he Oregon Department of Veterans’ Affairs (ODVA) is proud to announce the return of its annual Veteran Benefit Expo, the state’s largest veteran resource event, on June 16th at the Salem Armory Auditorium, 2310 17th St. NE.
This marks the first in-person Expo since 2019 and will also feature a special 80th Anniversary Celebration of ODVA beginning at 10 a.m.
Organized by the Oregon Department of Veterans’ Affairs and presented in partnership with the Oregon Lottery and the Oregon Military Department, the Veteran Benefit Expo is a one-of-a-kind event and a one-stop shop for Oregon veterans of all eras and walks of life to learn about and access the full range of their earned benefits and local resources.
More than 65 participating agencies, nonprofits and service providers will be on hand to provide in-depth information and direct services across a wide range of benefit areas, including health care, disability claims assistance, housing, emergency assistance, long-term care, mental health, education, business, recreation and more.
“We are celebrating the 80th anniversary of ODVA by doing what we’ve always done: showing up for Oregon veterans and their families,” said ODVA Director Dr. Nakeia Council Daniels. “The Veteran Benefit Expo is more than an event — it is the heart of our mission brought to life: bringing vital resources and earned benefits into the communities where veterans live and work, and making sure they know they’re seen, valued, and supported.”
This year’s Expo will also celebrate ODVA’s eight decades of service to Oregon’s veteran community, kicking off with the 80th Anniversary Ceremony at 10 a.m. on the Armory Auditorium stage, which will be immediately followed by a cake cutting and the opening of the Expo. The public is invited to attend.
Space is limited, but there are still openings for state or local organizations who provide direct benefits to veterans and who are interested in being an exhibitor at this year’s Expo. Registration is free but is subject to approval by ODVA based on space and other considerations. To register, visit www.surveymonkey.com/r/orvetexpo25vendors.
The Veteran Benefit Expo was first held in 2015 at the Salem Convention Center in honor of ODVA’s 70th anniversary and has grown to become the agency’s signature outreach event, drawing an estimated 500 to 600 veterans each year. Since its inception, the Expo has traveled to different regions of the state, with plans to continue rotating in future years to ensure broad access to benefits by the state’s diverse veteran population.
Company Hosting Investor Webinar on Thursday May 22, 2025, at 10:00 AM EST
Q1 2025 revenue was $10.4 million, up 23% Y/Y excluding recent divestitures
Q1 2025 Income from Operations was $1.5 million, up 1,253% Y/Y excluding recent divestitures
Q1 2025 Adjusted EBITDA was $2.5 million, up 119% Y/Y excluding recent divestitures
TORONTO, May 21, 2025 (GLOBE NEWSWIRE) — NowVertical Group Inc. (TSX-V: NOW) (“NOW” or the “Company”), a leader in AI-driven data solutions, announces financial results for its first fiscal quarter ended March 31, 2025. Unless otherwise specified, all dollar amounts are expressed in U.S. dollars. Management will host an investor webinar at 10:00 AM EST (7:00 AM PST) on Thursday May 22nd, to discuss the Company’s financial and business results.
Selected Financial Highlights for the Three Months Ended March 31, 2025:
Revenue was $10.4 million in the three months ended March 31, 2025 (“Q1 2025”), a 20% decrease from $12.9 million for the three months ending March 31, 2024 (“Q1 2024”). Excluding the disposition of Allegient Defense, Inc. (“Allegient”) on May 24, 2024, Q1 2024 revenue was $8.4 million, translating to a year-over-year growth of 23%.
Gross Profit was $5.1 million in Q1 2025, a 15% decrease from $6.0 million in Q1 2024. Excluding the Allegient business, Q1 2024 gross profit was $4.5 million, translating to a year-over year increase of 15%.
Administrative Expenses were $3.6 million in Q1 2025, a 38% decrease from $5.8 million in Q1 2024. Excluding the Allegient business, Q1 2024 administrative expenses were $4.6 million, translating to a year-over-year decrease of 22%.
Income from Operations was $1.5 million in Q1 2025, a 660% increase from $0.2 million in Q1 2024. Excluding the Allegient business, Q1 2024 had a Loss from Operations of $0.1 million, translating to a year-over-year increase of 1,253%.
Adjusted EBITDA was $2.5 million in Q1 2025, a 69% increase from $1.5 million in Q1 2024. Excluding the Allegient business, Adjusted EBITDA was $1.2 million in Q1 2024, translating to a year-over-year increase of 119%.
Net Loss was $0.7 million in Q1 2025, a 55% decrease from $1.5 million in Q1 2024. Excluding the Allegient business, Net Loss was $1.9 million in Q1 2024, translating to a year-over-year decrease of 63%.
“NOW again delivered a strong quarter and continues to demonstrate its transformation into a business defined by consistency, stability, and sustainable performance. Q1 2025 marks our fifth consecutive quarter of continuous growth and operational improvement, underscoring our momentum across the business,” said Sandeep Mendiratta, CEO of NOW. “We delivered Adjusted EBITDA of $2.5 million, representing an EBITDA margin of 24%, in line with our $10 million annual run-rate target. Our 23% year-over-year revenue growth is a direct result of disciplined execution and a sharpened operational focus. We have successfully renegotiated acquisition-related liabilities, unlocking an estimated $5.4 million in cash savings and improving our payment schedules. These efforts have strengthened our balance sheet and position us for sustained organic revenue growth with strong margins across our core markets.”
Q1 2025 and Subsequent Business Highlights:
May 13, 2025: Announced that the company was named Qlik Latin America Channel Growth Partner of the Year 2024. The award highlights NOW’s ability to scale customer impact and accelerate business value.
May 08, 2025: Announced its UK operations have been recognised as a Google Cloud Premier Partner, the highest designation within the Google Cloud Partner Advantage programme.
April 22, 2025: The company announced that further to its news release on March 10, 2025, it has settled aggregate of CAD$35,220.62 representing the net amount of certain bonus entitlements owing to certain employees through the issuance of an aggregate of 93,917 Class A Subordinate voting shares in the capital of the Company
April 17, 2025: NOW announced the launch of its flagship Data Catalyst Solution on the Microsoft Azure Marketplace, reinforcing the Company’s strategic positioning at the intersection of enterprise AI, data infrastructure modernisation, and Microsoft ecosystem expansion.
April 14, 2025: The company announced that it will be presenting at the Planet MicroCap Showcase: VEGAS 2025 in partnership with MicroCapClub.
April 08, 2025: Announced that it has received the 2025 Google Cloud Data & Analytics Partner of the Year award for Latin America.
April 01, 2025: NOW announced its 2024 record financial results.
Q1 2025 Financial Results Investor Webinar:
The Company invites shareholders, analysts, investors, media representatives, and other stakeholders to attend our upcoming webinar. Management will discuss Q1 2025 results, followed by a question-and-answer session.
Investor Webinar Registration:
Time: Thursday, May 22, 2025, 10:00 AM in Eastern Time (US and Canada)
A recording of the webinar and supporting materials will be made available in the investor’s section of the Company’s website at https://www.nowvertical.com/news-and-media.
Additional Information:
The Company’s first quarter 2025 condensed consolidated interim financial statements, notes to financial statements, and management’s discussion and analysis for the three ended March 31, 2025, are available on the Company’s SEDAR+ profile at www.sedarplus.com. Unless otherwise indicated, all references to “$” in this press release refer to US dollars, and all references to “CAD$” in this press release refer to Canadian dollars.
About NowVertical Group Inc.
The Company is a data analytics and AI solutions company offering comprehensive solutions, software and services. As a global provider, we deliver cutting-edge data, technology, and artificial intelligence (AI) applications to private and public enterprises. Our solutions form the bedrock of modern enterprises, converting data investments into business solutions. NOW is growing organically and through strategic acquisitions. For further details about NOW, please visit www.nowvertical.com.
Neither the TSX Venture Exchange nor its Regulation Services Provider (as that term is defined in the policies of the TSX Venture Exchange) accepts responsibility for the adequacy or accuracy of this release.
Investor Relations: Bristol Capital Ltd. Stefan Eftychiou stefan@bristolir.com +1(905)326-1888 x60
Cautionary Note Regarding Non-IFRS Measures:
This news release refers to certain non-IFRS measures. These measures are not recognized measures under IFRS, do not have a standardized meaning prescribed by IFRS and are therefore unlikely to be comparable to similar measures presented by other companies. Rather, these measures are provided as additional information to complement those IFRS measures by providing further understanding of the Company’s results of operations from management’s perspective. The Company’s definitions of non-IFRS measures used in this news release may not be the same as the definitions for such measures used by other companies in their reporting. Non-IFRS measures have limitations as analytical tools and should not be considered in isolation nor as a substitute for analysis of the Company’s financial information reported under IFRS. The Company uses non IFRS financial measures including “EBITDA”, and “Adjusted EBITDA”. These non-IFRS measures are used to provide investors with supplemental measures of our operating performance and to eliminate items that have less bearing on our operational performance or operating conditions and thus highlight trends in our core business that may not otherwise be apparent when relying solely on IFRS measures. The Company believes that securities analysts, investors and other interested parties frequently use non-IFRS financial measures in the evaluation of issuers. The Company’s management also uses non-IFRS financial measures to facilitate operating performance comparisons from period to period and prepare annual budgets and forecasts.
