in next season’s Champions League.

    Pep Guardiola looks on during Manchester City’s 2023 UEFA Super Cup against Sevilla in Piraeus, Greece, Aug. 16, 2023. (Photo by Panagiotis Moschandreou/Xinhua)

    Tuesday’s win came with players such as James McAtee, Rico Lewis and Abdukodir Khusanov, Savinho and Claudio Echeverri all watching from the stands. Some could say that shows the depth of talent available for Guardiola, but the coach clearly views things differently.

    “I said to the club I don’t want that; I don’t want to leave five or six players in the freezer. I don’t want that. I will quit. Make a shorter squad, I will stay.”

    “It’s impossible for my soul to have my players in the tribune – that they cannot play,” he said.

    “As a manager I cannot train 24 players and every time I select, I have to have four, five, six stay in Manchester at home because they cannot play. This is not going to happen. I said to the club, I don’t want that,” he continued.

    Tuesday night saw Spain international midfielder Rodri return after missing nearly all of the season after a knee operation, and Guardiola admitted that injuries to defenders such as Ruben Dias and John Stones had made things difficult this season.

    “It was so difficult but next season it cannot be like that,” insisted the coach.

    MIL OSI China News

  • MIL-OSI Security: Former Defense Contractor Pleads Guilty to Tax Crimes

    Source: Office of United States Attorneys

    Defendant Admits to Concealing 50% Ownership of $7B Defense Contracting Business to Evade Taxes

               WASHINGTON – Douglas Edelman, 73, a former defense contractor, pleaded guilty today to tax crimes related to a scheme to defraud the United States and evade taxes on income he earned from his contracts with the U.S. Department of Defense.

               The sentence was announced U.S. Attorney Jeanine Ferris Pirro, Acting Deputy Assistant Attorney General Karen E. Kelly of the Justice Department’s Tax Division, and Special Agent in Charge Kareem A. Carter with IRS-Criminal Investigation (IRS-CI) Washington, D.C. Field Office. 

               Edelman pleaded guilty to 10 felony counts: conspiracy to defraud the United States, seven counts of tax evasion, and two counts of making a false statement.  U.S. District Court Judge Colleen Kollar-Kotelly scheduled a hearing on issues related to sentencing on Nov. 17, 2026. Trial on the remaining counts of the indictment will be in 2026.

               According to court documents and statements made in court, Edelman founded and owned 50% of Mina Corp. and Red Star Enterprises (Mina/Red Star), a defense contracting business that received more than $7 billion from contracts with the U.S. Department of Defense to provide jet fuel in the United States’ post-9/11 military efforts in Afghanistan and the Middle East. 

               Working with others, Edelman engaged in a lengthy scheme to hide his Mina/Red Star profits to evade U.S. taxes, including by concealing his income in undisclosed foreign bank accounts, creating false documents and making false statements that one of his co-conspirators — a French citizen residing abroad and without U.S. tax obligations — founded and owned Mina/Red Star. 

               For example, when the company became profitable in 2005, Edelman began taking distributions which he deposited into Swiss bank accounts, primarily at Credit Suisse, in the name of other companies he owned. In 2008, Credit Suisse informed Edelman that he had to either close his accounts or disclose them to U.S. authorities. Rather than come into compliance with his tax and reporting obligations, Edelman closed his accounts and opened new ones at Bank Julius Baer in Singapore in the name of a nominee entity, the beneficiaries of which were purportedly Edelman’s daughters. He then directed the subject income he earned from Mina/Red Star to those bank accounts. 

               In 2010 the U.S. House of Representatives Committee on Oversight and Government Reform’s Subcommittee on National Security and Foreign Affairs began investigating allegations of corruption in connection with Mina/Red Star’s contracts with the Department of Defense. As part of this inquiry, the subcommittee became interested in the identity of Mina/Red Star’s owners. At this time, Edelman had not filed U.S. tax returns to report the millions of dollars he had earned from Mina/Red Star and had not paid U.S. taxes on his income. 

               Rather than disclose his ownership, Edelman caused his attorneys to tell Congress a false story that a French co-conspirator who had no U.S. tax or reporting obligations founded and co-owed Mina/Red Star with another individual. To corroborate the false story, Edelman and a co-conspirator caused false and backdated paperwork to be created. 

               To continue the scheme, Edelman conveyed the false story about Mina/Red Star’s ownership to other arms of the U.S. government, including to the Department of Defense during contract negotiations in 2010 and 2011, to the IRS in a 2016 application to the Offshore Voluntary Disclosure Program, and to the Justice Department in a 2018 presentation. 

               In conjunction with his 2016 application to the IRS’s Voluntary Disclosure Program, Edelman filed false tax returns for several prior years that only reported income from gifts or purported consulting payments, continuing to conceal the millions he had earned from his company. On the returns, he also concealed profits he had earned from a separate business to provide internet service to members of the armed forces at Kandahar Air Base in Afghanistan. 

               Instead of paying the taxes that he knew he owed, Edelman used the money to fund his lifestyle and additional investments. He invested in a music television franchise in Eastern Europe, a land venture in Tulum, Mexico, and a farm in Kenya, and purchased property around Europe, including a home in Ibiza, Spain, and a townhouse in London.

               Edelman faces a maximum penalty of five years in prison for each of the 10 counts to which he has pleaded. He also faces a period of supervised release, restitution, and monetary penalties. A federal district court judge will determine any sentence after considering the U.S. Sentencing Guidelines and other statutory factors.

               This case is being investigated by special agents from IRS-CI’s International Tax & Financial Crimes specialty group, a team based out of Washington, D.C., that is dedicated to uncovering international tax crimes, along with the Special Inspector General for Afghanistan Reconstruction. The Justice Department’s Office of International Affairs assisted in the investigation. His Majesty’s Revenue & Customs of the United Kingdom also provided assistance, as did the Joint Chiefs of Global Tax Enforcement (J5), which brings together the taxing authorities of Australia, Canada, the Netherlands, the United Kingdom, and the United States. The Guardia Civil of Spain assisted with the arrest. 

               This case is being prosecuted by Assistant U.S. Attorney Joshua Gold for the District of Columbia and Assistant Chief Sarah Ranney and Trial Attorney Ezra Spiro of the Tax Division.

    24cr239

    MIL Security OSI

  • MIL-OSI Submissions: Finland – Modirum Partners with State Networks Finland to Deliver Real-Time Group Video Services for Finland’s Nationwide Public Safety Network

    Source: Modirum

    Helsinki, Finland, 21.5.2025 – Modirum and State Networks Finland (Erillisverkot) have announced a strategic partnership to deploy real-time group video services on Virve 2, Finland’s next-generation nationwide public safety network. This collaboration introduces a cutting-edge video platform designed to improve situational awareness, operational coordination, and decision-making for authorities and organizations operating in safety-critical environments.

    Enhancing Situational Awareness and Operational Readiness with Secure, Mission-Critical Video Solutions

    Modern public safety operations demand fast and secure access to live information from the field. Modirum’s NSC3 Group Video Service enables the secure transmission of live video, audio, and location data between field units and command centers — empowering faster response, better coordination, and ultimately, saving lives.

    Already in operational use by several Finnish public safety organizations, the platform supports various video inputs, including body-worn cameras, vehicle-mounted systems, drones, and fixed surveillance units. Purpose-built for harsh operational environments, NSC3 ensures reliable, real-time collaboration for first responders and other mission-critical actors.

    “For data security reasons, videos captured by public authorities cannot travel through commercial networks. Together with Modirum, we’ve built a centralized, secure Group Video Service tailored for safety-critical organizations. It provides a highly reliable and encrypted way to transfer live video from the field to command centers.”
    — Tuomas Ahlfors, Product Manager, State Networks (Erillisverkot)

    “The Group Video Service has proven to be a critical operational tool, significantly enhancing situational awareness and resource coordination. It enables more agile deployments and better crisis response.”
    — Mauri Kataja, Account Manager, State Networks (Erillisverkot)

    “We are proud to partner with State Networks, a recognized European leader in secure public safety infrastructure. Their commitment to innovation and national resilience aligns closely with Modirum’s mission to deliver AI-driven, mission-critical platforms that strengthen operational capabilities in demanding conditions.”
    — Tero Silvola, CEO, Modirum

    About State Networks – Erillisverkot

    State Networks Finland is a government-owned special-purpose entity under the Prime Minister’s Office, responsible for safeguarding mission-critical communication and infrastructure services in all circumstances. Through its Virve 2 broadband network, it delivers secure communications and situational awareness solutions for emergency services, public authorities, and other essential actors in Finnish society.

    Learn more: https://www.erillisverkot.fi

    About NSC3 by Modirum

    NSC3 is Modirum’s advanced platform for real-time situational awareness and secure communications. Supporting input from drones, body cams, dash cams, and IP cameras, NSC3 delivers seamless video sharing and features the industry’s fastest patented video engine, integrated Push-to-Talk and messaging, and is optimized for low-latency performance in all network conditions.

    Learn more: https://modirumplatforms.com/platforms/critical-communication/nsc3

    Modirum

    Modirum is a leading innovator in delivering secure, AI-driven solutions for Critical Communications, Telecom, Finance, Public & Government, Health Care and Energy sectors. With a focus on platform development, our mission is to empower public safety organizations and businesses by enabling them to launch, deliver, and scale services more efficiently while maintaining trust, reliability, and innovation.

    With 27 years of experience and a team of 250+ experts, we’ve successfully executed 500+ projects across 30 countries. Our expert team partners with organizations to deliver cutting-edge solutions tailored to the unique needs of the industries we serve.

    MIL OSI – Submitted News

  • MIL-OSI Submissions: Tech – Europe’s Largest Inaugural Tech and Startup Event Opens in Berlin as the Continent Spurs Momentum for Open Innovation and AI Leadership

    Source: GITEX EUROPE x Ai Everything 2025

    EconomyEntrepreneurs / Start-UpTech / DigitalInnovation – Ministers and senior tech stakeholders from the European Union, Germany and the UAE inaugurate the momentous first edition of GITEX EUROPE x Ai Everything.

    Berlin, Germany – 21 May 2025: Berlin became the focal point of Europe’s tech momentum and global digital cooperation as GITEX EUROPE x Ai Everything 2025 opened its doors today at Messe Berlin, launching the region’s largest inaugural tech, startup and digital investment event to capacity crowds and the biggest, most international lineup of tech and businesses converging in Europe. The show arrives at an inflection point in Europe’s digital future, sparked by a continent-wide ‘Choose Europe’ movement to anchor the next wave of innovation, research, investment, talent and deep-tech breakthroughs on home ground; alongside a renewed impetus in Germany represented by the formation of a new government and the country’s first digital ministry taking stewardship on digital transformation, AI excellence and data policy.

    Born in the UAE with global editions now running in seven countries, GITEX is the world’s largest and best-rated tech and startup event, reflecting the UAE’s wider national commitment to global digital collaboration. With the show’s expansion into Europe, it echoes the UAE’s shared commitment to advance innovation and scientific frontiers, recently strengthened with Abu Dhabi’s MGX investment and Nvidia partnering to develop Europe’s largest AI data center campus (1) alongside the development of a new 5GW AI campus (2), the largest of its kind outside the US to be based in Abu Dhabi.

    Welcome addresses led the inauguration ceremony from European and global leaders, including Kai Wegner, Governing Mayor of Berlin; H.E. Alia Al Mazrouei, UAE Minister of State for Entrepreneurship; Clara Chappaz, the Minister of AI and Digital of France; Thomas Jarzombek, Parliamentary State Secretary at the Federal Minister for Digital and State Modernization, Germany; Jan Kavalírek, Deputy Minister of Industry and Trade, Czech Republic; Franziska Giffey, Mayor of Berlin & Senator for Economic Affairs, Energy and Public Enterprises; and Trixie LohMirmand, EVP of Dubai World Trade Centre, the global organiser of GITEX.

    With participation from over 100 countries, 1,400 tech companies, startups, and SMEs, more than 600 influential investors, and 500 industry leaders on-stage, the event sparked strategic dialogues on innovation, investment, policy shifts and business transformations, as well as catalysed collaborations at scale – across sectors and geographies. Taking place until 23 May at Messe Berlin, GITEX EUROPE x Ai Everything 2025 is organised in partnership with the Berlin Senate Department for Economics, Energy and Public Enterprises, Germany’s Federal Ministry for Economic Affairs and Climate Action, Berlin Partner for Business and Technology, and the European Innovation Council (EIC).