Non-IFRS Measures:
The non-IFRS financial measures referred to in this news release are defined below. The management discussion and analysis for the three months ended March 31, 2025, available at nowvertical.com and on SEDAR+ at www.sedarplus.com contains supporting calculations for Adjusted Revenue, EBITDA % and Adjusted EBITDA
“Adjusted EBITDA” adjusts net income (loss) before depreciation and amortization expenses, net interest costs, and provision for income taxes for revenue adjustments in “Adjusted Revenue” and items such as acquisition accounting adjustments, transaction expenses related to acquisitions, transactional gains or losses on assets, asset impairment charges, non-recurring expense items, non-cash stock compensation costs, and the full year impact of cost synergies related to restructuring activities, such as a reduction of employees.
“EBITDA %” is defined as Adjusted EBITDA as a percentage of Adjusted Revenue.
“Adjusted Revenue” adjusts revenue to eliminate the effects of acquisition accounting on the Company’s revenues, which predominantly pertain to fair market value adjustments to the opening deferred revenue balances of acquired companies.
This news release may contain forward-looking statements and forward-looking information (within the meaning of applicable securities laws) which reflect the Company’s current expectations regarding future events. All statements in this news release that are not purely historical statements of fact are forward-looking statements and include statements regarding beliefs, plans, expectations, future, strategy, objectives, goals and targets. Although the Company believes that such statements are reasonable and reflect expectations of future developments and other factors which management believes to be reasonable and relevant, the Company can give no assurance that such expectations will prove to be correct. Forward-looking statements can generally be identified by the use of forward-looking words such as “may”, “should”, “will”, “could”, “intend”, “estimate”, “plan”, “anticipate”, “expect”, “believe” or “continue”, or the negative thereof or similar variations. Forward-looking statements involve known and unknown risks, uncertainties and other factors that may cause future results, performance, or achievements to be materially different from the estimated future results, performance or achievements expressed or implied by the forward-looking statements. Forward-looking statements are not guarantees of future performance and undue reliance should not be placed thereon, as unknown or unpredictable factors could have material adverse effects on future results, performance or achievements of the Company. Should one or more of these risks or uncertainties materialize, or should assumptions underlying the forward-looking statements prove incorrect, actual results may vary materially from those described herein as intended, planned, anticipated, believed, estimated or expected.
All of the forward-looking statement contained in this press release are qualified by the foregoing cautionary statements, and there can be no guarantee that the results or developments that we anticipate will be realized or, even if substantially realized, that they will have the expected consequences or effects on our business, financial condition or results of operation. Unless otherwise noted or the context otherwise indicates, the forward -looking statements contained herein are provided as of the date hereof, and the Company does not intend, and does not assume any obligation, to update the forward-looking statements except as otherwise required by applicable law.
Source: United States Senator for Virginia Tim Kaine
WASHINGTON, D.C. – U.S. Senators Mark R. Warner (D-VA), Tim Kaine (D-VA), and Michael Bennet (D-CO) issued the statement below after the Department of Defense (DoD) announced immediate modifications to the military’s broken moving system, which handles servicemember relocations. These modifications follow close advocacy by the senators, who have pushed for months to address the delays, poor communication, and repeated issues under the Global Household Goods Contract.
“Military members and their families sacrifice so much in service to our country, including every time they relocate and integrate into a new community. After pushing for months, we’re pleased to see the Department of Defense move to address ongoing challenges with the contract tasked with moving household goods for military members and families in the process of relocating.
“As these policy changes are implemented, we will continue to work with the Department of Defense and TRANSCOM to ensure that servicemembers and military families who are already well into the relocation process are not left in the lurch. Additionally, as these shifts put more pressure on federal employees to adapt to this change, we will continue to push for adequate federal staffing levels and against Trump’s senseless hiring freeze, which continues to prevent critical positions from being filled across government.”
In February, Warner requested a briefing from USTRANSCOM and sounded the alarm about missed household goods pickups, delivery issues, and communication difficulties with HomeSafe Alliance, the contractor responsible for the moves. Earlier this month, the lawmakers raised their concerns, reiterating the ongoing delays and confusion being faced by military families, and requesting additional information from TRANSCOM on its plan to address these issues.
Source: United States Department of Defense (video statements)
Soldiers attached to the @10th Mountain Division enhance coordination and precision during live-fire exercise at the battery’s Table XVIII qualifications on Fort Drum, N.Y.
#Army #military #usa
For more on the Department of Defense, visit: http://www.defense.gov
Source: United States Senator Tommy Tuberville (Alabama)
WASHINGTON – Today, U.S. Senator Tommy Tuberville (R-AL) spoke with Dr. Andrew Gillen, Dr. Michael Lindsay, Dr. Mark Brown, Mr. Mike Pierce, and Dr. Russell Lowery-Hart during a Senate Health, Education, Labor, and Pensions (HELP) Committee hearing on the state of higher education. During the hearing, Sen. Tuberville discussed the reasons for the skyrocket of prices in higher education institutions during recent years.
Sen. Tuberville also introduced Dr. Mark Brown, President of Tuskegee University in Tuskegee, Alabama, to the Committee.
Read Sen. Tuberville’s remarks below or watch on YouTube or Rumble.
Sen. Tuberville’s introduction of Dr. Brown can be found below or on YouTube or Rumble.
INTRODUCTION OF DR. MARK BROWN:
TUBERVILLE: “It’s my pleasure to introduce our second witness, Dr. Mark A. Brown. As a matter of fact, he’s about 20 miles from where I live, as we speak, in Auburn, Alabama. Dr. Brown is the president of Tuskegee University, home of the Tuskegee Airmen, who we’re very proud of. It’s a Historically Black College in Alabama. He is the first alumnus in Tuskegee’s 143-year-history to lead the university. A retired Air Force Major General, Dr. Brown brings unmatched experience in education leadership, federal student aid policy, and HBCU advancement. We are thankful to have you here today to hear your perspective, Dr. Brown. “
ON THE COST OF HIGHER EDUCATION:
TUBERVILLE: “Gentlemen, thanks for being here. I’m passionate about this. I spent [40] years in education—more than anybody in this room probably, maybe other than Dr. Graham, although you spent a little time in the military. I’ve been in high schools all across this country, almost in all 50 states. We’ve gone backwards. [We’re here] today to talk about higher education. I spent 30 years in that and have done a lot of great things for a lot of kids, men and women, rich and poor. It’s got to be merit based, folks. If we don’t merit base this thing, we will not survive as an educational system. This country gives you an opportunity.
I was in a situation where athletics was merit-based. I didn’t care who you were. I had to win games. I recruited kids that had good grades, would go to class, and could play football. And if they couldn’t do those three things and work at it, I didn’t recruit them. It’s got to be the same thing in college in terms of getting a good education. I know of a school that has a happiness degree. That [isn’t] gonna get it. I’m for paying everybody’s way through college, but not for a degree where when they get out, they can’t get a job at Walmart. We need degrees that kids can prosper [with], raise a family, and have a great life in this country. So, I’d like to ask each one of you just one question, starting over with Dr. Gillen.
Dr. Gillen, what factors do you see that have caused massive skyrocketing costs at our universities across the country?”
GILLEN: “So, I would argue that the main driver of higher college cost is what’s called the Bowen Revenue Theory of Cost. When you look at higher education, […] the idea here is not that, you know, higher faculty salaries or increases in institutional aid are driving higher spending. It’s that when more revenue is available, colleges will spend as much as they can. And it makes sense, these are all mission driven institutions, right? If you give each of these schools a million more dollars, they’ll find a good way to spend it. The problem is if you keep doing that, eventually those good ways to spend it aren’t so convincing anymore. But when we have these mission driven institutions, the more money they have, the more money they’re going to spend.”
TUBERVILLE: “Dr. Lindsay?”
LINDSAY: “I think the opportunity that is before is, as you say, to bring accountability and outcomes. And I think we have to be very intentional about the kind of formation that’s occurring on our campuses. I’m really proud of the fact that we have something called the Good Work Initiative, which is basically trying to transform on campus employment opportunities where students are paid a little bit more than minimum wage to give them a little bit more spending money, but we also pair it with professional development and vocational discernment exercises to help them. So, that when they graduate, they actually have that kind of professional experience. It’s a pilot [program]. We’ve had good success with it. We’re allowing the opportunity for more students to take on more leadership roles, giving them good things for their resumes, but also buttressing their opportunities when they graduate.”
TUBERVILLE: “Dr. Brown?”
BROWN: “Senator, I’ll use a real example. I went to my Board of Trustees for this upcoming year and said that I would like to freeze tuition for two years at our school. They approved the freezing of the tuition, but when I looked at the cost of insurance—which is a subcomponent of that tuition—we had to go up. So, the real cost to the customer—the family—was more.