    Kai Wegner, Governing Mayor of Berlin: “The GITEX tech fair – which is taking place in Berlin for the very first time – brings founders from around the world, investors, and established companies together. As Germany’s startup capital, Berlin is the perfect place for GITEX. We want to create the best environment for founders in our city. Networking events and industry fairs like GITEX are part of that effort.”

    Her Excellency (H.E.) Alia Al Mazrouei, the UAE Minister of State for Entrepreneurship: “Moving beyond economic diplomacy, the UAE is now championing entrepreneurial diplomacy, guided by our diligent efforts in fostering global partnerships to empower entrepreneurs in the country. GITEX EUROPE’s vision of bringing together SMEs, investors, accelerators, incubators and industry leaders to ignite innovation, foster collaboration, and drive growth aligns with the UAE’s aspirations to strengthen partnerships with Europe in entrepreneurship and digital economy.”

    Clara Chappaz, the Minister of AI and Digital of France, commented on the development of AI: “When you were hear about Europe being a continent of regulation, this is the past. Today, Europe is all about innovation. More than ever, we have all the ingredients to succeed as Europeans building these amazing technologies when it comes to AI. The partnerships between France and Germany is extremely determined to accelerate Europe when it comes to innovation, and in particular when it comes to everything we can do on digital innovation.”

    Thomas Jarzombek, Parliamentary State Secretary at the Federal Minister for Digital and State Modernization reiterated: “It’s a great opportunity here to connect startups and also for investment opportunities right now here in Berlin. We have to move forward, faster than we did in the past. Easy for you to do business in Germany, easy for every citizen to do everything with an app and to digitalize things you have in our pocket right now.”

    Jan Kavalírek, Deputy Minister of Industry and Trade, Czech Republic: “One of our top priorities right now, is to create the best possible environment for AI researchers and to deploy artificial intelligence across all the industrial sector. This is the reason why we invest in AI heavily, both in software and in hardware infrastructure, and this is also the reason why we are glad to part of GITEX EUROPE.”

    Franziska Giffey, Mayor of Berlin and Senator for Economic Affairs, Energy and Public Enterprises: “We have more than 5,000 startup enterprises here in Berlin, and of course we want to do more. We want to be the number one innovation place in Europe. Whenever you think about coming to the place of freedom, the place of possibilities, come to Berlin.”

    Trixie LohMirmand, global organiser of GITEX: “As the world’s third largest economy, Germany’s market gravity and Europe’s openness create a powerful test-bed where capital, code and talent can cross-pollinate at speed, forging new collaborative forces across geographies and sectors. GITEX EUROPE proves that innovations can scale beyond borders, opening new markets and opportunities for Europe’s most ambitious companies.”

    Spanning high impact showcases and talks covering AI, cybersecurity, deep tech, green tech, quantum computing, SMEs, and startup, scaleup and investments, GITEX EUROPE x Ai Everything offers unmatched opportunities to access new markets, breakthrough technologies, industry transformations and business insights.

    Across the show floor, global tech enterprises including IBM, AWS, Bosch, Cisco, CrowdStrike, Dell, Fortinet, Lenovo, ManageEngine, NinjaOne, NVIDIA, and SAP, alongside over 750 startups from 60 countries, showcase how infrastructure, intelligence, and investment intersect to propel Europe’s digital future forward. From business leaders to AI architects, quantum researchers to CIOs, green tech innovators to global investors, the opening day’s gathering set the tone for decisive partnerships accelerating the continent’s AI and digital competitiveness.

    The opening day conference programme was headlined by Dr. Geoffrey Hinton, Nobel Physics Laureate and ‘Godfather of AI’ with a riveting keynote on ‘AI for Humanity’s Greatest Challenges’. In April 2025, the United Arab Emirates and European Union delivered a joint statement to begin dialogue toward a Comprehensive Economic Partnership Agreement (CEPA) (3) aimed at strengthening bilateral trade and investment ties across key sectors such as AI, advanced manufacturing, healthcare and more.

    GITEX EUROPE x Ai Everything leverages a powerful network of established relationships in tech, policy, investment and business spanning four regions and seven countries, with more new international editions in the wings. Currently the GITEX global network of events takes place in Abu Dhabi, Dubai, Germany, Morocco, Nigeria, Singapore, Thailand, and Vietnam.

    (1) https://fastcompanyme.com/news/nvidia-and-abu-dhabis-mgx-join-french-partners-to-build-europes-largest-ai-campus/
    (2) https://www.techrepublic.com/article/news-uae-us-ai-campus/
    (3) https://www.wam.ae/en/article/bj3wkyv-uae-president-president-european-commission-agree

    For more information, visit: www.gitex-europe.com.

    About GITEX EUROPE x Ai Everything 2025

    GITEX EUROPE x Ai Everything 2025, Europe’s most global, collaborative, and cross-industry tech event, taking place from May 21–23, 2025, at Messe Berlin, Germany. Convening over 1,400 exhibiting enterprises, SMEs and startups from 100-plus countries, alongside over 600 investors, and 500 expert speakers across AI, Deep Tech, Quantum, Cybersecurity, Connectivity, Smart Cities, Green Tech, and many more, GITEX EUROPE x Ai Everything is advancing the continent’s digital future in partnership with the world. This inaugural edition features the new SMEDEX, GITEX SCALEX, and GQX, and brings to Germany the world’s largest and best-rated startup and investor event – North Star Europe. GITEX EUROPE x Ai Everything is seamlessly connected with the GITEX network of tech and startup events in Germany, Morocco, Nigeria, Singapore, Thailand, UAE, and Vietnam. For more information, please visit: www.gitex-europe.com

    MIL OSI – Submitted News

  • MIL-OSI USA: Senate Passes Durbin’s Bipartisan Resolution Honoring The Four American Service Members Who Died In Lithuania

    US Senate News:

    Source: United States Senator for Illinois Dick Durbin
    May 21, 2025
    The resolution recognizes the soldiers’ service and sacrifice to our nation and NATO allies
    WASHINGTON – U.S. Senate Democratic Whip Dick Durbin (D-IL), Co-Chair of the Senate Baltic Freedom Caucus, today commended the unanimous Senate passage of his bipartisan resolution honoring the four American soldiers—including one Illinoisan—who were stationed in Lithuania and tragically died in March while on a mission to recover a vehicle immobilized during a training exercise. The soldiers include Staff Sergeant Jose Dueñez Jr. from Joliet, Illinois; Staff Sergeant Edvin F. Franco; Staff Sergeant Troy S. Knutson-Collins; and Private First-Class Dante D. Taitano—all part of the 1st Armored Brigade, 3rd Infantry Division.
    “Last night, the Senate honored the brave American service members, including Staff Sergeant Jose Dueñez Jr. from Joliet, Illinois, who tragically died during a mission in Lithuania earlier this year.  It was a mission fraught with extreme danger and challenges, and this resolution reminds us of the daily service and sacrifice of our military members,” Durbin said.  “The resolution also expresses our gratitude to our Lithuanian ally—who dropped everything and faced great odds to help us recover their bodies and bring these fallen soldiers home—a reminder of the common defense underlying our alliance.”
    On April 3, thousands of Lithuanians took to the streets in Vilnius—including the Lithuanian President—to pay their respects to our fallen American soldiers. The resolution also reaffirms the importance of the NATO alliance and the need to support our Baltic allies.
    Durbin spoke about the four American soldiers and his resolution on the Senate floor last month.
    Text of the resolution can be found here.
    Joining Durbin in sponsoring the resolution are U.S. Senators Chuck Grassley (R-IA), Chuck Schumer (D-NY), Mitch McConnell (R-KY), Jeanne Shaheen (D-NH), Tammy Duckworth (D-IL), Chris Coons (D-DE), Adam Schiff (D-CA), Gary Peters (D-MI), Elissa Slotkin (D-MI), and Alex Padilla (D-CA).
    -30-

    MIL OSI USA News

  • MIL-OSI Russia: At a seminar on Eurasian relations, Chinese and German experts called for cooperation

    Translation. Region: Russian Federal

    Source: People’s Republic of China in Russian – People’s Republic of China in Russian –

    Source: People’s Republic of China – State Council News

    BEIJING, May 21 (Xinhua) — Experts from China and Germany called for cooperation to overcome global challenges in an unstable world at a seminar on China-Russia-Europe relations held in Beijing on Tuesday.

    The current seminar, organized by the Institute of Russian, East European and Central Asian Studies of the Chinese Academy of Social Sciences (IRESCA AASS), took place in the year of the 50th anniversary of the establishment of diplomatic relations between China and the European Union.

    In his opening remarks, Sun Zhuangzhi, Director of the IRECA AONK, noted that in the context of profound global changes unseen for a century, humanity once again found itself at a historical crossroads. Against this background, he stressed, academic discussions on relations between China, Russia and Europe have important practical significance.

    Noting that China and Europe have many common interests, Sun said it is crucial to find the “biggest common denominator” for cooperation between the two sides, which is of particular significance both for maintaining security and stability on the Eurasian continent and for promoting prosperity and development worldwide.

    Nadine Godehardt, Senior Research Fellow at the Asia Department of the Brussels branch of the German Institute for International and Security Affairs, noted that the world is experiencing new profound changes, and the geopolitical landscape in the Eurasian region is becoming increasingly complex.

    As a result, N. Godehard continued, the European Union and the European integration process are creating a new momentum for reform, initiating a whole series of policy adjustments. She added that discussions between Chinese and European think tanks on the relations between China, Russia and Europe and on the situation in the Eurasian region are timely and important.

    The seminar participants agreed that in the context of an unstable international situation, countries of the world should adhere to the principles of mutual success and common progress, work together to solve key global and regional problems, and jointly write a new chapter in international governance and multilateral cooperation.

    The seminar was attended by experts and scholars from the German Institute for International and Security Affairs, the Bertelsmann Foundation, the Ruhr University Bochum, the AONK and the China Institute of Contemporary International Relations. –0–

    MIL OSI Russia News

  • MIL-OSI United Kingdom: PM meeting with President Nikos Christodoulides of Cyprus: 21 May 2025

    Source: United Kingdom – Executive Government & Departments

    Press release

    PM meeting with President Nikos Christodoulides of Cyprus: 21 May 2025

    The Prime Minister hosted President Nikos Christodoulides of Cyprus for a short meeting in Downing Street during his visit to London.

    The Prime Minister hosted President Nikos Christodoulides of Cyprus for a short meeting in Downing Street during his visit to London.

    The leaders began by reflecting on the Prime Minister’s historic visit to Cyprus in December and welcomed the strengthening of the relationship between the two countries.

    The Prime Minister updated on the UK-EU Summit earlier in the week, and thanked President Christodoulides for his support in resetting the relationship between the UK and Europe. 

    The leaders looked forward to speaking again soon.

    Updates to this page

    Published 21 May 2025

    MIL OSI United Kingdom

  • MIL-OSI Security: Major strike against Italian-Albanian drug trafficking network: 52 suspects targeted

    Source: Eurojust

    During the action day, authorities in both countries seized assets worth at least several millions euros, including apartments and companies, as well as various luxury vehicles. . Large amounts of cash and quantities of cocaine and heroin were also seized. A full and complete evaluation of the seizures will be carried out in the coming days.

    No complete estimate of the total profits of the cooperation between the three OCGs is available. However, information obtained through the JIT shows that the criminal networks were involved in payments, often in cash, of close to EUR 5 million and the trafficking of at least 1 800 kilos of cocaine and heroin.

    Investigations into the linked criminal organisations were initiated in 2016 by the Public Prosecutor’s Office of Bari and the Special Anti-Corruption and Organised Crime Prosecutor’s Office of Tirana and the Albanian Police. On the Albanian side, one OCG, which operated from Durres, was responsible for the transport and wholesale distribution of large quantities of cocaine, heroin and cannabis trafficked between the Balkans, Northern Europe, South America and Puglia in Italy.

    Two Italian-led criminal gangs carried out the cutting and packaging of illicit drugs and supplied cocaine and heroin from Latin America and Turkey to local gangs in organisations in Bari, Brindisi and Lecce.

    The arrests in Italy and Albania are the result of a long-term collaboration through the JIT. This involved the use of wiretaps, intensive video surveillance, the monitoring of suspects and the analysis of encrypted chats. These chats were decrypted following intensive cooperation through Eurojust.

    Since 2020, Eurojust has supported the authorities in Italy and Albania with the JIT. Furthermore, the Agency provided assistance with the execution of requests for Mutual Legal Assistance during the action day and gave cross-border judicial support. Albania is one of the twelve countries outside the European Union with a Liaison Prosecutor at Eurojust. The investigations were also coordinated and supported by the office of the dedicated security expert at the Italian Embassy in Tirana.

    The judicial cooperation between Italy and Albania has already proven effective in recent years. Between 2018 and 2021, the Anti-Mafia Investigation Directorate of Bari issued and executed 118 arrest warrants against alleged drug traffickers operating in both countries. As a result, various defendants were sentenced up to 20 years imprisonment.

    This week’s operation was carried out at the request of and by the following authorities:

    • Italy: Public Prosecutor’s Office Bari – District Anti-Mafia Directorate; Anti-Mafia Investigation Directorate Bari, under the coordination of the National Anti-Mafia and Anti-Terrorism Directorate Rome, with support of the Office of the Security Expert at the Italian Embassy in Tirana
    • Albania: Special Anti-Corruption and Organised Crime Prosecutor’s Office (SPAK) of Tirana; Albanian Police

    MIL Security OSI

  • MIL-OSI USA: Russian GRU Targeting Western Logistics Entities and Technology Companies

    News In Brief – Source: US Computer Emergency Readiness Team

    Executive Summary

    This joint cybersecurity advisory (CSA) highlights a Russian state-sponsored cyber campaign targeting Western logistics entities and technology companies. This includes those involved in the coordination, transport, and delivery of foreign assistance to Ukraine. Since 2022, Western logistics entities and IT companies have faced an elevated risk of targeting by the Russian General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (85th GTsSS), military unit 26165—tracked in the cybersecurity community under several names (see “Cybersecurity Industry Tracking”). The actors’ cyber espionage-oriented campaign, targeting technology companies and logistics entities, uses a mix of previously disclosed tactics, techniques, and procedures (TTPs). The authoring agencies expect similar targeting and TTP use to continue.

    Executives and network defenders at logistics entities and technology companies should recognize the elevated threat of unit 26165 targeting, increase monitoring and threat hunting for known TTPs and indicators of compromise (IOCs), and posture network defenses with a presumption of targeting.

    This cyber espionage-oriented campaign targeting logistics entities and technology companies uses a mix of previously disclosed TTPs and is likely connected to these actors’ wide scale targeting of IP cameras in Ukraine and bordering NATO nations.

    The following authors and co-sealers are releasing this CSA:

    • United States National Security Agency (NSA)
    • United States Federal Bureau of Investigation (FBI)
    • United Kingdom National Cyber Security Centre (NCSC-UK)
    • Germany Federal Intelligence Service (BND) Bundesnachrichtendienst
    • Germany Federal Office for Information Security (BSI) Bundesamt für Sicherheit in der Informationstechnik
    • Germany Federal Office for the Protection of the Constitution (BfV) Bundesamt für Verfassungsschutz
    • Czech Republic Military Intelligence (VZ)  Vojenské zpravodajství
    • Czech Republic National Cyber and Information Security Agency (NÚKIB) Národní úřad pro kybernetickou a informační bezpečnost
    • Czech Republic Security Information Service (BIS) Bezpečnostní informační služba
    • Poland Internal Security Agency (ABW) Agencja Bezpieczeństwa Wewnętrznego
    • Poland Military Counterintelligence Service (SKW) Służba Kontrwywiadu Wojskowego
    • United States Cybersecurity and Infrastructure Security Agency (CISA)
    • United States Department of Defense Cyber Crime Center (DC3)
    • United States Cyber Command (USCYBERCOM)
    • Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC)
    • Canadian Centre for Cyber Security (CCCS)
    • Danish Defence Intelligence Service (DDIS) Forsvarets Efterretningstjeneste
    • Estonian Foreign Intelligence Service (EFIS) Välisluureamet
    • Estonian National Cyber Security Centre (NCSC-EE) Küberturvalisuse keskus
    • French Cybersecurity Agency (ANSSI) Agence nationale de la sécurité des systèmes d’information
    • Netherlands Defence Intelligence and Security Service (MIVD) Militaire Inlichtingen- en Veiligheidsdienst
       

    Download the PDF version of this report:

    Russian GRU Targeting Western Logistics Entities and Technology Companies (PDF, 1,081KB)

    For a downloadable list of IOCs, visit:

    Introduction

    For over two years, the Russian GRU 85th GTsSS, military unit 26165—commonly known in the cybersecurity community as APT28, Fancy Bear, Forest Blizzard, BlueDelta, and a variety of other identifiers—has conducted this campaign using a mix of known tactics, techniques, and procedures (TTPs), including reconstituted password spraying capabilities, spearphishing, and modification of Microsoft Exchange mailbox permissions.
    In late February 2022, multiple Russian state-sponsored cyber actors increased the variety of cyber operations for purposes of espionage, destruction, and influence—with unit 26165 predominately involved in espionage. [1] As Russian military forces failed to meet their military objectives and Western countries provided aid to support Ukraine’s territorial defense, unit 26165 expanded its targeting of logistics entities and technology companies involved in the delivery of aid. These actors have also targeted Internet-connected cameras at Ukrainian border crossings to monitor and track aid shipments.
    Note: This advisory uses the MITRE ATT&CK® for Enterprise framework, version 17. See Appendix A: MITRE ATT&CK tactics and techniques for a table of the threat actors’ activity mapped to MITRE ATT&CK tactics and techniques. This advisory uses the MITRE D3FEND® framework, version 1.0.

    Description of Targets

    The GRU unit 26165 cyber campaign against Western logistics providers and technology companies has targeted dozens of entities, including government organizations and private/commercial entities across virtually all transportation modes: air, sea, and rail. These actors have targeted entities associated with the following verticals within NATO member states, Ukraine, and at international organizations: 

    •  Defense Industry
    • Transportation and Transportation Hubs (ports, airports, etc.)
    • Maritime
    • Air Traffic Management
    • IT Services

    In the course of the targeting lifecycle, unit 26165 actors identified and conducted follow-on targeting of additional entities in the transportation sector that had business ties to the primary target, exploiting trust relationships to attempt to gain additional access [T1199].

    The actors also conducted reconnaissance on at least one entity involved in the production of industrial control system (ICS) components for railway management, though a successful compromise was not confirmed [TA0043].

    The countries with targeted entities include the following, as illustrated in Figure 1:

    • Bulgaria
    • Czech Republic
    • France
    • Germany
    • Greece
    • Italy
    • Moldova
    • Netherlands
    • Poland
    • Romania
    • Slovakia
    • Ukraine
    • United States
       
    Figure 1: Countries with Targeted Entities

    Initial Access TTPs

    To gain initial access to targeted entities, unit 26165 actors used several techniques to gain initial access to targeted entities, including (but not limited to):

    The actors abused vulnerabilities associated with a range of brands and models of small office/home office (SOHO) devices to facilitate covert cyber operations, as well as proxy malicious activity via devices with geolocation in proximity to the target [T1665]. [2]

    Credential Guessing/Brute Force

    Unit 26165 actors’ credential guessing [T1110.001] operations in this campaign exhibit some similar characteristics to those disclosed in the previous CSA “Russian GRU Conducting Global Brute Force Campaign to Compromise Enterprise and Cloud Environments.” [3] Based on victim network investigations, the current iteration of this TTP employs a similar blend of anonymization infrastructure, including the use of Tor and commercial VPNs [T1090.003]. The actors frequently rotated the IP addresses used to further hamper detection. All observed connections were made via encrypted TLS [T1573]. 

    Spearphishing

    GRU unit 26165 actors’ spearphishing emails included links [T1566.002] leading to fake login pages impersonating a variety of government entities and Western cloud email providers’ webpages. These webpages were typically hosted on free third-party services or compromised SOHO devices and often used legitimate documents associated with thematically similar entities as lures. The subjects of spearphishing emails were diverse and ranged from professional topics to adult themes. Phishing emails were frequently sent via compromised accounts or free webmail accounts [T1586.002, T1586.003]. The emails were typically written in the target’s native language and sent to a single targeted recipient. 

    Some campaigns employed multi-stage redirectors [T1104] verifying IP-geolocation [T1627.001] and browser fingerprints [T1627] to protect credential harvesting infrastructure or provide multifactor authentication (MFA) [T1111] and CAPTCHA relaying capabilities [T1056]. Connecting endpoints failing the location checks were redirected to a benign URL [T1627], such as msn.com. Redirector services used include:

    • Webhook[.]site
    • FrgeIO
    • InfinityFree
    • Dynu
    • Mocky
    • Pipedream
    • Mockbin[.]org

    The actors also used spearphishing to deliver malware (including HEADLACE and MASEPIE) executables [T1204.002] delivered via third-party services and redirectors [T1566.002], scripts in a mix of languages [T1059] (including BAT [T1059.003] and VBScript [T1059.005]) and links to hosted shortcuts [T1204.001].

    CVE Usage

    Throughout this campaign, GRU unit 26165 weaponized an Outlook NTLM vulnerability (CVE-2023-23397) to collect NTLM hashes and credentials via specially crafted Outlook calendar appointment invitations [T1187]. [4],[5] These actors also used a series of Roundcube CVEs (CVE-2020-12641, CVE-2020-35730, and CVE-2021-44026) to execute arbitrary shell commands [T1059], gain access to victim email accounts, and retrieve sensitive data from email servers [T1114].

    Since at least fall 2023, the actors leveraged a WinRAR vulnerability (CVE-2023-38831) allowing for the execution of arbitrary code embedded in an archive as a means of initial access [T1659]. The actors sent emails with malicious attachments [T1566.001] or embedded hyperlinks [T1566.002] that downloaded a malicious archive prepared using this CVE. 

    Post-Compromise TTPs

    After an initial compromise using one of the above techniques, unit 26165 actors conducted contact information reconnaissance to identify additional targets in key positions [T1589.002]. The actors also conducted reconnaissance of the cybersecurity department [T1591], individuals responsible for coordinating transport [T1591.004], and other companies cooperating with the victim entity [T1591.002].

    The actors used native commands and open source tools, such as Impacket and PsExec, to move laterally within the environment [TA0008]. Multiple Impacket scripts were used as .exe files, in addition to the python versions, depending on the victim environment. The actors also moved laterally within the network using Remote Desktop Protocol (RDP) [T1021.001] to access additional hosts and attempt to dump Active Directory NTDS.dit domain databases [T1003.003] using native Active Directory Domain Services commands, such as in Figure 2: Example Active Directory Domain Services command:

    C:Windowssystem32ntdsutil.exe "activate instance ntds" ifm "create full C:temp[a-z]{3}" quit quit

    Figure 2: Example Active Directory Domain Services command

    Additionally, GRU unit 26165 actors used the tools Certipy and ADExplorer.exe to exfiltrate information from the Active Directory. The actors installed python [T1059.006] on infected machines to enable the execution of Certipy. Accessed files were archived in .zip files prior to exfiltration [T1560]. The actors attempted to exfiltrate archived data via a previously dropped OpenSSH binary [T1048].

    Incident response investigations revealed that the actors would take steps to locate and exfiltrate lists of Office 365 users and set up sustained email collection. The actors used manipulation of mailbox permissions [T1098.002] to establish sustained email collection at compromised logistics entities, as detailed in a Polish Cybercommand blog. [6]

    After initial authentication, unit 26165 actors would change accounts’ folder permissions and enroll compromised accounts in MFA mechanisms to increase the trust-level of compromised accounts and enable sustained access [T1556.006]. The actors leveraged python scripts to retrieve plaintext passwords via Group Policy Preferences [T1552.006] using Get-GPPPassword.py and a modified ldap-dump.py to enumerate the Windows environment [T1087.002] and conduct a brute force password spray [T1110.003] via Lightweight Directory Access Protocol (LDAP). The actors would additionally delete event logs through the wevtutil utility [T1070.001].

    After gaining initial access to the network, the actors pursued further access to accounts with access to sensitive information on shipments, such as train schedules and shipping manifests. These accounts contained information on aid shipments to Ukraine, including: 

    • sender,
    • recipient,
    • train/plane/ship numbers,
    • point of departure,
    • destination,
    • container registration numbers,
    • travel route, and
    • cargo contents. 