The same is true of the cost of dining, the cost of food that goes into a dining hall contract, and the cost of the utilities it takes to run the campus. My campus is much like any other business. Those costs, we would not be able to absorb, and so our cost went up because costs in the economy went up. It was not that we would spend more because we had more. Those costs were real, and we had to realize those as a school [that] operates just like a business in that sense.”
LOWERY-HART: “Thank you for the question. I would say in the community college sector, there hasn’t been a massive skyrocket rising in prices. At Austin Community College, we haven’t raised tuition in 12 years. I think we’ve raised it once in 15 [years]. We’re the sector of higher education that lives within our means, because our students are so price-sensitive. And I think there could be a lot to learn from how community colleges effectively manage their budgets.”
TUBERVILLE: “I agree with you on that. I’ve been in a lot of community colleges. You do a good job, by the way. And I think more kids need to go to community colleges.
Mr. Pierce?”
PIERCE: “I think it’s my turn to talk about for-profit colleges, which seems to be missing from my colleague’s responses to your question. We have watched the proprietary sector raise costs far in excess of other sectors of the higher education system. And we’ve also watched some of the largest participants in the for-profit college market turn into private non-profit colleges or enter into deals with public colleges. I think we’re not at a place where we were a decade ago talking about the proprietary sector. We should be looking at the backroom deals that some of the largest colleges in the country are cutting with these private companies and how these deals are driving the increase in costs that are being pushed on our most vulnerable students.”
TUBERVILLE: “Good. Thank you.
Thank you, Mr. Chairman.”
Senator Tommy Tuberville represents Alabama in the United States Senate and is a member of the Senate Armed Services, Agriculture, Veterans’ Affairs, HELP and Aging Committees.
Source: United States House of Representatives – Representative Mark Alford (Missouri 4th District)
Today, Congressman Mark Alford (MO-04) announced the launch of the Long-Range Strike Caucus for the 119th Congress. The Caucus provides an informal, bipartisan opportunity to educate Members of Congress on current and future U.S. bomber capabilities, advocate for this essential instrument of national security, and facilitate engagement between Congress, industry, and the Department of Defense. The Caucus is co-chaired by Rep. Don Davis (NC-01).
“We’re proud to re-launch the Long-Range Strike Caucus for this Congress,”said Congressman Alford.“As the Congressman for Whiteman Air Force Base—the home of the B-2 Spirit, and soon the B-21 Raider—I have witnessed first-hand the strategic necessity of our long-range strike capabilities. Last October, I was in the Middle East when our heroic airmen showed the world what they can do, striking terrorist lairs in Yemen with pinpoint precision.That’s not just power. It’s a promise that America can reach out and touch anyone, anywhere, at any time when freedom is at stake. I look forward to bipartisan collaboration on how we can ensure America maintains its superior long-range strike capabilities well into the future.”
“As our nation confronts emerging global threats to national security, the Long Range Strike Caucus can play a significant role in our defense and in safeguarding the American people,” said Congressman Don Davis. “Modernizing our long-range strike aircraft, particularly our bombers, is essential to ensuring that the U.S. military continues to be the world’s premier fighting force.”
Background:
The Long-Range Strike Caucus advocates for our nation’s bomber force and the many missions that support our bombers in conducting long-range strikes. This includes active duty, guard, and reserve units that provide fighter escort, suppression of enemy air defenses, air refueling, testing, acquisition, and depot maintenance.
The Air Force bomber fleet provides a unique ability for the U.S. to rapidly strike any target in the world, an essential capability for deterring our enemies and reassuring our allies and partners.
Despite its active use and global presence, our bomber fleet is the smallest and oldest it has ever been. With an average age of more than 40 years old, almost half of our current long-range strike aircraft pre-date the Cuban Missile Crisis. The failure to adequately modernize has impacted our ability operate, especially in potentially contested environments. Therefore, efforts to develop and procure a new generation of Air Force bombers, including the B-21 Raider and refitted B-52J, are critical to the conventional and nuclear national security apparatus.
Source: United States House of Representatives – Monica De La Cruz (TX-15)
Ahead of Memorial Day, Congresswoman Monica De La Cruz (TX-15) introduced the Sergeant Alfredo “Freddy” Gonzalez Congressional Gold Medal Act to posthumously recognize Edinburg-native Sgt. Gonzalez’s service during the Vietnam War.
“Every Memorial Day, we are reminded that our freedoms are not free. Sgt. Freddy Gonzalez is a South Texas hero who sacrificed his life to protect the soldiers in his platoon. Though we can never repay his sacrifice, the Congressional Gold Medal shows our nation’s appreciation for his heroism and will carry on his legacy for years to come.”– Congresswoman Monica De La Cruz
Background:
The Sgt. Freddy Gonzalez Congressional Gold Medal Act instructs the Secretary of the Treasury to issue a gold medal dedicated to Sgt. Gonzalez to recognize his service and sacrifice during the Vietnam War.
Sgt. Gonzalez displayed extraordinary bravery and leadership as a platoon commander. While under heavy enemy fire, he maneuvered his unit and saved a wounded comrade despite being injured himself. He continued to lead his men and refused medical attention even after being seriously wounded. He continued to lead his platoon up until his death.
His actions led to accolades, including the Medal of Honor, the Purple Heart, the Presidential Unit Citation, the National Defense Service Medal, the Vietnam Service Medal with two bronze stars, the Vietnamese Cross of Gallantry with star, the Vietnamese Cross of Gallantry with palm, the Military Merit Medal, the Republic of Vietnam Campaign Medal, and the namesake of the USS Gonzalez.
Source: United States Senator for Kansas Roger Marshall
Washington – U.S. Senator Roger Marshall, M.D. (R-Kansas) joined Shaun Kraisman and Emma Rechenberg on Newsmax this morning to discuss the status of President Donald Trump’s ‘One Big, Beautiful Bill,’ what’s next for the reconciliation process regarding State and Local Tax (SALT) Deduction, and the ‘Golden Dome’ defense system announced by the President and Secretary of Defense Pete Hegseth yesterday.
You may click HERE or above to watch Senator Marshall’s full interview on Newsmax
Highlights from the interview include:
On President Trump helping close out the negotiations:
Senator Marshall: “I thought about this this weekend during a baseball game. If the House, if this was a baseball game, the House is going into the seventh inning, and we’re going to have to bring our closer in sooner than expected. So, we’re going to bring in Donald Trump. And you think of all the great closers in the history of baseball, you’ve got Goose Gossage who had a fastball. So, we’ll bring him in the eighth inning, and then the ninth inning President Trump will be like Mario Rivera, who has his cutter.
“So, look, if it wasn’t for President Trump, this doesn’t happen, but I do believe in Speaker Johnson, President Trump, they’ll get it across the finish line. Send it over here and we’ll make the bill even better.”
On the SALT Deduction negotiations:
Senator Marshall: “If you think about where the big divisions are on this bill, it’s the SALT tax… You have some Republicans from districts that are blue, and they want this SALT tax to go up. And by the way, it’s going to cost $1 trillion dollars over the next 10 years, and you have conservative Republicans like myself who say the biggest issue in the country right now is our national debt. And there’s so many other things we could do with that trillion dollars rather than spending it, you know, giving these people from blue states a big tax break as well.
“So, President Trump is trying to find that sweet spot. This bill is not perfect. This is not the bill that a conservative Republican like myself would write, but we’re getting there. This is the first step towards a balanced budget. We need to deliver on the President’s promises.”
On the Golden Dome Defense System:
Senator Marshall: “Well, obviously this would give us a big advantage. If we could shoot down all the Chinese nuclear warheads and their warp speed missiles that they have as well, this would just put our military at a big, big advantage. But to me this is a defensive weapon, as far as United States has been concerned.
“Look, we don’t want to rule the world. We just want to make sure our families are safe and secure. I think this will be a great investment. $175 billion is what the President’s going to spend on this probably. Think about this, we spent $200 billion in Ukraine and I don’t know what that did for the safety of American citizens.
“I think that you know, this takes me back to my boyhood when they announced… going to the moon. And this is something that Americans can rally around together, that we can cheer for together. We don’t have the technology to complete this yet. It looks next to impossible. I would put this way ahead of any purpose of going to Mars for America right now. So, I think this is a good investment. It’s going to make Americans safer – that’s what President Trump promised us. He said he’s going to make our family safer and more secure. So, I’m behind it, I’m excited about the technology, and there will be so many other benefits from this technology going forward as we develop this.”
Source: People’s Republic of China in Russian – People’s Republic of China in Russian –
Source: People’s Republic of China – State Council News
MINSK, May 21 (Xinhua) — The 12th International Exhibition of Arms and Military Equipment MILEX-2025 opened on Wednesday at the Minsk International Exhibition Center “BelExpo”. More than 150 companies from Belarus, Russia, China, Iran, Pakistan, and India are taking part in the event. They are demonstrating samples of weapons and military equipment that reflect the main trends and development prospects of the global arms market.
President of Belarus Alexander Lukashenko sent a greeting to the participants and guests of the international exhibition. “In the year of the 80th anniversary of the Victory of the Soviet people in the Great Patriotic War, we are holding this representative forum in honor of our common heroes. The generation of victors bequeathed to us to preserve peace and freedom in our native land, won at an unprecedentedly high price. In the name of this goal, we, the allied countries, are increasing our defense potential and strengthening cooperation in the field of security,” A. Lukashenko’s press service quotes him as saying.
The President of Belarus expressed confidence that the international exhibition of weapons and military equipment will allow a wide range of specialists and experts to become familiar with the most advanced achievements of both Belarusian manufacturers and foreign partners.
MILEX-2025 presents more than 750 samples of weapons, military and special equipment of Belarusian production. Among them are the anti-aircraft missile system “Buk-MB-2K” with the first Belarusian anti-aircraft guided missile, the grenade launcher system “Sapfir”, the armored personnel carrier V-2. The total area of the exhibition exceeds 11.5 thousand square meters.
The 11th International Scientific Conference on the Development of Weapons, Military and Special Equipment and Dual-Use Technologies will be held as part of the scientific and business program of the event. The conference will address current issues of creating systems to counter high-precision weapons, electronic warfare, radio-technical and radar reconnaissance, troop and weapon control, and radio communications. A separate section will be devoted to the topic of unmanned systems for various purposes.
The organizers of the 12th International Exhibition of Arms and Military Equipment MILEX-2025 are the State Military-Industrial Committee and the Ministry of Defense of Belarus, as well as the National Exhibition Center “BelExpo”. The event will last until May 24. –0–
Source: United States Senator Peter Welch (D-Vermont)
WASHINGTON, D.C. — U.S. Senator Peter Welch today joined Senators Kevin Cramer (R-N.D.) and Angus King (I-Maine) in introducing a resolution to recognize the U.S.-Canada partnership and its shared interests in economic, energy and critical minerals, and national security. The United States and Canada share three oceans and the world’s longest border. About 400,000 people and more than $2.5 billion worth of goods and services move across the U.S.-Canada border each day.
Canada is the largest trading partner for 34 U.S. states, including Vermont. In 2024 alone, trade with Canada accounted for 35% of Vermont’s exports, 67% of imports, and 56% of its total trade. One in four businesses in Vermont relies on trade with Canada and sells more goods to Canada than the next six largest foreign markets combined. In 2023, Vermont exported $150 million just in food and agricultural products to Canada.
“Canada is Vermont’s biggest trading partner and one of our most important allies—but first and foremost, they’re our friend. That friendship is based on centuries of trust and mutual respect, and the success of our northern neighbors directly impacts the success of hardworking families, businesses, farms, and manufacturers here in the United States. This administration is challenging that relationship,” said Senator Welch. “Attacks on Canada—whether through rhetoric or reckless trade policy—are eroding the bond between our two countries. Staying rooted in the values that have defined our relationship over time–respect, trust, and friendship–are vital to strengthening our alliance now and in the future.”
“Representing a Northern border state, I recognize the importance of the unique partnership between the United States and Canada,” said Senator Cramer. “Not only are our neighbors to the north crucial economic and national security partners, but they are literally our closest ally. This resolution celebrates our closeness and is a testament to the enduring strength, friendship, and importance of the U.S.-Canada alliance across the country and the globe.”
“The United States and Canada have always been closely tied; we share our economies, cultures, military interests and more. In fact, in Maine, even our next door neighbor lives right across the border,” said Senator King. “I continue to be proud of the work we have achieved under the American-Canadian Economy and Security (ACES) Caucus alongside my Senate Co-Chair Kevin Cramer, but know that the current situation presents many unfortunate challenges. While I am excited to reintroduce this resolution to reaffirm our two nations’ commitment to one another, we must acknowledge the close ties between our countries to resolve and mitigate any potential disruptions to our intertwined interests. As close trade partners and allies, I look forward to strengthening this close alliance to tackle these shared challenges and seize new opportunities.”
Among other provisions, the resolution recognizes the relationship between the United States and Canada is critical to promoting peace, expanding global economic opportunity, and being prepared to respond to unforeseen events. It also reaffirms the bilateral and international alliance between the two countries, which allows both countries to face common threats together and uphold common values, including democracy, human rights, and the rule of law.
Additionally, the resolution emphasizes the shared defense and security commitments between the two nations, including the modernization of the North American Aerospace Defense Command (NORAD), joint border security initiatives, and cooperation in combating transnational threats such as illegal migration and fentanyl trafficking.
In addition to Senators Welch, Cramer, and King, the resolution is supported by Sens. Mike Crapo (R-Idaho), Maggie Hassan (D-N.H.), Marsha Blackburn (R-Tenn.), Amy Klobuchar (D-Minn.), Susan Collins (R-Maine), Lisa Murkowski (R-Ark.), and Mike Rounds (R-S.D.). A similar resolution was introduced in the House by U.S. Representative Mark Amodei (R-NV-02).
Read and download the full text of the resolution.
CHEYENNE, Wyo. – The Wyoming National Guard hosted a delegation from the Tunisian Armed Forces for a weeklong noncommissioned officer (NCO) development exchange, strengthening a long-standing partnership through the State Partnership Program.
Staff Sgt. Eric Wenner, a civil affairs senior sergeant currently assigned to U.S. Africa Command’s Office of Security Cooperation Tunisia, said the visit aimed to showcase the U.S. Army’s approach to empowering NCOs and building leadership capacity at every level.
“Although the Tunisian military is a robust force by African standards, we still like to show them how the U.S. Army uses its NCO Corps to grow and strengthen their force,” Wenner said. “It’s about giving them tools to develop their own NCOs and increase overall capability in a way that mirrors what we’ve done in the U.S.”
One of the key challenges for Tunisia’s military, Wenner noted, is a lack of funding and access to modern facilities. The exchange provides an opportunity for Tunisian leaders to observe U.S. processes and infrastructure, sparking ideas on how to improve efficiency with limited resources.
“This visit is about giving them better ideas on how to maximize what they have,” Wenner explained. “Through the State Partnership Program, they can see firsthand how we organize and train and adapt those lessons back home.”
The visit included tours of Wyoming National Guard facilities, NCO-led workshops, and opportunities for Tunisian soldiers to engage directly with their American counterparts. The focus was not only on military tactics but also on leadership philosophy, mentorship, and the role of the NCO in mission success.
From a civil affairs perspective, Wenner emphasized the importance of NCO empowerment and independent decision-making. In civil affairs teams, where small team sizes require flexibility, enlisted Soldiers are often expected to take on responsibilities typically reserved for officers.
“We’d like to share that same concept with Tunisia—training their enlisted soldiers to operate independently without always needing direct orders,” he said. “This creates a more capable and ready force while reducing the need for constant oversight.”
Wenner highlighted that Tunisia’s armed forces have been making steady progress in professionalizing their NCO Corps, but exchanges like these provide practical examples and firsthand experiences that can’t be replicated through briefings alone.
“Being here, seeing how we do things, asking questions face-to-face—that makes a huge difference,” he said. “It’s about more than showing equipment or processes; it’s about building trust, sharing lessons learned, and growing together.”
Beyond the tactical and operational lessons, the exchange also serves a larger purpose of fostering military-to-military and civil-military relationships. Wenner said civil affairs focuses heavily on integration, partnership, and sharing lessons learned.
“The goal here is to grow the partnership and strengthen our relationship through a better understanding of each military’s capabilities,” Wenner said. “It’s about progressing together in an efficient and cooperative manner.”
The Wyoming National Guard and the Tunisian Armed Forces have been partners through the National Guard Bureau’s State Partnership Program (SPP) since 2004. The SPP connects U.S. states with foreign military partners to build long-term relationships, enhance regional security, and promote shared values.
Source: United States Senator Ted Budd (R-North Carolina)
Washington, D.C. — U.S. Senator Ted Budd (R-N.C.) met with Prime Minister Masrour Barzani of the Iraqi Kurdistan Regional Government today. They discussed recent energy agreements between the Kurdistan Regional Government and United States energy companies, as well as ways to strengthen security cooperation between the United States and the Iraqi Kurdistan Region.
Following the meeting, Senator Budd released the following statement of support:
“I’d like to thank Prime Minister Masrour Barzani for his hospitality when I met with him in Erbil last year. Today, I was glad to host the Prime Minister in my office to discuss United States commercial investments in the Iraqi Kurdistan region and ongoing security cooperation. The gas field development deals announced this week will strengthen shared bonds between the American and Kurdish people, but also result in much needed energy independence for Iraq.
“In the meeting, I also received updates on security cooperation between the Department of Defense and Kurdish Peshmerga forces. Following our discussion, I am increasingly concerned by reported delays in the delivery of U.S. provided defense equipment to the Peshmerga,” said Senator Budd.