    In at least one instance, the actors attempted to use voice phishing [T1566.004] to gain access to privileged accounts by impersonating IT staff.

    Malware

    Unit 26165’s use of malware in this campaign ranged from gaining initial access to establishing persistence and exfiltrating data. In some cases, the attack chain resulted in multiple pieces of malware being deployed in succession. The actors used dynamic link library (DLL) search order hijacking [T1574.001] to facilitate malware execution. There were a number of known malware variants tied to this campaign against logistics sector victims, including:

    • HEADLACE [7]
    • MASEPIE [8]

    While other malware variants, such as OCEANMAP and STEELHOOK, [8] were not directly observed targeting logistics or IT entities, their deployment against victims in other sectors in Ukraine and other Western countries suggest that they could be deployed against logistics and IT entities should the need arise. 

    Persistence

    In addition to the abovementioned mailbox permissions abuse, unit 26165 actors also used scheduled tasks [T1053.005], run keys [T1547.001], and placed malicious shortcuts [T1547.009] in the startup folder to establish persistence. 

    Exfiltration

    GRU unit 26165 actors used a variety of methods for data exfiltration that varied based on the victim environment, including both malware and living off the land binaries. PowerShell commands [T1059.001] were often used to prepare data for exfiltration; for example, the actors prepared zip archives [T1560.001] for upload to their own infrastructure. 

    The actors also used server data exchange protocols and Application Programming Interfaces (APIs) such as Exchange Web Services (EWS) and Internet Message Access Protocol (IMAP) [T1114.002] to exfiltrate data from email servers. In multiple instances, the actors used periodic EWS queries [T1119] to collect new emails sent and received since the last data exfiltration [T1029]. The actors typically used infrastructure in close geographic proximity to the victim. Long gaps between exfiltration, the use of trusted and legitimate protocols, and the use of local infrastructure allowed for long-term collection of sensitive data to go undetected. 

    Connections to Targeting of IP Cameras

    In addition to targeting logistics entities, unit 26165 actors likely used access to private cameras at key locations, such as near border crossings, military installations, and rail stations, to track the movement of materials into Ukraine. The actors also used legitimate municipal services, such as traffic cams. 

    The actors targeted Real Time Streaming Protocol (RTSP) servers hosting IP cameras primarily located in Ukraine as early as March 2022 in a large-scale campaign, which included attempts to enumerate devices [T1592] and gain access to the cameras’ feeds [T1125]. Actor-controlled servers sent RTSP DESCRIBE requests destined for RTSP servers, primarily hosting IP cameras [T1090.002]. The DESCRIBE requests were crafted to obtain access to IP cameras located on logically distinct networks from that of the routers that received the request. The requests included Base64-encoded credentials for the RTSP server, which included publicly documented default credentials and likely generic attempts to brute force access to the devices [T1110]. An example of an RTSP request is shown in Figure 3.

    DESCRIBE rtsp://[IP ADDRESS] RTSP/1.0

    CSeq: 1

    Authorization: Basic

    User-Agent: WebClient

    Accept: application/sdp

    DESCRIBE rtsp://[IP ADDRESS] RTSP/1.0

    CSeq: 2

    Authorization: Digest username="admin", realm="[a-f0-9]{12}", algorithm="MD5", nonce="[a-f0-9]{32}", uri="", response="[a-f0-9]{32}"

    User-Agent: WebClient

    Accept: application/sdp

    Figure 3: Example RTSP request

    Successful RTSP 200 OK responses contained a snapshot of the IP camera’s image and IP camera metadata such as video codec, resolution, and other properties depending on the IP camera’s configuration. 

    From a sample available to the authoring agencies of over 10,000 cameras targeted via this effort, the geographic distribution of victims showed a strong focus on cameras in Ukraine and border countries, as shown in Table 1:

    Table 1: Geographic distribution of targeted IP cameras
    Country Percentage of Total Attempts
    Ukraine 81.0%
    Romania 9.9%
    Poland 4.0%
    Hungary 2.8%
    Slovakia 1.7%
    Others 0.6%

    Mitigation Actions

    General Security Mitigations

    Architecture and Configuration

    • Employ appropriate network segmentation [D3-NI] and restrictions to limit access and utilize additional attributes (such as device information, environment, and access path) when making access decisions [D3-AMED].
      • Consider Zero Trust principles when designing systems. Base product choices on how those products can solve specific risks identified as part of the end-to-end design. [9]
    • Ensure that host firewalls and network security appliances (e.g., firewalls) are configured to only allow legitimately needed data flows between devices and servers to prevent lateral movement [D3-ITF]. Alert on attempts to connect laterally between host devices or other unusual data flows.
    • Use automated tools to audit access logs for security concerns and identify anomalous access requests [D3-RAPA].
    • For organizations using on-premises authentication and email services, block and alert on NTLM/SMB requests to external infrastructure [D3-OTF].
    • Utilize endpoint, detection, and response (EDR) and other cybersecurity solutions on all systems, prioritizing high value systems with large amounts of sensitive data such as mail servers and domain controllers [D3-PM] first.
      • Perform threat and attack modeling to understand how sensitive systems may be compromised within an organization’s specific architecture and security controls. Use this to develop a monitoring strategy to detect compromise attempts and select appropriate products to enact this strategy.
    • Collect and monitor Windows logs for certain events, especially for events that indicate that a log was cleared unexpectedly [D3-SFA].
    • Enable optional security features in Windows to harden endpoints and mitigate initial access techniques [D3-AH]:
      • Enable attack surface reduction rules to prevent executable content from email [D3-ABPI].
      • Enable attack surface reduction rules to prevent execution of files from globally writeable directories, such as Downloads or %APPDATA% [D3-EAL].
      • Unless users are involved in the development of scripts, limit the local execution of scripts (such as batch scripts, VBScript, JScript/JavaScript, and PowerShell [10]) to known scripts [D3-EI], and audit execution attempts.
      • Disable Windows Host Scripting functionality and configure PowerShell to run in Constrained mode [D3-ACH].
    • Where feasible, implement allowlisting for applications and scripts to limit execution to only those needed for authorized activities, blocking all others by default [D3-EAL].
    • Consider using open source SIGMA rules as a baseline for detecting and alerting on suspicious file execution or command parameters [D3-PSA].
    • Use services that provide enhanced browsing services and safe link checking [D3-URA]. Significant reductions in successful spearphishing attempts were noted when email providers began offering link checking and automatic file detonation to block malicious content.
    • Where possible, block logins from public VPNs, including exit nodes in the same country as target systems, or, if they need to be allowed, alert on them for further investigation. Most organizations should not need to allow incoming traffic, especially logins to systems, from VPN services [D3-NAM].
    • Educate users to only use approved corporate systems for relevant government and military business and avoid the use of personal accounts on cloud email providers to conduct official business. Network administrators should also audit both email and web request logs to detect such activity.

    Many organizations may not need to allow outgoing traffic to hosting and API mocking services, which are frequently used by GRU unit 26165. Organizations should consider alerting on or blocking the following services, with exceptions allowlisted for legitimate activity [D3-DNSDL].

    • *.000[.]pe
    • *.1cooldns[.]com
    • *.42web[.]io
    • *.4cloud[.]click
    • *.accesscan[.]org
    • *.bumbleshrimp[.]com
    • *.camdvr[.]org
    • *.casacam[.]net
    • *.ddnsfree[.]com
    • *.ddnsgeek[.]com
    • *.ddnsguru[.]com
    • *.dynuddns[.]com
    • *.dynuddns[.]net
    • *.free[.]nf
    • *.freeddns[.]org
    • *.frge[.]io
    • *.glize[.]com
    • *.great-site[.]net
    • *.infinityfreeapp[.]com
    • *.kesug[.]com
    • *.loseyourip[.]com
    • *.lovestoblog[.]com
    • *.mockbin[.]io
    • *.mockbin[.]org
    • *.mocky[.]io
    • *.mybiolink[.]io
    • *.mysynology[.]net
    • *.mywire[.]org
    • *.ngrok[.]io
    • *.ooguy[.]com
    • *.pipedream[.]net
    • *.rf[.]gd
    • *.urlbae[.]com
    • *.webhook[.]site
    • *.webhookapp[.]com
    • *.webredirect[.]org
    • *.wuaze[.]com

    Heuristic detections for web requests to new subdomains, including of the above providers, may uncover malicious phishing activity [D3-DNRA]. Logging the requests for each sub-domain requested by users on a network, such as in DNS or firewall logs, may enable system administrators to identify new targeting and victims.

    Identity and Access Management

    Organizations should take measures to ensure strong access controls and mitigate against common credential theft techniques: 

    • Use MFA with strong factors, such as passkeys or PKI smartcards, and require regular re-authentication [D3-MFA]. [11], [12] Strong authentication factors are not guessable using dictionary techniques, so they resist brute force attempts.
    • Implement other mitigations for privileged accounts: including limiting the number of admin accounts, considering using hardware MFA tokens, and regularly reviewing all privileged user accounts [D3-JFAPA].
    • Separate privileged accounts by role and alert on misuse of privileged accounts [D3-UAP]. For example, email administrator accounts should be different from domain administrator accounts.
    • Reduce reliance on passwords; instead, consider using services like single sign-on [D3-TBA].
      • For organizations using on-premises authentication and email services, plan to disable NTLM entirely and migrate to more robust authentication processes such as PKI certificate authentication.
    • Do not store passwords in Group Policy Preferences (GPP). Remove all passwords previously included in GPP and change all passwords on the corresponding accounts [D3-CH]. [13]
    • Use account throttling or account lockout [D3-ANET]:
      • Throttling is preferred to lockout. Throttling progressively increases time delay between successive login attempts.
      • Account lockout can leave legitimate users unable to access their accounts and requires access to an account recovery process.
      • Account lockout can provide a malicious actor with an easy way to launch a Denial of Service (DoS).
      • If using lockout, then allowing 5 to 10 attempts before lockout is recommended.
    • Use a service to check for compromised passwords before using them [D3-SPP]. For example, “Have I Been Pwned” can be used to check whether a password has been previously compromised without disclosing the potential password.
    • Change all default credentials [D3-CRO] and disable protocols that use weak authentication (e.g., clear-text passwords or outdated and vulnerable authentication or encryption protocols) or do not support multi-factor authentication [D3-ACH] [D3-ET]. Always configure access controls carefully to ensure that only well-maintained and well-authenticated accounts have access. [13]

    IP Camera Mitigations

    The following mitigation techniques for IP cameras can be used to defend against this type of malicious activity:

    • Ensure IP cameras are currently supported. Replace devices that are out of support.
    • Apply security patches and firmware updates to all IP cameras [D3-SU].
    • Disable remote access to the IP camera, if unnecessary [D3-ITF].
    • Ensure cameras are protected by a security appliance, if possible, such as by using a firewall to prevent communication with the camera from IP addresses not on an allowlist [D3-NAM].
    • If remote access to IP camera feeds is required, ensure authentication is enabled [D3-AA] and use a VPN to connect remotely [D3-ET]. Use MFA for management accounts if supported [D3-MFA].
    • Disable Universal Plug and Play (UPnP), Peer-to-Peer (P2P), and Anonymous Visit features on IP cameras and routers [D3-NI].
    • Turn off other ports/services not in use (e.g., FTP, web interface, etc.) [D3-ACH].
    • If supported, enable authenticated RTSP access only [D3-AA].
    • Review all authentication activity for remote access to make sure it is valid and expected [D3-UBA]. Investigate any unexpected or unusual activity.
    • Audit IP camera user accounts to ensure they are an accurate reflection of your organization and that they are being used as expected [D3-UAP].
    • Configure, tune, and monitor logging—if available—on the IP camera.

    Indicators of Compromise (IOCs)

    Note: Specific IoCs may no longer be actor controlled, may themselves be compromised infrastructure or email accounts, or may be shared infrastructure such as public VPN or Tor exit nodes. Care should be taken when basing triaging logs or developing detection rules on these indicators. GRU unit 26165 almost certainly uses extensive further infrastructure and TTPs not specifically listed in this report.