Source: United States Senator Joni Ernst (R-IA)
WASHINGTON – Today, Chair Joni Ernst (R-Iowa) welcomed Small Business Administration (SBA) Administrator Kelly Loeffler to a U.S. Senate Committee on Small Business and Entrepreneurship hearing to continue their “Made in America” initiative fueling the great American manufacturing comeback.
Watch Chair Ernst’s remarks here.
Ernst’s full remarks:
“We are here today to discuss how the Small Business Administration (SBA) can expand and support investment in our nation’s small manufacturers.
“Last week, the Committee examined how the Small Business Investment Company (SBIC) program could help channel more private capital into American manufacturing.
“To better understand the urgency of this situation, we need to take a closer look at the numbers. And let me tell you folks, this is staggering.
“Over the past 40 years, we did not simply lose manufacturing jobs. We witnessed the steady erosion of our industrial sector to China’s delight and advantage.
“Over the last 25 years in Iowa alone, we have lost nearly one in six manufacturing jobs. American manufacturing employment has fared even worse over the last forty years, falling by 28 percent and reaching depths we haven’t seen since 1946.
“Only 3.7 percent of Americans are employed in manufacturing today – half the share we had forty years ago, and barely a third of our peak in the late ‘60s.
“To put that in perspective, there are nearly twice as many people working in state and local governments than on the factory floor.
“This is not simply an economic decline – it is a hollowing out.
“The steady loss of skills, infrastructure, and investment in manufacturing undermines our ability to innovate and scale new technologies, leaving our homeland weakened and vulnerable.
“The reason for this is not a mystery: government policies that encouraged offshoring production without regard for the long-term damage done to our domestic productive capacity.
“Today, the consequences are visible in every corner of America.
“Shuttered plants, decaying factories, and empty parking lots stand as monuments to the multi-generational disintegration of hard-earned knowledge, talent, and tradition that once formed the bedrock of our nation.
“But here is the good news: we have a President and SBA Administrator who understand what is at stake.
“They recognize the size and complexity of the work needed to revitalize American manufacturing and are committed to rebuilding our industrial strength, from the ground up.
“As we discussed during last week’s hearing, the SBIC program will continue to play its vital role in expanding our productive capacity by facilitating private investment and through federal partnerships like that between the SBA and the Department of Defense’s newly established Office of Strategic Capital – something I championed in the annual defense bill.
“But that is only the beginning; we must do more.
“Today, we welcome Administrator Loeffler to discuss the SBA’s ‘Made in America Manufacturing Initiative’ and the efforts underway to support the small businesses that make up 98 percent of our nation’s manufacturing base.
“Part of that effort involves the Made in America Manufacturing Finance Act, which I was proud to introduce last month alongside Senator Coons.
“This bipartisan legislation would double the SBA-backed loan limit from $5 million to $10 million for small manufacturers who need that capital to modernize, grow, and train the next generation of American workers.
“That investment will have a meaningful impact across the entire supply chain. Because the smallest startups to the largest firms all rely on small manufacturers to get the job done.
“Revitalizing our industrial base and reclaiming our ability to make things in America starts with small businesses. We must ensure that cutting edge innovation and high-speed, high-quality production happens right here, at home – not overseas.
“If we are serious about competing with and beating China, creating good-paying jobs, and restoring economic resilience, we must empower our small manufacturers to lead the way.
“This bipartisan legislation takes a bold step in that direction.
“I am grateful that we’re joined today by Administrator Loeffler, and I look forward to hearing from her how Congress can better equip the SBA to invest in the industrial revitalization of America.”
Source: United States Senator Joni Ernst (R-IA)
WASHINGTON – During a Senate Committee on Armed Services hearing, U.S. Senator Joni Ernst (R-Iowa), secured a key commitment from the Chief of Staff of the U.S. Air Force, General David Allvin, to upgrade the runway used by the Iowa National Guard’s 185th Air Refueling Wing in Sioux City.
Ernst, who served in the Iowa National Guard, pointed out the critical role the unit plays in defending the homeland and the Air Force’s previous commitments to it. Following her questioning, Allvin noted that design work progress is removing obstacles to be able to finish the runway upgrades.
Click here for her full line of questioning.
“Let me talk to you about Sioux City, those units there, and how proud we are of those units that have occupied this airfield,” Ernst said.
She reminded the committee that the airfield is named after Colonel Bud Day, a Sioux City native who was awarded the Medal of Honor and Air Force Cross.
Background:
Ernst is dedicated to supporting servicemembers and their families in Iowa. For years, she has pushed the Air Force to honor its promises to Siouxlanders. Earlier this month, Ernst reaffirmed her resolve to continue fighting.
• Full year revenues increased 53% year over year to $222.8 million • Full year net income increased $17.1 million year over year to $6.0 million • Generated $6.3 million of operating cash flow in the fourth quarter, helping to further strengthen the balance sheet
Company to host conference call tomorrow, May 22 at 10:00 am ET
AYER, Mass., May 21, 2025 (GLOBE NEWSWIRE) — AMSC (Nasdaq: AMSC), a leading system provider of megawatt-scale power resiliency solutions that orchestrate the rhythm and harmony of power on the grid™ and that protect and expand the capability and resiliency of our Navy’s fleet, today reported financial results for its fourth quarter and fiscal year ended March 31, 2025 (“fiscal 2024”).
Revenues for the fourth quarter of fiscal 2024 were $66.7 million compared with $42.0 million for the same period of fiscal 2023. The year-over-year increase was driven by organic growth in New Energy Power Systems revenues along with the contributions from the acquisition of NWL, Inc.
AMSC’s net income for the fourth quarter of fiscal 2024 was $1.2 million, or $0.03 per share, compared to net loss of $1.6 million, or $0.05 per share, for the same period of fiscal 2023. The Company’s non-GAAP net income for the fourth quarter of fiscal 2024 was $4.8 million, or $0.13 per share, compared with a non-GAAP net income of $1.9 million, or $0.06 per share, in the same period of fiscal 2023. Please refer to the financial table below for a reconciliation of GAAP to non-GAAP results.
Revenues for fiscal 2024 were $222.8 million as compared to $145.6 million in fiscal 2023. The year-over-year increase was driven by higher D-VAR and NEPSI revenues than in the prior year period along with the contribution from the acquisition of NWL, Inc.
AMSC reported net income for fiscal 2024 of $6.0 million, or $0.16 per share, compared to a net loss of $11.1 million, or $0.37 per share in fiscal 2023. The Company’s non-GAAP net income for fiscal 2024 was $24.0 million, or $0.65 per share, compared with non-GAAP net income of $0.6 million, or $0.02 per share, for fiscal 2023. Please refer to the financial table below for a reconciliation of GAAP to non-GAAP results.
Cash, cash equivalents and restricted cash on March 31, 2025 totaled $85.4 million.
“AMSC reported its strongest quarterly and annual performance in years,” said Daniel P. McGahn, Chairman, President and CEO of AMSC. “Fiscal fourth quarter revenue grew sequentially to over $66 million, up nearly 60% year-over-year. Net income surpassed $1.2 million, making our third consecutive quarter of profitability, and seventh consecutive quarter of positive operating cash flow. We secured $75 million in new orders, bringing total year-end orders to a recent record of nearly $320 million. Our fiscal 2024 results reflect improved financial performance, a resilient and diversified order pipeline, and solid operational execution—positioning AMSC for long-term success. With expanding end markets, we’re focused on broadening our offerings, entering new sectors, and strengthening customer relationships. We enter fiscal 2025 with strong momentum and confidence in our ability to continue building a more resilient and profitable company.”
Business Outlook
For the first quarter ending June 30, 2025, AMSC expects that its revenues will be in the range of $64.0 million to $68.0 million. The Company’s net income for the first quarter of fiscal 2025 is expected to exceed $1.0 million, or $0.03 per share. The Company’s non-GAAP net income (as defined below) is expected to exceed $4.0 million, or $0.10 per share.
Conference Call Reminder In conjunction with this announcement, AMSC management will participate in a conference call with investors beginning at 10:00 a.m. Eastern Time on Thursday, May 22, 2025, to discuss the Company’s financial results and business outlook. Those who wish to listen to the live or archived conference call webcast should visit the “Investors” section of the Company’s website at https://ir.amsc.com. The live call can be accessed by dialing 1-844-481-2802 or 1-412-317-0675 and asking to join the AMSC call. A replay of the call may be accessed 2 hours following the call by dialing 1-877-344-7529 and using conference passcode 4917468.
About AMSC (Nasdaq: AMSC) AMSC generates the ideas, technologies and solutions that meet the world’s demand for smarter, cleaner … better energy™. Through its Gridtec™ Solutions, AMSC provides the engineering planning services and advanced grid systems that optimize network reliability, efficiency and performance. Through its Marinetec™ Solutions, AMSC provides ship protection and is developing propulsion and power management solutions designed to help fleets increase system efficiencies, enhance power quality and boost operational safety. Through its Windtec™ Solutions, AMSC provides wind turbine electronic controls and systems, designs and engineering services that reduce the cost of wind energy. The Company’s solutions are enhancing the performance and reliability of power networks, increasing the operational safety of navy fleets, and powering gigawatts of renewable energy globally. Founded in 1987, AMSC is headquartered near Boston, Massachusetts with operations in Asia, Australia, Europe and North America. For more information, please visit www.amsc.com.
AMSC, American Superconductor, D-VAR, D-VAR VVO, Gridtec, Marintec, Windtec, Neeltran, NEPSI, NWL, Smarter, Cleaner … Better Energy and Orchestrate the Rhythm and Harmony of Power on the Grid are trademarks or registered trademarks of American Superconductor Corporation. All other brand names, product names, trademarks or service marks belong to their respective holders.
Forward-Looking Statements
This press release contains forward-looking statements within the meaning of Section 21E of the Securities Exchange Act of 1934, as amended (the “Exchange Act”). Any statements in this release regarding our goals and strategies; business diversification; order pipeline; long-term success, including through expanding end markets, broadening offerings, entering new sectors; strengthening customer relationships; strong momentum; building a more resilient and profitable company; our expected GAAP and non-GAAP financial results for the quarter ending June 30, 2025;and other statements containing the words “believes,” “anticipates,” “plans,” “expects,” “will” and similar expressions, constitute forward-looking statements within the meaning of the Private Securities Litigation Reform Act of 1995. Such forward-looking statements represent management’s current expectations and are inherently uncertain. There are a number of important factors that could materially impact the value of our common stock or cause actual results to differ materially from those indicated by such forward-looking statements. These important factors include, but are not limited to: We have not been historically profitable, which may recur in the future. Our operating results may fluctuate significantly from quarter to quarter and may fall below expectations in any particular fiscal quarter; While we generated positive operating cash flow in fiscal 2024 and the prior year, we have a history of negative operating cash flows, and we may require additional financing in the future, which may not be available to us; Our technology and products could infringe intellectual property rights of others, which may require costly litigation and, if we are not successful, could cause us to pay substantial damages and disrupt our business; Changes in exchange rates could adversely affect our results of operations; If we fail to maintain proper and effective internal control over financial reporting, our ability to produce accurate and timely financial statements could be impaired and may lead investors and other users to lose confidence in our financial data; We may be required to issue performance bonds, which restricts our ability to access any cash used as collateral for the bonds; We may not realize all of the sales expected from our backlog of orders and contracts; If we fail to implement our business strategy successfully, our financial performance could be harmed; We rely upon third-party suppliers for the components and subassemblies of many of our Grid and Wind products, making us vulnerable to supply shortages and price fluctuations, which could harm our business; Our contracts with the U.S. government are subject to audit, modification or termination by the U.S. government and include certain other provisions in favor of the government. The continued funding of such contracts remains subject to annual congressional appropriation, which, if not approved, could reduce our revenue and lower or eliminate our profit; Changes in U.S. government defense spending could negatively impact our financial position, results of operations, liquidity and overall business; Our business and operations may be materially adversely impacted in the event of a failure or security breach of our or any critical third parties’ IT Systems or Confidential Information; Failure to comply with evolving data privacy and data protection laws and regulations or to otherwise protect personal data, may adversely impact our business and financial results; Our success is dependent upon attracting and retaining qualified personnel and our inability to do so could significantly damage our business and prospects; A significant portion of our Wind segment revenues are derived from a single customer. If this customer’s business is negatively affected, it could adversely impact our business; Our success in addressing the wind energy market is dependent on the manufacturers that license our designs; We may acquire additional complementary businesses or technologies, which may require us to incur substantial costs for which we may never realize the anticipated benefits; Many of our revenue opportunities are dependent upon subcontractors and other business collaborators; Problems with product quality or product performance may cause us to incur warranty expenses and may damage our market reputation and prevent us from achieving increased sales and market share; Many of our customers outside of the United States may be either directly or indirectly related to governmental entities, and we could be adversely affected by violations of the United States Foreign Corrupt Practices Act and similar worldwide anti-bribery laws outside the United States; We or third parties on whom we depend may be adversely affected by natural disasters, including events resulting from climate change, and our business continuity and disaster recovery plans may not adequately protect us or our value chain from such events; Pandemics, epidemics, or other public health crises may adversely impact our business, financial condition and results of operations; Adverse changes in domestic and global economic conditions could adversely affect our operating results; Our international operations are subject to risks that we do not face in the United States, which could have an adverse effect on our operating results; Our products face competition, which could limit our ability to acquire or retain customers; We have operations in, and depend on sales in, emerging markets, including India, and global conditions could negatively affect our operating results or limit our ability to expand our operations outside of these markets. Changes in India’s political, social, regulatory and economic environment may affect our financial performance; Industry consolidation could result in more powerful competitors and fewer customers; Our success could depend upon the commercial adoption of the REG system, which is currently limited, and a widespread commercial market for our REG products may not develop; Increasing focus and scrutiny on environmental sustainability and social initiatives could adversely impact our business and financial results; Growth of the wind energy market depends largely on the availability and size of government subsidies, economic incentives and legislative programs designed to support the growth of wind energy; Lower prices for other energy sources may reduce the demand for wind energy development, which could have a material adverse effect on our ability to grow our Wind business; We may be unable to adequately prevent disclosure of trade secrets and other proprietary information; Our patents may not provide meaningful or long-term protection for our technology, which could result in us losing some or all of our market position; Third parties have or may acquire patents that cover the materials, processes and technologies we use or may use in the future to manufacture our Amperium products, and our success depends on our ability to license such patents or other proprietary rights; Our common stock has experienced, and may continue to experience, market price and volume fluctuations, which may prevent our stockholders from selling our common stock at a profit and could lead to costly litigation against us that could divert our management’s attention; Unfavorable results of legal proceedings could have a material adverse effect on our business, operating results and financial condition;and the other important factors discussed under the caption “Risk Factors” in Part 1. Item 1A of our Form 10-K for the fiscal year ended March 31, 2025, and our other reports filed with the SEC. These important factors, among others, could cause actual results to differ materially from those indicated by forward-looking statements made herein and presented elsewhere by management from time to time. Any such forward-looking statements represent management’s estimates as of the date of this press release. While we may elect to update such forward-looking statements at some point in the future, we disclaim any obligation to do so, even if subsequent events cause our views to change. These forward-looking statements should not be relied upon as representing our views as of any date subsequent to the date of this press release.