    Utilities and scripts

    Legitimate utilities

    Unauthorized or unusual use of the following legitimate utilities can be an indication of a potential compromise:

    • ntdsutil – A legitimate Windows executable used by threat actors to export contents of Active Directory
    • wevtutil – A legitimate Windows executable used by threat actors to delete event logs
    • vssadmin – A legitimate Windows executable possibly used by threat actors to make a copy of the server’s C: drive
    • ADexplorer – A legitimate window executable to view, edit, and backup Active Directory Certificate Services
    • OpenSSH – The Windows version of a legitimate open source SSH client
    • schtasks – A legitimate Windows executable used to create persistence using scheduled tasks
    • whoami – A legitimate Windows executable used to retrieve the name of the current user
    • tasklist – A legitimate Windows executable used to retrieve the list of running processes
    • hostname – A legitimate Windows executable used to retrieve the device name
    • arp – A legitimate Windows executable used to retrieve the ARP table for mapping the network environment
    • systeminfo – A legitimate Windows executable used to retrieve a comprehensive summary of device and operating system information
    • net – A legitimate Windows executable used to retrieve detailed user information
    • wmic – A legitimate Windows executable used to interact with Windows Management Instrumentation (WMI), such as to retrieve letters assigned to logical partitions on storage drives
    • cacls – A legitimate Windows executable used to modify permissions on files
    • icacls – A legitimate Windows executable used to modify permissions to files and handle integrity levels and ownership
    • ssh – A legitimate Windows executable used to establish network shell connections
    • reg – A legitimate Windows executable used to add to or modify the system registry 

    Note: Additional heuristics are needed for effective hunting for these and other living off the land (LOTL) binaries to avoid being overwhelmed by false positives if these legitimate management tools are used regularly. See the joint guide, Identifying and Mitigating Living Off the Land Techniques, for guidance on developing a multifaceted cybersecurity strategy that enables behavior analytics, anomaly detection, and proactive hunting, which are part of a comprehensive approach to mitigating cyber threats that employ LOTL techniques.

    Malicious scripts

    • Certipy – An open source python tool for enumerating and abusing Active Directory Certificate Services
    • Get-GPPPassword.py – An open source python script for finding insecure passwords stored in Group Policy Preferences
    • ldap-dump.py – A script for enumerating user accounts and other information in Active Directory
    • Hikvision backdoor string: “YWRtaW46MTEK”

    Suspicious command lines

    While the following utilities are legitimate, and using them with the command lines shown may also be legitimate, these command lines are often used during malicious activities and could be an indication of a compromise:

    • edge.exe “-headless-new -disable-gpu”
    • ntdsutil.exe “activate instance ntds” ifm “create full C:temp[a-z]{3}” quit quit
    • ssh -Nf
    • schtasks /create /xml

    Outlook CVE Exploitation IOCs

    • md-shoeb@alfathdoor[.]com[.]sa
    • jayam@wizzsolutions[.]com
    • accounts@regencyservice[.]in
    • m.salim@tsc-me[.]com
    • vikram.anand@4ginfosource[.]com
    • mdelafuente@ukwwfze[.]com
    • sarah@cosmicgold469[.]co[.]za
    • franch1.lanka@bplanka[.]com
    • commerical@vanadrink[.]com
    • maint@goldenloaduae[.]com
    • karina@bhpcapital[.]com
    • tv@coastalareabank[.]com
    • ashoke.kumar@hbclife[.]in
    • 213[.]32[.]252[.]221
    • 124[.]168[.]91[.]178
    • 194[.]126[.]178[.]8
    • 159[.]196[.]128[.]120

    Commonly Used Webmail Providers

    • portugalmail[.]pt
    • mail-online[.]dk
    • email[.]cz
    • seznam[.]cz

    Malicious Archive Filenames Involving CVE-2023-38831

    • calc.war.zip
    • news_week_6.zip
    • Roadmap.zip
    • SEDE-PV-2023-10-09-1_EN.zip
    • war.zip
    • Zeyilname.zip

    Brute Forcing IP Addresses

    Disclaimer: These IP addresses date June 2024 through August 2024. The authoring agencies recommend organizations investigate or vet these IP addresses prior to taking action, such as blocking.

    June 2024 July 2024 August 2024
    192[.]162[.]174[.]94 207[.]244[.]71[.]84 31[.]135[.]199[.]145 79[.]184[.]25[.]198 91[.]149[.]253[.]204  
    103[.]97[.]203[.]29 162[.]210[.]194[.]2 31[.]42[.]4[.]138 79[.]185[.]5[.]142 91[.]149[.]254[.]75  
    209[.]14[.]71[.]127   46[.]112[.]70[.]252 83[.]10[.]46[.]174 91[.]149[.]255[.]122  
    109[.]95[.]151[.]207   46[.]248[.]185[.]236 83[.]168[.]66[.]145 91[.]149[.]255[.]19  
        64[.]176[.]67[.]117 83[.]168[.]78[.]27 91[.]149[.]255[.]195  
        64[.]176[.]69[.]196 83[.]168[.]78[.]31   91[.]221[.]88[.]76  
        64[.]176[.]70[.]18 83[.]168[.]78[.]55   93[.]105[.]185[.]139  
        64[.]176[.]70[.]238 83[.]23[.]130[.]49   95[.]215[.]76[.]209  
        64[.]176[.]71[.]201 83[.]29[.]138[.]115   138[.]199[.]59[.]43  
        70[.]34[.]242[.]220 89[.]64[.]70[.]69   147[.]135[.]209[.]245  
        70[.]34[.]243[.]226 90[.]156[.]4[.]204   178[.]235[.]191[.]182  
        70[.]34[.]244[.]100 91[.]149[.]202[.]215   178[.]37[.]97[.]243  
        70[.]34[.]245[.]215 91[.]149[.]203[.]73   185[.]234[.]235[.]69  
        70[.]34[.]252[.]168 91[.]149[.]219[.]158 192[.]162[.]174[.]67  
        70[.]34[.]252[.]186 91[.]149[.]219[.]23   194[.]187[.]180[.]20  
        70[.]34[.]252[.]222 91[.]149[.]223[.]130   212[.]127[.]78[.]170  
        70[.]34[.]253[.]13 91[.]149[.]253[.]118 213[.]134[.]184[.]167
        70[.]34[.]253[.]247   91[.]149[.]253[.]198    
        70[.]34[.]254[.]245 91[.]149[.]253[.]20    

    Detections

    Customized NTLM listener

    rule APT28_NTLM_LISTENER {

           meta:

                  description = "Detects NTLM listeners including APT28's custom one"

           strings:

                  $command_1 = "start-process powershell.exe -WindowStyle hidden"

                  $command_2 = "New-Object System.Net.HttpListener"

                  $command_3 = "Prefixes.Add('http://localhost:8080/')"

                  $command_4 = "-match 'Authorization'"

                  $command_5 = "GetValues('Authorization')"

                  $command_6 = "Request.RemoteEndPoint.Address.IPAddressToString"

                  $command_7 = "@(0x4e,0x54,0x4c,0x4d, 0x53,0x53,0x50,0x00,0x02,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x28,0x00,0x00,0x01,0x82,0x00,0x00,0x11,0x22,0x33,0x44,0x55,0x66,0x77,0x88,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00)"

                  $command_8 = ".AllKeys"

                  

                  $variable_1 = "$NTLMAuthentication" nocase

                  $variable_2 = "$NTLMType2" nocase

                  $variable_3 = "$listener" nocase

                  $variable_4 = "$hostip" nocase

                  $variable_5 = "$request" nocase

                  $variable_6 = "$ntlmt2" nocase

                  $variable_7 = "$NTLMType2Response" nocase

                  $variable_8 = "$buffer" nocase

           condition:

                  5 of ($command_*) 

                  or

                  all of ($variable_*)

    }

    HEADLACE shortcut

    rule APT28_HEADLACE_SHORTCUT {

           meta:

                  description = "Detects the HEADLACE backdoor shortcut dropper. Rule is meant for threat hunting."

           strings:

                  $type = "[InternetShortcut]" ascii nocase

                  $url  = "file://"

                  $edge = "msedge.exe"

                  $icon = "IconFile"

           condition:

                  all of them

    }

    HEADLACE credential dialogbox phishing 

    rule APT28_HEADLACE_CREDENTIALDIALOG {

           meta:

                  description = "Detects scripts used by APT28 to lure user into entering credentials"

           strings:

                  $command_1 = "while($true)"

                  $command_2 = "Get-Credential $(whoami)"

                  $command_3 = "Add-Content"

                  $command_4 = ".UserName"

                  $command_5 = ".GetNetworkCredential().Password"

                  $command_6 = "GetNetworkCredential().Password.Length -ne 0"

           condition:

                  5 of them

    }

    HEADLACE core script

    rule APT28_HEADLACE_CORE {

           meta:

                  description = "Detects HEADLACE core batch scripts"

           strings:

                  $chcp = "chcp 65001" ascii

                  $headless = "start "" msedge --headless=new --disable-gpu" ascii

                  

                  $command_1 = "taskkill /im msedge.exe /f" ascii

                  $command_2 = "whoami>"%programdata%" ascii

                  $command_3 = "timeout" ascii

                  $command_4 = "copy "%programdata%" ascii

                  $non_generic_del_1 = "del /q /f "%programdata%" ascii

                  $non_generic_del_3 = "del /q /f "%userprofile%Downloads" ascii

     

                  $generic_del = "del /q /f" ascii

           condition:

                  (

                          $chcp 

                          and 

                          $headless

                  )

                  and

                  (

                          1 of ($non_generic_del_*)

                          or

                          ($generic_del)

                          or

                          3 of ($command_*)

                  )

    }

    MASEPIE

    rule APT28_MASEPIE {

           meta:

                  description = "Detects MASEPIE python script"

           strings:

                  $masepie_unique_1 = "os.popen('whoami').read()"

                  $masepie_unique_2 = "elif message == 'check'"

                  $masepie_unique_3 = "elif message == 'send_file':"

                  $masepie_unique_4 = "elif message == 'get_file'"

                  $masepie_unique_5 = "enc_mes('ok'"

                  $masepie_unique_6 = "Bad command!'.encode('ascii'"

                  $masepie_unique_7 = "{user}{SEPARATOR}{k}"

                  $masepie_unique_8 = "raise Exception("Reconnect"

           condition:

                  3 of ($masepie_unique_*)

    }

    STEELHOOK

    rule APT28_STEELHOOK {

           meta:

                  description = "Detects APT28's STEELHOOK powershell script"

           strings:

                  $s_1 = "$($env:LOCALAPPDATAGoogleChromeUser DataLocal State)"

                  $s_2 = "$($env:LOCALAPPDATAGoogleChromeUser DataDefaultLogin Data)"

                  $s_3 = "$($env:LOCALAPPDATAMicrosoftEdgeUser DataLocal State)"

                  $s_4 = "$($env:LOCALAPPDATAMicrosoftEdgeUser DataDefaultLogin Data)"

                  $s_5 = "os_crypt.encrypted_key"

                  $s_6 = "System.Security.Cryptography.DataProtectionScope"

                  $s_7 = "[system.security.cryptography.protectdata]::Unprotect"

                  $s_8 = "Invoke-RestMethod"

           condition:

                  all of them

    }

    PSEXEC

    rule GENERIC_PSEXEC {

           meta:

                  description = "Detects SysInternals PSEXEC executable"

           strings:

                  $sysinternals_1 = "SYSINTERNALS SOFTWARE LICENCE TERMS"

                  $sysinternals_2 = "/accepteula"

                  $sysinternals_3 = "SoftwareSysinternals"

                  $network_1 = "%sIPC$"

                  $network_2 = "%sADMIN$%s"

                  $network_3 = "DeviceLanmanRedirector%sipc$"

                  $psexec_1 = "PSEXESVC"

                  $psexec_2 = "PSEXEC-{}-"

                  $psexec_3 = "Copying %s to %s..."

                  $psexec_4 = "gPSINFSVC"

           condition:

                  (

                          ( uint16( 0x0 ) ==0x5a4d )

                          and

                          ( uint16( uint32( 0x3c )) == 0x4550 )

                  )

                  and 

                          filesize < 1024KB

                  and

                  (

                          ( any of ($sysinternals_*) and any of ($psexec_*) )

                          or

                          ( 2 of ($network_*) and 2 of ($psexec_*))

                  )

    }

    The cybersecurity industry provides overlapping cyber threat intelligence, IOCs, and mitigation recommendations related to GRU unit 26165 cyber actors. While not all encompassing, the following are the most notable threat group names related under MITRE ATT&CK G0007 and commonly used within the cybersecurity community: 

    • APT28 [14]
    • Fancy Bear [14]
    • Forest Blizzard [14]
    • Blue Delta [15]

    Note: Cybersecurity companies have different methods of tracking and attributing cyber actors, and this may not be a 1:1 correlation to the U.S. government’s understanding for all activity related to these groupings.