UNAUDITED CONSOLIDATED STATEMENTS OF OPERATIONS
(In thousands, except per share data)
Three Months Ended
Twelve Months Ended
March 31,
March 31,
2025
2024
2025
2024
Revenues
Grid
$
55,592
$
34,211
$
187,170
$
122,065
Wind
11,063
7,817
35,648
23,574
Total revenues
66,655
42,028
222,818
145,639
Cost of revenues
48,964
31,598
160,964
110,356
Gross margin
17,691
10,430
61,854
35,283
Operating expenses:
Research and development
3,493
2,298
11,425
7,991
Selling, general and administrative
12,101
7,953
43,091
31,600
Amortization of acquisition related intangibles
444
538
1,733
2,152
Change in fair value of contingent consideration
—
1,870
6,682
4,922
Restructuring
—
—
—
(14
)
Total operating expenses
16,038
12,659
62,931
46,651
Operating income (loss)
1,653
(2,229
)
(1,077
)
(11,368
)
Interest income, net
807
784
3,708
1,302
Other expense, net
(49
)
(117
)
(265
)
(736
)
Income (loss) before income tax (benefit) expense
2,411
(1,562
)
2,366
(10,802
)
Income tax (benefit) expense
1,204
17
(3,667
)
309
Net income (loss)
$
1,207
$
(1,579
)
$
6,033
$
(11,111
)
Net income (loss) per common share
Basic
$
0.03
$
(0.05
)
$
0.16
$
(0.37
)
Diluted
$
0.03
$
(0.05
)
$
0.16
$
(0.37
)
Weighted average number of common shares outstanding
Basic
37,672
33,139
36,990
29,825
Diluted
38,516
33,139
37,718
29,825
CONSOLIDATED BALANCE SHEET
(In thousands, except per share data)
March 31,
March 31,
2025
2024
ASSETS
Current assets:
Cash and cash equivalents
$
79,494
$
90,522
Accounts receivable, net
46,186
26,325
Inventory, net
71,169
41,857
Prepaid expenses and other current assets
8,055
7,295
Restricted cash
1,613
468
Total current assets
206,517
166,467
Property, plant and equipment, net
38,572
10,861
Intangibles, net
5,916
6,369
Right-of-use assets
3,829
2,557
Goodwill
48,164
43,471
Restricted cash
4,274
1,290
Deferred tax assets
1,178
1,119
Equity-method Investments
1,113
—
Other assets
958
637
Total assets
$
310,521
$
232,771
LIABILITIES AND STOCKHOLDERS’ EQUITY
Current liabilities:
Accounts payable and accrued expenses
$
32,282
$
24,235
Lease liability, current portion
685
716
Debt, current portion
—
25
Contingent consideration
—
3,100
Deferred revenue, current portion
66,797
50,732
Total current liabilities
99,764
78,808
Deferred revenue, long term portion
9,336
7,097
Lease liability, long term portion
2,684
1,968
Deferred tax liabilities
1,595
300
Other liabilities
28
27
Total liabilities
113,407
88,200
Stockholders’ equity:
Common stock, $0.01 par value, 75,000,000 shares authorized; 39,887,536 and 37,343,812 shares issued and 39,484,185 and 36,946,181 shares outstanding at March 31, 2025 and 2024, respectively
399
373
Additional paid-in capital
1,259,540
1,212,913
Treasury stock, at cost, 403,351 and 397,631 at March 31, 2025 and 2024, respectively
(3,765
)
(3,639
)
Accumulated other comprehensive income
1,565
1,582
Accumulated deficit
(1,060,625
)
(1,066,658
)
Total stockholders’ equity
197,114
144,571
Total liabilities and stockholders’ equity
$
310,521
$
232,771
CONSOLIDATED STATEMENTS OF CASH FLOWS
(In thousands)
Year Ended March 31,
2025
2024
Cash flows from operating activities:
Net income (loss)
$
6,033
$
(11,111
)
Adjustments to reconcile net income (loss) to net cash provided by operations:
Depreciation and amortization
5,560
4,494
Stock-based compensation expense
7,794
4,652
Provision for excess and obsolete inventory
1,532
1,970
Amortization of operating lease right-of-use assets
976
321
Deferred income taxes
(4,304
)
65
Earnings from equity method investments
132
—
Change in fair value of contingent consideration
6,682
4,922
Other non-cash items
(587
)
44
Unrealized foreign exchange gain on cash and cash equivalents
(41
)
(2
)
Changes in operating asset and liability accounts:
Accounts receivable
(3,213
)
4,340
Inventory
(7,707
)
(6,841
)
Prepaid expenses and other current assets
543
5,992
Operating leases
(1,563
)
(327
)
Accounts payable and accrued expenses
3,209
(13,498
)
Deferred revenue
13,239
7,117
Net cash provided by operating activities
28,285
2,138
Cash flows from investing activities:
Purchases of property, plant and equipment
(2,415
)
(934
)
Cash paid to settle NWL contingent consideration liability
(3,278
)
—
Cash paid for NWL Acquisition, net of cash acquired
(29,577
)
—
Change in other assets
64
(27
)
Net cash used in investing activities
(35,206
)
(961
)
Cash flows from financing activities:
Repurchase of treasury stock
(126
)
—
Repayment of debt
(25
)
(65
)
Cash paid related to registration of common stock shares
(148
)
—
Proceeds from public equity offering, net
—
65,227
Proceeds from exercise of employee stock options and ESPP
307
279
Net cash provided by financing activities
8
65,441
Effect of exchange rate changes on cash, cash equivalents and restricted cash
14
(13
)
Net (decrease) increase in cash, cash equivalents and restricted cash
(6,899
)
66,605
Cash, cash equivalents and restricted cash at beginning of year
92,280
25,675
Cash, cash equivalents and restricted cash at end of year
$
85,381
$
92,280
RECONCILIATION OF GAAP NET INCOME (LOSS) TO NON-GAAP NET INCOME
(In thousands, except per share data)
Three Months Ended March 31,
Year Ended March 31,
2025
2024
2025
2024
Net income (loss)
$
1,206
$
(1,579
)
$
6,033
$
(11,111
)
Stock-based compensation
2,855
1,044
7,794
4,652
Amortization of acquisition-related intangibles
706
538
2,433
2,158
Change in fair value of contingent consideration
—
1,870
6,682
4,922
Acquisition costs
—
—
1,095
—
Non-GAAP net income
4,767
1,873
24,037
621
Non-GAAP net income per share – basic
$
0.13
$
0.06
$
0.65
$
0.02
Non-GAAP net income per share – diluted
$
0.12
$
0.05
$
0.64
$
0.02
Weighted average shares outstanding – basic
37,672
33,139
36,990
29,825
Weighted average shares outstanding – diluted
38,516
34,447
37,718
30,909
Reconciliation of Forecast GAAP Net Income to Non-GAAP Net Income
(In millions, except per share data)
Three months ending
June 30, 2025
Net income
$
1.0
Stock-based compensation
2.6
Amortization of acquisition-related intangibles
0.4
Non-GAAP net income
$
4.0
Non-GAAP net income per share
$
0.10
Shares outstanding
38.7
Note: Non-GAAP net income (loss) is defined by the Company as net income (loss) before; stock-based compensation; amortization of acquisition-related intangibles; changes in fair value of contingent consideration; acquisition costs; other non-cash or unusual charges, and the tax effect of adjustments calculated at the relevant rate for our non-GAAP metric. The Company believes non-GAAP net income (loss) and non-GAAP net income (loss) per share assist management and investors in comparing the Company’s performance across reporting periods on a consistent basis by excluding these non-cash, non-recurring or other charges that it does not believe are indicative of its core operating performance. Actual GAAP and non-GAAP net income (loss) and net income (loss) per share for the fiscal quarter ending June 30, 2025, including the above adjustments, may differ materially from those forecasted in the table above, including as a result of changes in the fair value of contingent consideration.
Generally, a non-GAAP financial measure is a numerical measure of a company’s performance, financial position or cash flow that either excludes or includes amounts that are not normally excluded or included in the most directly comparable measure calculated and presented in accordance with GAAP. The non-GAAP measures included in this release, however, should be considered in addition to, and not as a substitute for or superior to, operating income or other measures of financial performance prepared in accordance with GAAP. A reconciliation of GAAP to non-GAAP net income (loss) is set forth in the table above. Non-GAAP net income (loss) per share is defined as non-GAAP net income (loss) divided by shares outstanding.
Source: United States House of Representatives – Congressman Randy Weber (14th District of Texas)
Rep. Weber Announces $138 Million in Army Corps Funding for Southeast Texas Projects
Washington, May 16, 2025
Washington, D.C. – Today, U.S Rep. Randy Weber (TX-14) announced that Southeast Texas waterway projects will receive $138,380,000 in funding in the U.S. Army Corps of Engineers FY 2025 Army Civil Work Plan.
“This is great news for Southeast Texas, America’s energy capital,” said Rep. Weber. “Our ports and waterways are the lifeblood of our economy and keeping them well-maintained is critical to preserving our nation’s leadership in commerce and energy. I’m grateful the Trump administration recognizes the strategic importance of our region. I will continue fighting for the infrastructure investments our communities deserve.:
Operation & Maintenance projects in Texas’ 14th District were awarded:
$900,000 for the Channel to Port Bolivar. The Channel to Port Bolivar shallow-draft navigation project consists of a 14-foot deep by 200-foot wide channel that is 950 feet long. It extends from the entrance to Galveston Bay (Bolivar Roads) northward to the west point of Bolivar Island. The channel is heavily utilized by the Texas Department of Transportation and the Galveston-to-Port Bolivar Ferry System.
$13,150,000 for Freeport Harbor. The Freeport Harbor deep-draft navigation project consists of a 45-foot deep by 400-foot wide channel that is 8.5 miles long, extending from the Gulf of America, through a jetty-protected inlet, to a turning basin at the Freeport port facilities. The project also includes two rock jetties, 1.46 and 1.64 miles in length.
$47,975,000 for Galveston Harbor and Channel. The Galveston Entrance Channel is the main entrance for Galveston, Texas City, and the Houston Ship Channel. This deep-draft project includes a 45-foot deep by 800-foot wide channel that is 23.9 miles long, stretching from the Gulf of America through a jetty-protected inlet into Galveston Bay, to the port facilities at Galveston Harbor.
$50,000 for Chocolate Bayou. The Chocolate Bayou navigation project is a shallow-draft waterway, 13 feet deep by 125 feet wide and approximately 8.2 miles long. It extends from the Gulf Intracoastal Waterway (GIWW) at Mile Marker 376 through Chocolate Bay and Chocolate Bayou to port facilities located between Galveston and Freeport in Brazoria County, Texas.
$40,550,000 for the Gulf Intracoastal Waterway. The Texas portion of the GIWW extends from the Sabine River to Port Isabel, Texas, and includes several tributary channels. It features a 12-foot deep by 125-foot wide, shallow-draft channel stretching 423 miles along the Texas Coast. The GIWW includes flood gates at the Brazos River and navigation locks at the Colorado River, along with mooring basins and buoys at 11 locations supporting heavy barge traffic.
$25,075,000 for the Sabine-Neches Waterway. The Sabine-Neches Waterway (SNWW) is a federally constructed deep-draft navigation project serving the Ports of Port Arthur, Beaumont, and Orange in Jefferson and Orange Counties, Texas, and Cameron and Calcasieu Parishes, Louisiana. The waterway includes 97 miles of navigation channels in three main segments: a jetty-protected entrance channel 42 feet deep and 500 to 800 feet wide; a 40-foot deep, 400-foot wide channel to Beaumont via the Neches River; and a 30-foot deep, 200-foot wide channel to Orange via the Sabine River.