    Further Reference

    To search for the presence of malicious email messages targeting CVE-2023-23397, network defenders may consider using the script published by Microsoft: https://aka.ms/CVE-2023-23397ScriptDoc. 

    For the Impacket TTP, network defenders may consider using the following publicly available Impacket YARA detection rule:
    https://github.com/Neo23x0/signature-base/blob/master/yara/gen_impacket_tools.yar

    Works Cited

    [1] Microsoft. Defending Ukraine: Early Lessons from the Cyber War. 2022. https://blogs.microsoft.com/on-the-issues/2022/06/22/defending-ukraine-early-lessons-from-the-cyber-war/  
    [2] FBI et al. Russian Cyber Actors Use Compromised Routers to Facilitate Cyber Operations. 2024. https://media.defense.gov/2024/Feb/27/2003400753/-1/-1/0/CSA-Russian-Actors-Use-Routers-Facilitate-Cyber_Operations.PDF   
    [3] NSA et al. Russian GRU Conducting Global Brute Force Campaign to Compromise Enterprise and Cloud Environments. 2021. https://media.defense.gov/2021/Jul/01/2002753896/-1/-1/0/CSA_GRU_GLOBAL_BRUTE_FORCE_CAMPAIGN_UOO158036-21.PDF 
    [4] ANSSI. Campagnes d'attaques du mode opératoire APT28 depuis 2021. 2023. https://cert.ssi.gouv.fr/cti/CERTFR-2023-CTI-009/  
    [5] ANSSI. Targeting and compromise of french entities using the APT28 intrusion set. 2025. https://cert.ssi.gouv.fr/cti/CERTFR-2025-CTI-007/   
    [6] Polish Cyber Command. Detecting Malicious Activity Against Microsoft Exchange Servers. 2023. https://www.wojsko-polskie.pl/woc/articles/aktualnosci-w/detecting-malicious-activity-against-microsoft-exchange-servers/ 
    [7] IBM. Israel-Hamas Conflict Lures to Deliver Headlace Malware. 2023. https://securityintelligence.com/x-force/itg05-ops-leverage-israel-hamas-conflict-lures-to-deliver-headlace-malware/ 
    [8] CERT-UA. APT28: From Initial Attack to Creating Domain Controller Threats in an Hour. 2023. https://cert.gov.ua/article/6276894 
    [9] NSA. Embracing a Zero Trust Security Model. 2021. https://media.defense.gov/2021/Feb/25/2002588479/-1/-1/0/CSI_EMBRACING_ZT_SECURITY_MODEL_UOO115131-21.PDF  
    [10] NSA et al. Keeping PowerShell: Security Measures to Use and Embrace. 2022. https://media.defense.gov/2022/Jun/22/2003021689/-1/-1/0/CSI_KEEPING_POWERSHELL_SECURITY_MEASURES_TO_USE_AND_EMBRACE_20220622.PDF 
    [11] National Institute of Standards and Technology (NIST). Special Publication 800-63B: Digital Identity Guidelines – Authentication and Lifecycle Management. 2020. https://pages.nist.gov/800-63-3/sp800-63b.html 
    [12] NSA. Selecting Secure Multi-factor Authentication Solutions. October 16, 2020. https://media.defense.gov/2024/Jul/31/2003515137/-1/-1/0/MULTIFACTOR_AUTHENTICATION_SOLUTIONS_UOO17091520.PDF  
    [13] NSA and CSA. NSA and CISA Red and Blue Teams Share Top Ten Cybersecurity Misconfigurations. 2023. https://media.defense.gov/2023/Oct/05/2003314578/-1/-1/0/JOINT_CSA_TOP_TEN_MISCONFIGURATIONS_TLP-CLEAR.PDF 

    [14] Department of Justice. Justice Department Conducts Court-Authorized Disruption of Botnet Controlled by the Russian Federation’s Main Intelligence Directorate of the General Staff (GRU). 2024. https://www.justice.gov/archives/opa/pr/justice-department-conducts-court-authorized-disruption-botnet-controlled-russian  
    [15] Recorded Future. GRU’s BlueDelta Targets Key Networks in Europe with Multi-Phase Espionage Campaigns. 2024. https://go.recordedfuture.com/hubfs/reports/CTA-RU-2024-0530.pdf  
     

    Disclaimer of endorsement

    The information and opinions contained in this document are provided "as is" and without any warranties or guarantees. Reference herein to any specific commercial products, process, or service by trade name, trademark, manufacturer, or otherwise, does not constitute or imply its endorsement, recommendation, or favoring by the United States Government, and this guidance shall not be used for advertising or product endorsement purposes.

    Purpose

    This document was developed in furtherance of the authoring agencies’ cybersecurity missions, including their responsibilities to identify and disseminate threats and to develop and issue cybersecurity specifications and mitigations. This information may be shared broadly to reach all appropriate stakeholders.

    Contact

    United States organizations

    • National Security Agency (NSA)
    • Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI)
      • U.S. organizations are encouraged to reporting suspicious or criminal activity related to information in this advisory to CISA via the agency’s Incident Reporting System, its 24/7 Operations Center (report@cisa.gov or 888-282-0870), or your local FBI field office. When available, please include the following information regarding the incident: date, time, and location of the incident; type of activity; number of people affected; type of equipment user for the activity; the name of the submitting company or organization; and a designated point of contact.
    • Department of Defense Cyber Crime Center (DC3)

    United Kingdom organizations

    Germany organizations

    Czech Republic organizations

    Poland organizations

    Australian organizations

    • Visit cyber.gov.au or call 1300 292 371 (1300 CYBER 1) to report cybersecurity incidents and access alerts and advisories.

    Canadian organizations

    Estonia organizations

    French organizations

    • French organizations are encouraged to report suspicious activity or incident related to information found in this advisory by contacting ANSSI/CERT-FR by email at cert-fr@ssi.gouv.fr or by phone at: 3218 or +33 9 70 83 32 18. 

    See Table 2 through Table 14 for all the threat actor tactics and techniques referenced in this advisory.

    Table 2: Reconnaissance
    Tactic/Technique Title ID Use
    Reconnaissance TA0043 Conducted reconnaissance on at least one entity involved in the production of ICS components for railway management.
    Gather Victim Identity Information: Email Addresses T1589.002 Conducted contact information reconnaissance to identify additional targets in key positions.
    Gather Victim Org Information T1591 Conducted reconnaissance of the cybersecurity department.
    Gather Victim Org Information: Identify Roles T1591.004 Conducted reconnaissance of individuals responsible for coordinating transport.
    Gather Victim Org Information: Business Relationships T1591.002 Conducted reconnaissance of other companies cooperating with the victim entity.
    Gather Victim Host Information T1592 Attempted to enumerate Real Time Streaming Protocol (RTSP) servers hosting IP cameras.
    Table 3: Resource development
    Tactic/Technique Title ID Use
    Compromise Accounts: Email Accounts T1586.002 Sent phishing emails using compromised accounts.
    Compromise Accounts: Cloud Accounts T1586.003 Sent phishing emails using compromised accounts.
    Table 4: Initial Access
    Tactic/Technique Title ID Use
    Trusted Relationship T1199 Conducted follow-on targeting of additional entities in the transportation sector that had business ties to the primary target, exploiting trust relationships to attempt to gain additional access.
    Phishing T1566 Used spearphishing for credentials and delivering malware to gain initial access to targeted entities.
    Phishing: Spearphishing Attachment T1566.001 Sent emails with malicious attachments.
    Phishing: Spearphishing Link T1566.002 Used spearphishing with included links to fake login pages. Sent emails with embedded hyperlinks that downloaded a malicious archive.
    Phishing: Spearphishing Voice T1566.004 Attempted to use voice phishing to gain access to privileged accounts by impersonating IT staff.
    External Remote Services T1133 Exploited Internet-facing infrastructure, including corporate VPNs, to gain initial access to targeted entities.
    Exploit Public-Facing Application T1190 Exploited public vulnerabilities and SQL injection to gain initial access to targeted entities.
    Content Injection T1659 Leveraged a WinRAR vulnerability allowing for the execution of arbitrary code embedded in an archive.
    Table 5: Execution
    Tactic/Technique Title ID Use
    User Execution: Malicious Link T1204.001 Used malicious links to hosted shortcuts in spearphishing.
    User Execution: Malicious File T1204.002 Delivered malware executables via spearphishing.
    Scheduled Task/Job: Scheduled Task T1053.005 Used scheduled tasks to establish persistence.
    Command and Scripting Interpreter T1059 Delivered scripts in spearphishing. Executed arbitrary shell commands.
    Command and Scripting Interpreter: PowerShell T1059.001 PowerShell commands were often used to prepare data for exfiltration.
    Command and Scripting Interpreter: Windows Command Shell T1059.003 Used BAT script in spearphishing.
    Command and Scripting Interpreter: Visual Basic T1059.005 Used VBScript in spearphishing.
    Command and Scripting Interpreter: Python T1059.006 Installed python on infected machines to enable the execution of Certipy.
    Table 6: Persistence
    Tactic/Technique Title ID Use
    Account Manipulation: 
    Additional Email Delegate 
    Permissions

    T1098.002 

    		 Used manipulation of mailbox permissions to establish sustained email collection. 
    Modify Authentication Process: 
    Multi-Factor Authentication

    T1556.006 

    		 Enrolled compromised accounts in MFA mechanisms to increase the trust-level of compromised accounts and enable sustained access. 
    Hijack Execution Flow: DLL 
    Search Order Hijacking     		 T1574.001  Used DLL search order hijacking to facilitate malware execution. 
    Boot or Logon Autostart 
    Execution: Registry Run Keys / 
    Startup Folder

    T1547.001 

    		 Used run keys to establish persistence. 
    Boot or Logon Autostart 
    Execution: Shortcut 
    Modification

    T1547.009 

    		 Placed malicious shortcuts in the startup folder to establish persistence. 
    Table 7: Defense Evasion
    Tactic/Technique Title ID Use
    Indicator Removal: Clear 
    Windows Event Logs    		 T1070.001  Deleted event logs through the wevtutil utility.
    Table 8: Credential access 
    Tactic/Technique Title ID Use

    Brute Force 

    Sent requests with Base64-encoded credentials for the RTSP server, which included publicly documented default credentials, and likely were generic attempts to brute force access to the devices. 

    Brute Force: Password Guessing 

    T1110.001 

    Used credential guessing to gain initial access to targeted entities. 

    Brute Force: Password Spraying 

    T1110.003 

    Used brute force to gain initial access to targeted entities. Conducted a brute force password spray via LDAP. 

    Multi-Factor Authentication Interception 

    Used multi-stage redirectors to provide MFA relaying capabilities in some campaigns. 

    Input Capture 

    Used multi-stage redirectors to provide CAPTCHA relaying capabilities in some campaigns. 

    Forced Authentication 

    Used an Outlook NTLM vulnerability to collect NTLM hashes and credentials via specially crafted Outlook calendar appointment invitations. 

    OS Credential Dumping: NTDS 

    T1003.003 

    Attempted to dump Active Directory NTDS.dit domain databases. 

    Unsecured Credentials: Group Policy Preferences 

    T1552.006 

    Retrieved plaintext passwords via Group Policy Preferences using Get-GPPPassword.py. 
    Table 9: Discovery
    Tactic/Technique Title ID Use

    Account Discovery: Domain Account

    T1087.002

    Used a modified ldap-dump.py to enumerate the Windows environment.
    Table 10: Command and Control
    Tactic/Technique Title ID Use

    Hide Infrastructure 

    		 T1665 

    Abused SOHO devices to facilitate covert cyber operations, as well as proxy malicious activity, via devices with geolocation in proximity to the target. 

    Proxy: External Proxy 

    		 T1090.002 

    Actor-controlled servers sent RTSP DESCRIBE requests destined for RTSP servers. 

    Proxy: Multi-hop Proxy 

    		 T1090.003 

    Used Tor and commercial VPNs as part of their anonymization infrastructure 

    Encrypted Channel 

    		 T1573 

    Connected to victim infrastructure using encrypted TLS. 

    Multi-Stage Channels 

    		 T1104 

    Used multi-stage redirectors for campaigns. 
    Table 11: Defense evasion (mobile framework)
    Tactic/Technique Title ID Use

    Execution Guardrails 

    Used multi-stage redirectors to verify browser fingerprints in some campaigns. 

    Execution Guardrails: Geofencing 

    T1627.001 

    Used multi-stage redirectors to verify IP-geolocation in some campaigns. 
    Table 12: Lateral movement
    Tactic/Technique Title ID Use

    Lateral Movement 

    Used native commands and open source tools, such as Impacket and PsExec, to move laterally within the environment. 

    Remote Services: Remote Desktop Protocol 

    T1021.001 

    Moved laterally within the network using RDP. 
    Table 13: Collection
    Tactic/Technique Title ID Use

    Email Collection 

    Retrieved sensitive data from email servers. 

    Email Collection: Remote Email Collection 

    T1114.002 

    Used server data exchange protocols and APIs such as Exchange Web Services (EWS) and IMAP to exfiltrate data from email servers. 

    Automated Collection 

    Used periodic EWS queries to collect new emails. 

    Video Capture 

    Attempted to gain access to the cameras’ feeds. 

    Archive Collected Data 

    Accessed files were archived in .zip files prior to exfiltration. 

    Archive Collected Data: Archive via Utility 

    T1560.001 

    Prepared zip archives for upload to the actors’ infrastructure. 
    Table 14: Exfiltration
    Tactic/Technique Title ID Use

    Exfiltration Over Alternative Protocol 

    Attempted to exfiltrate archived data via a previously dropped OpenSSH binary. 

    Scheduled Transfer 

    Used periodic EWS queries to collect new emails sent and received since the last data exfiltration. 

    Appendix B: CVEs exploited

    Table 15: Exploited CVE information
    CVE  Vendor/Product  Details

    CVE-2023-38831 

    RARLAB WinRAR 

    Allows execution of arbitrary code when a user attempts to view a benign file within a ZIP archive. 

    CVE-2023-23397 

    Microsoft Outlook 

    External actors could send specially crafted emails that cause a connection from the victim to an untrusted location of the actor’s control, leaking the Net-NTLMv2 hash of the victim that the actor could then relay to another service to authenticate as the victim. 

    CVE-2021-44026 

    Roundcube Webmail 

    Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to a potential SQL injection via search or search params. 

    CVE-2020-35730 

    Roundcube Webmail 

    An XSS issue was discovered in Roundcube Webmail before 1.2.13, 1.3.x before 1.3.16 and 1.4.x before 1.4.10, where a plaintext email message with JavaScript in a link reference element is mishandled by linkref_addindex in rcube_string_replacer.php. 

    CVE-2020-12641 

    Roundcube Webmail 

    Roundcube Webmail before 1.4.4 allows arbitrary code execution via shell metacharacters in a configuration setting for im_convert_path or im_identify_path in rcube_image.php. 

    Appendix C: MITRE D3FEND Countermeasures

    Table 16: MITRE D3FEND countermeasures
    Countermeasure Title  ID  Details 

    Network Isolation 

    Employ appropriate network segmentation. Disable Universal Plug and Play (UPnP), Peer-to-Peer (P2P), and Anonymous Visit features on IP cameras and routers. 

    Access Mediation 

    Limit access and utilize additional attributes (such as device information, environment, and access path) when making access decisions. Configure access controls carefully to ensure that only well-maintained and well-authenticated accounts have access. 

    Inbound Traffic Filtering 

    Implement host firewall rules to block connections from other devices on the network, other than from authorized management devices and servers, to prevent lateral movement. 

    Resource Access Pattern Analysis 

    Use automated tools to audit access logs for security concerns and identify anomalous access requests. 

    Outbound Traffic Filtering 

    Block NTLM/SMB requests to external infrastructure. 

    Platform Monitoring 

    Install EDR/logging/cybersecurity solutions onto high value systems with large amounts of sensitive data such as mail servers and domain controllers. 

    System File Analysis 

    Collect and monitor Windows logs for certain events, especially for events that indicate that a log was cleared unexpectedly. 

    Application Hardening 

    Enable optional security features in Windows to harden endpoints and mitigate initial access techniques. 

    Application-based Process Isolation 

    Enable attack surface reduction rules to prevent executable content from email. 

    Executable Allowlisting 

    Enable attack surface reduction rules to prevent execution of files from globally writeable directories, such as Downloads or %APPDATA%. 

    Execution Isolation 

    Unless users are involved in the development of scripts, limit the execution of scripts (such as batch, JavaScript, and PowerShell) to known scripts. 

    Application Configuration Hardening 

    Disable Windows Host Scripting functionality and configure PowerShell to run in Constrained mode. Disable protocols that use weak authentication (e.g., clear-text passwords, or outdated and vulnerable authentication or encryption protocols) or do not support multi-factor authentication. Turn off other ports/services not in use (e.g., FTP, web interface, etc.). 

    Process Spawn Analysis 

    Use open source SIGMA rules as a baseline for detecting and alerting on suspicious file execution or command parameters. 

    URL Reputation Analysis 

    Use services that provide enhanced browsing services and safe link checking. 

    Network Access Mediation 

    Do not allow incoming traffic, especially logins to systems, from public VPN services. Where possible, logins from public VPNs, including exit nodes in the same country as target systems, should be blocked or, if allowed, alerted on for further investigation. Ensure cameras and other Internet of Things devices are protected by a security appliance, if possible. 

    DNS Denylisting 

    D3-DNSDL 

    Do not allow outgoing traffic to hosting and API mocking services frequently used by malicious actors. 

    Domain Name Reputation Analysis 

    Heuristic detections for web requests to new subdomains may uncover malicious phishing activity. Logging the requests for each sub-domain requested by users on a network, such as in DNS or firewall logs, may enable system administrators to identify new targeting and victims. 

    Multi-factor Authentication 

    Use MFA with strong factors and require regular re-authentication, especially for management accounts. 

    Job Function Access Pattern Analysis 

    D3-JFAPA 

    Implement other mitigations for privileged accounts: including limiting the number of admin accounts, considering using hardware MFA tokens, and regularly reviewing all privileged user accounts. 

    User Account Permissions 

    Separate privileged accounts by role and alert on misuse of privileged accounts. Audit user accounts on all devices to ensure they are an accurate reflection of your organization and that they are being used as expected. 

    Token-based Authentication 

    Reduce reliance on passwords; instead, consider using services like single sign-on. 

    Credential Hardening 

    Do not store passwords in Group Policy Preferences (GPP). Remove all passwords previously included in GPP and change all passwords on the corresponding accounts. 

    Authentication Event Threshholding 

    Use account throttling or account lockout. Throttling progressively increases time delay between successive login attempts. If using account lockout, allow between 5 to 10 attempts before lockout. 

    Strong Password Policy 

    Use a service to check for compromised passwords before using them. 

    Credential Rotation 

    Change all default credentials. 

    Encrypted Tunnels 

    Disable protocols that use weak authentication (e.g., clear-text passwords, or outdated and vulnerable authentication or encryption protocols). Use a VPN for remote connections to devices. 

    Software Update 

    Apply security patches and firmware updates to all devices. Ensure devices are currently supported. Replace devices that are end-of-life. 

    Agent Authentication 

    Ensure authentication is enabled for remote access to devices. If supported on IP cameras, enable authenticated RTSP access only. 

    User Behavior Analysis 

    Review all authentication activity for remote access to make sure it is valid and expected. Investigate any unexpected or unusual activity. 

    MIL OSI USA News -

  • MIL-OSI Europe: Written question – Ensuring resilience of EU countries against electricity blackouts and protection of critical infrastructure – E-001930/2025

    Source: European Parliament

    Question for written answer  E-001930/2025
    to the Commission
    Rule 144
    Krzysztof Brejza (PPE)

    The recent electricity blackout in Spain and Portugal underscores the importance of reducing vulnerabilities and strengthening the resilience of critical energy infrastructure to ensure the uninterrupted provision of essential services. Energy systems are the backbone of the EU’s economy and society, and disruptions – especially in interconnected grids – can have significant cross-border impacts.

    One of the priorities of the European internal security strategy (ProtectEU) is the protection of critical infrastructure, including energy interconnectors. The blackout raises important questions about current levels of preparedness and whether additional efforts are needed at EU level.

    In the light of this:

    • 1.How does the Commission assess the impact of the Iberian blackout on the implementation of ProtectEU’s critical infrastructure goals?
    • 2.What measures are being considered to enhance the protection of energy infrastructure across the EU?
    • 3.How will the Commission assess the implications of the Iberian blackout for the implementation of the Critical Entities Resilience Directive (Directive (EU) 2022/2557[1])?

    Submitted: 14.5.2025

    • [1] Directive (EU) 2022/2557 of the European Parliament and of the Council of 14 December 2022 on the resilience of critical entities and repealing Council Directive 2008/114/EC, OJ L 333, 27.12.2022, p. 164, ELI: http://data.europa.eu/eli/dir/2022/2557/oj.
    Last updated: 21 May 2025

    MIL OSI Europe News

  • MIL-OSI Europe: Written question – Misuse of funds from the Recovery and Resilience Facility in Spain – E-001902/2025

    Source: European Parliament

    Question for written answer  E-001902/2025
    to the Commission
    Rule 144
    Dolors Montserrat (PPE)

    The reply to questions E-000571/2025, E-000570/2025, E-000572/2025 and E-000573/2025[1] on the use of the Recovery and Resilience Facility (RRF) by RTVE only makes reference to a digital training project and defers its assessment to a later date. Taking account of the results of the European Court of Auditors’ report on the RRF, which identifies structural weaknesses that need to be addressed if a performance-based funding model is to be consolidated:

    • 1.How does the Commission intend to ensure that Recovery and Resilience Facility funds actually reach the final recipients, especially in countries such as Spain, where a lack of traceability, delays in implementation and poor assessment of the impact of the reforms financed have been identified?
    • 2.How does it intend to prevent the opaque use of funds within RTVE, bearing in mind that this could open the door to bad practices, corruption or favouritism, thereby eroding public trust in the institutions?

    Submitted: 13.5.2025

    • [1] https://www.europarl.europa.eu/doceo/document/E-10-2025-000570-ASW_EN.html
    Last updated: 21 May 2025

    MIL OSI Europe News

  • MIL-OSI: BAWAG Group: Moody’s affirms ratings and changes outlook from stable to positive

    Source: GlobeNewswire (MIL-OSI)

    VIENNA, Austria – May 21, 2025 – Today, Moody’s announced that it affirms the ratings of BAWAG P.S.K. and changed the outlook on the long-term deposit, senior unsecured, and long-term issuer ratings from stable to positive.

    The positive outlook is a reflection of our to-be integrated recent acquisitions which show a steady business performance and could result in a sustainably improved financial profile.

    The release of Moody’s is available on our website https://www.bawaggroup.com.

    David O’Leary, Chief Risk Officer of BAWAG Group, commented: “The change to a positive outlook is a testament to our strategy focused on sustainable growth, efficiency and maintaining a safe and secure balance sheet. While our strategy has been unchanged since 2012, with the recent acquisitions, our business profile with focus on DACH/NL region as well as Retail & SME had been enhanced. The improved outlook highlights the resilience and stability of our business, with increased profitability after our acquisitions.”

    About BAWAG Group
    BAWAG Group AG is a publicly listed holding company headquartered in Vienna, Austria, serving our over 4 million retail, small business, corporate, real estate and public sector customers across Austria, Germany, Switzerland, Netherlands, Ireland, the United Kingdom, and the United States. The Group operates under various brands and across multiple channels offering comprehensive savings, payment, lending, leasing, investment, building society, factoring and insurance products and services. Our goal is to deliver simple, transparent, and affordable financial products and services that our customers need.

    BAWAG Group’s Investor Relations website https://www.bawaggroup.com/ir contains further information, including financial and other information for investors.

    Forward-looking statement
    This release contains “forward-looking statements” regarding the financial condition, results of operations, business plans and future performance of BAWAG Group. Words such as “anticipates,” “believes,” “estimates,” “expects,” “forecasts,” “intends,” “plans,” “projects,” “may,” “will,” “should,” “would,” “could” and other similar expressions are intended to identify these forward-looking statements. These forward-looking statements reflect management’s expectations as of the date hereof and are subject to risks and uncertainties that may cause actual results to differ materially from those projected. These risks and uncertainties include, but are not limited to, economic conditions, the regulatory environment, loan concentrations, vendors, employees, technology, competition, and interest rates. Readers are cautioned not to place undue reliance on the forward-looking statements as actual results may differ materially from the results predicted. Neither BAWAG Group nor any of its affiliates, advisors or representatives shall have any liability whatsoever (in negligence or otherwise) for any loss howsoever arising from any use of this report or its content or otherwise arising in connection with this document. This report does not constitute an offer or invitation to purchase or subscribe for any securities and neither it nor any part of it shall form the basis of or be relied upon in connection with any contract or commitment whatsoever. This statement is included for the express purpose of invoking “safe harbor provisions”.

    Financial Community:
    Jutta Wimmer (Head of Investor Relations)
    Tel: +43 (0) 5 99 05-22474

    IR Hotline: +43 (0) 5 99 05-34444
    E-mail: investor.relations@bawaggroup.com

    Media:
    Manfred Rapolter (Head of Corporate Communications & Social Engagement)
    Tel: +43 (0) 5 99 05-31210
    E-mail: communications@bawaggroup.com

    This text can also be downloaded from our website: https://www.bawaggroup.com

    The MIL Network

  • MIL-OSI NGOs: Creative industry figures urge Starmer to act against Gaza genocide- ‘you know what is happening’

    Source: Amnesty International –

    116 leading UK and Irish creatives have urged Keir Starmer to act over Israel’s escalating atrocities in Gaza, criticising UK arms exports, settlement trade, and lack of ICC support – open letter 

    Riz Ahmed, Dame Harriet Walker, Maxine Peake, Nish Kumar, Paloma Faith and others condemn UK government inaction on Gaza 

    The Prime Minister must ‘stand up for justice and human rights’ and ‘words are no longer enough; we need to see action’ – Creatives 

    Artists gather outside Downing Street to hold placards urging the PM to act to stop the genocide and human rights abuses in Gaza 

    Over 100 leading voices from across the UK and Ireland’s film, television, and creative industries including Riz Ahmed, Dame Harriet Walker, Maxine Peake, Nish Kumar, Paloma Faith, Juliet Stevenson and many more have united to call on Prime Minister Keir Starmer to take urgent action in response to Israel’s escalating atrocities in Gaza and the wider Occupied Palestinian Territory (OPT).   

    In a public letter, the group condemn “all attacks on civilians” but emphasise that as well as Israel’s decades-long military occupation, expansion of illegal settlements, and system of apartheid, Israel is committing genocide against Palestinians in Gaza, as described by Amnesty International in its report “You feel Like You Are Subhuman”.  

    “We are deeply troubled by your lack of meaningful action to help deter Israel’s horrifying and calculated violations of Palestinian rights,” the letter states to the Prime Minister. 

    Since October 2023, more than 20,000 children have reportedly been killed in Gaza. The group point to the use of 2,000lb bombs dropped from F-35 fighter jets – supplied with UK-made components – as part of a devastating campaign that includes siege tactics blocking access to food, water, electricity, and medicine for over two million civilians. 

    “You know what is happening,” they write to the Prime Minister, and state “your Government is failing to fulfil its obligation to prevent the ongoing genocide in Gaza.” 

    The letter also highlights a stark double standard in UK policy: banning imports from Russian-occupied Crimea, while allowing trade with Israeli settlements in the illegally Occupied Palestinian Territory. The International Court of Justice has made clear that countries must not support illegal occupations – including through trade.

    In addition to arms and trade, the group call on the UK government to fully support the International Criminal Court’s investigation into alleged war crimes and crimes against humanity in the region. 

    Their demands include: 

    • An immediate suspension of all UK arms exports to Israel 
    • A ban on trade with illegal Israeli settlements in the Occupied Palestinian Territory 
    • Compliance with international legal rulings, including those of the ICJ and ICC 

    The group implores the Prime Minister “to stand up for justice and human rights” and that “words are no longer enough; we need to see action”. 

    Artists gather outside Downing Street to deliver the letter and hold placards urging the PM to act to stop Israel’s genocide and human rights abuses in Gaza. 

    The artists held placards bearing messages from residents of Gaza that capture the urgency and human toll of the crisis: 

    • “I don’t want my child to die hungry” – Gaza Resident, Occupied Gaza 
    • “You may send your child to bring water only for him to return in a body bag” – Gaza Resident, Occupied Gaza 

    These statements are a stark reminder of the daily reality for civilians under Israel’s illegal blockade.  

    About the Signatories 

    This statement by Amnesty International has been endorsed by a coalition of UK-based professionals across the creative industries – filmmakers, actors, writers, artists and cultural leaders – who believe in the power of art, law, and collective voice in the face of injustice. 

    Ahmed Masoud; Aisling Bea; Aiysha Hart; Alan Moore; Alexander McKinnon; Alexei Sayle; Alice Roberts; Alisdair Beckett; King Amrita Acharia; Andrea Arnold Anjli; Mohindra Anneika; Rose Annie Mac; Sir Anish Kapoor CBE; Anoushka Shankar; Dr Ariel Caine; Bernadette O’Brien; Bertie Carvel; President of the Bianca Jagger Human Rights Foundation; Brian Eno; Briony Hannah; Brona C Titley; Charlotte Church; Chipo Chung; David Morrissey; Deborah Frances-White; Declan McKenna; Denise Gough; Emma D’Arcy; Esther Freud; Esther Manito; Fionn O’Loinsigh; Francesca Martinez; Frankie Boyle; Frederico Gaggio; Grace Petrie; Dame Harriet Walter; Himesh Patel; Ian Rickson; Imran Yusuf; Indeyarna Donaldson-Holness; Inua Ellams MBE; Ivor Graeme; Jackie Clune; James Acaster; Jan Pearson; Janie Dee; Jason Fleming; Jay Griffiths; Jen Brister; Jessica Fostekew; Jim Loach; John Higgs; Josie Long; Jolyon Rubinstein; Juliet Stevenson CBE; Kathy Lette; Kerry Godliman; Khalid Abdalla; Ken Loach; Lise Meyer; Lolly Adefope; Louisa Young; Love Ssegga; Mae Martin; Mahtab Hussain; Manjinder Virk; Mariam Haque; Marnie Dickens; Max Porter; Maxine Peake; Dr Michael Hrebeniak; Misan Harriman; Mystery Jets; Nadia Sawalha; Nicola Thorp; Nikesh Patel; Nikesh Shukla; Nikita Gill; Nimmi Harasgama; Nish Kumar; Paapa Essiedu; Paloma Faith; Paul Laverty; Penny Woolcock; Peter Wyer; Rebecca O’Brien; Rida Hamidou; Riz Ahmed; Robin Ince; Robin Morrissey; Roger Hartley; Roisin O’Loughlin; Ruth Lass; Salena Godden; Sam Spruell; Sara Masry; Sarah Agha; Sasha Behar; Selma Dabbagh; Shazia Mirza; Simon Rix; Sonali Bhattacharyya; Stewart Lee; Steve Coogan; Susan Lynch; Suzi Ruffell; Thomas Browne; Thomas Combes; Thusitha Jayasundera; Tobias Menzies; Dame Tracey Emin; Tracey Seaward; Vijay Mistry; Vivian Munn; Young Fathers (all members); Zainab Hassan 

    MIL OSI NGO

  • MIL-OSI Global: How outdoor sports can support youth as they navigate climate change

    Source: The Conversation – Canada – By Brett Tomlinson, Adjunct Professor, Faculty of Educaiton, Nipissing University

    As climate change continues to impact the way we interact with our planet, it’s critical to consider ways we can encourage youth to participate in climate action initiatives.

    Young people across Canada are feeling frightened about the future of the planet. A Canadian study published in 2023 surveyed 1,000 young participants on their feelings about climate change. Sixty-six per cent of respondents said they felt anxiousness or hopelessness about climate change, while 78 per cent said it impacts their overall mental health.

    There are a number of ways to approach this overwhelming emotion, considering it could result not only in poor quality of life for youth but also continued inaction for the planet.

    My research in outdoor physical education leads me to consider more positive behaviour for youth in association to climate change that could likely benefit youth and the planet. The challenge is finding opportunities to develop pro-environmental behaviours and environmental stewardship with Canadian youth.



    Read more:
    6 ways to build resilience and hope into young people’s learning about climate change

    It’s about more than time outdoors

    When looking to develop pro-environmental behaviours, one way could be to simply encourage more time outdoors. But research from Germany suggests that just interacting with nature is not enough; rather, young people need to find ways to engage with nature and use the natural landscape to develop an emotional connection with the environment.

    According to the German study, certain sports can lead to more environmentally sustainable attitudes and behaviours from participants. Some sports in particular — like cross-country skiing, mountain biking or triathlon — increase those positive behaviours more than others. This isn’t simply because participants are alone within a natural setting; it’s because the focus of the sport is on the natural landscape.

    To explain a bit further, soccer, for example, is typically played outside but often on a manicured, sometimes artificial, field that is in many ways devoid of any natural influence.

    Alternatively, mountain biking requires participants to ride on trails that take them directly through forested areas or spaces that are selected based on their unique natural landscape. As athletes participate in sports more frequently and spend more time within nature, they then develop a stronger emotional connection to the space they’re in. This leads to pro-environmental behaviours and attitudes, which can then generate environmental stewardship.



    Read more:
    Earth Day 2024: ‘Green muscle memory’ and climate education promote behaviour change

    Rock climbing

    Within rock climbing groups and organizations, there is evidence suggesting members frequently participate in beneficial environmental stewardship projects. Outdoor rock-climbing groups typically manage spaces — sometimes privately owned, but frequently under government jurisdiction in provincial or national parks — to ensure safe and responsible climbing practices. Climbers rely on ropes, equipment and bolts to ensure safety as they’re climbing.

    But another obvious factor is the rock face they climb. The connection to rock and the climbing routes over those rock faces help foster a sense of environmental stewardship within climbers. Similar to mountain biking, the process starts with an introduction to the sport, but slowly develops into more care and attention paid to the natural spaces where climbers practise their activity.

    One American study indicates that rock climbing organizations often find opportunities to clean up the areas where they climb, and also look to maintain the natural features of that space.

    The research finds that for climbers, the challenge is to maintain natural spaces and keep the rock as pristine as possible. This also extends to conservation efforts to ensure that space maintains its use for climbing as opposed to turning it into a more urban or commercialized area.

    The joy that participants received from the sport of climbing initiated this environmental stewardship and maintained progressive action in local environmental initiatives.

    Element of physical risk

    One thing to note is that climbing and mountain biking do involve an element of physical risk.

    Doing some research on these sports can help youth assess risks alongside what can be gained from participating. But it’s also important to acknowledge that encouraging young people to foster deeper connections to nature as opposed to having simple interactions with outdoor spaces doesn’t mean they have to cycle down a mountain or climb a massive rock wall.

    Risk cannot be completely eliminated from outdoor sports and recreation, but there can be great social and personal benefit from participating in these types of activities.

    Instead of a high-risk sport, educators and outdoor leaders can influence participants with simpler actions. I am aware of outings involving outdoor hikes, or taking time at night to gaze at the stars and listen to the sounds of nature, that have sparked in young people an interest in outdoor spaces — and caring for them.

    Such experiences can then lead young people to continue to explore outdoor adventure and sport, that can , significantly, foster an appreciation of natural settings through direct interaction as well as a positive sense of community. This can be a starting point to help alleviate feelings of hopelessness to climate change.



    Read more:
    Teachers need bolder action from our school boards to educate in and for a climate emergency

    Addressing potential harms, amplifying benefits

    Despite the benefits of participating in outdoor sports, there is a need to acknowledge that participation can have some negative impact on the environment.

    For example, interaction with nature through sport can impact natural habitats and has the potential to alter behavioural patterns of animals. Furthermore, there is a risk of erosion of natural spaces, as well as the slim potential for the movement of invasive species.

    This being said, it’s critical to consider what we can gain from supporting youth to participate in outdoor sport and education when such activities are planned with attentiveness and care.

    Brett Tomlinson does not work for, consult, own shares in or receive funding from any company or organisation that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.

    ref. How outdoor sports can support youth as they navigate climate change – https://theconversation.com/how-outdoor-sports-can-support-youth-as-they-navigate-climate-change-256643

    MIL OSI – Global Reports