$10,680,000 for the Texas City Ship Channel. The Texas City Ship Channel deep-draft navigation project includes a 45-foot deep by 400-foot wide and 9.4-mile-long channel, extending from the intersection of Galveston Harbor and the Houston Ship Channel to a turning basin and Industrial Canal at the Port of Texas City.
Rep. Weber added: “This is not just about dredging or infrastructure—it’s about jobs, national security, and Texas leading the way. I will always stand up for the hardworking men and women who rely on these waterways to fuel our economy and keep America strong.”
CASPER, Wyo. — The Wyoming Veterans Commission concluded its inaugural Veteran Services Symposium at Casper College, Casper, Wyoming, bringing together more than 150 service providers, advocates and leaders from across the state to strengthen the network of care for Wyoming’s veterans.
The event centered on working together and capacity-building, providing attendees with tools to better serve veterans and their families. The two-day agenda featured keynote presentations, workshops, and discussions on topics such as post-traumatic stress disorder and moral injury, grant writing, veteran caregiving, personality types in team dynamics, and even emerging risks related to artificial intelligence scams.
Wyoming Governor Mark Gordon joined the event to present six peer-nominated individuals and organizations with the prestigious “Excellence in Service to Veterans” award. The award recipients are as follows: Tami Dietz, Wyoming Military Department Soldier and Family Readiness; Todd Bray, DownRange Warriors; Scott O’Hare, Volunteers of America Northern Rockies; Darrell Haugen, Veterans’ Rock; Charlie & Jennifer Wilson, Soldiers House of Fremont County; Dr. John R. McPherson, D.D.S., P.C & Staff, McPherson Dental.
“These awards are about more than recognition—they’re a testament to the dedication of those who choose to stand beside our veterans every day,” Gordon said. “Wyoming owes a great debt to those who have served, and events like this are how we make sure we’re doing everything possible to support them.”
Sandy McFarland, Deputy Director of the Wyoming Veterans Commission and lead organizer of the event, said the symposium exceeded expectations and highlighted the collective will across Wyoming to do better for its veterans.
“This event was about moving from isolated effort to coordinated impact,” McFarland said. “We want to empower the people who serve veterans—whether they work for the VA, a nonprofit, or in a local community—to build partnerships that truly change lives.”
Among the sessions were presentations from Val Burgess, who shared the preserved voices and stories of World War II POWs from Stalag Luft III, and a workshop hosted by Ben Patton, founder of the Patton Veterans Project, which uses filmmaking as a method to reduce isolation for veterans coping with PTSD.
“The strength of this symposium was in the real stories,” said Tim Shepherd, Director of the Veterans Commission. “You couldn’t walk away from those sessions without a deeper understanding of what our veterans have endured—and how we can meet them where they are.”
The symposium concluded with a Veteran Resource Fair, where federal, state, and nonprofit partners came together for a one-stop-shop event providing VA benefit support, legal resources, mental health access and more.
Looking ahead, the Wyoming Veterans Commission intends to build on this momentum, making the Veteran Services Symposium an annual event.
“This is just the beginning,” McFarland added. “We are building a statewide movement rooted in empathy, coordination, and results. Veterans deserve nothing less.”
CHEYENNE, Wyo. – On May 10, 2025, the State of Wyoming paid tribute to its Veterans in a series of ceremonies as part of the annual Veterans Welcome Home Day.
Gov. Mark Gordon, U.S. Senator John Barrasso and U.S. Representative Harriet Hageman joined leaders from the Wyoming Military Department and the Wyoming Veterans Commission, traveled across the state to thank those who served—especially Veterans from the Korean and Vietnam Wars who were never properly welcomed home.
The daylong journey began at sunrise in Cheyenne and included four official ceremonies in Afton, Riverton, Sheridan and concluded in Wheatland. At each stop, the Governor, First Lady Jennie Gordon, Maj. Gen. Greg Porter, Adjutant General of Wyoming, and other dignitaries met with Veterans and their families, delivering remarks and expressing gratitude for their service.
Speaking to a room filled with Veterans and their loved ones, Porter reflected on the significance of the moment by connecting it to the broader legacy of American service. He reminded attendees that just weeks earlier, on April 19, the nation had observed the 250th anniversary of the “shot heard ‘round the world” at Lexington and Concord—an event that began a long lineage of Americans willing to fight for freedom.
“Over that time, America’s done a pretty good job of bringing its [servicemembers] home—with two exceptions: the Korean War and the Vietnam War,” Porter said. “Our Vietnam Veterans faced a far different return. They probably wished for an apathetic return. They faced derision, sarcasm, and hate in some cases—certainly disrespect. The purpose of these Welcome Home ceremonies is to take a moment to pause and recommit that we will never let that happen again as a nation.”
Gordon echoed that message, “This day is about saying, ‘Thank you for your service—welcome home.’ That gratitude extends to the families, too. Our Veterans carry a legacy that began with citizens who marched barefoot through snow because they believed in what this country stood for. In the military, we never leave anyone behind. As a nation, we should never leave a Veteran behind.”
As part of the ceremony, the official proclamation was read declaring March 30, 2025, as Wyoming Veterans Welcome Home Day, recognizing the moment in history when U.S. troops completed their withdrawal from Vietnam in 1973. The proclamation recounts how many Veterans returned to a country divided by politics and conflict, and how they were met not with honor—but with silence, scorn or worse.
“Members of the United States armed forces who served bravely and faithfully for the United States were caught in the crossfire of public debate about the involvement of the United States in the Vietnam War, and many were met with such disrespect that military leaders recommended Soldiers not wear their military uniforms as they returned home.”
The proclamation goes on to honor all Veterans, particularly those from the Korean and Vietnam Wars, and urges citizens to recognize their service “not just today but every day.”
After the speeches concluded, Governor Gordon took time to greet each Veteran in attendance, shaking hands and presenting a personalized challenge coin as a token of thanks.
Also present were Wyoming Veterans Commission Chairman Command Sgt. Maj. (Ret.) Ken Persson, Sr., and Director Col. (Ret.) Tim Sheppard, both of whom played key roles in organizing the day’s events and honoring those who once returned home without recognition.
As the day came to a close, the message that echoed from community to community was simple but profound: Wyoming remembers. Wyoming is grateful. And Wyoming will never forget.
For more information on Veterans Welcome Home Day or to learn about available resources for Veterans, contact the Wyoming Veterans Commission at (307) 777-8152.
strong>LOS ANGELES – The two Disaster Recovery Centers (DRCs) for the Los Angeles Wildfires are permanently closing Saturday, May 31, 2025, at 4 p.m. and federal resources will be transitioning to new locations. Current DRC Locations and Hours UCLA Research Park West 10850 West Pico Blvd. Los Angeles, CA 90064 Monday-Friday: 9 a.m. – 6 p.m. and Saturday: 9 a.m. – 4 p.m. Altadena Disaster Recovery Center540 West Woodbury Rd. Altadena, CA 91001 Monday-Friday: 9 a.m. – 6 p.m. and Saturday: 9 a.m. – 4 p.m. The Federal Emergency Management Agency (FEMA) and Small Business Administration (SBA) will be transitioning from the current DRC locations to county and city run facilities. Federal resources will be available at their new locations beginning Monday, June 2, 2025. Services Will Continue at: One Stop Rebuilding Center1828 Sawtelle Blvd.Los Angeles, CA 90025 Monday-Friday: 9 a.m. – 5 p.m. Closed weekends. Altadena Community Center730 E. Altadena Dr.Altadena, CA 91001Monday-Friday: 9 a.m. – 5 p.m. Closed weekends. If you applied for FEMA assistance, it’s important to stay in touch with FEMA to track and update your application should you receive an insurance settlement or denial and as your situation changes to work through any approval processes. FEMA representatives can explain available assistance programs and help you with resources for your recovery needs. Rental Assistance is available for eligible individuals and families who were displaced by the wildfires. If you were displaced and need assistance covering housing costs, you should contact FEMA to determine your eligibility for this program. SBA’s Customer Service Representatives are available at the Centers to answer questions, help applicants complete their disaster loan application, accept documents, and provide updates on an application’s status. Additional Resources
California Governor’s Office of Emergency Services (CalOES)Resources offered by State agencies are available online and at some existing field offices. Survivors can find a complete list of recovery related services on the CA.gov/LAfires Recovery Services Finder page, including how to contact each agency and their office locations. U.S. Army Corps of Engineers (USACE)For help answering questions regarding debris removal, please call: 213-308-8305. The call center is available daily from 6 a.m. to 6:30 p.m. For more information, you can also visit the USACE Los Angeles County Wildfire Debris Removal Mission. One-Stop Permitting CentersFor unincorporated LA County communities, One-Stop Permit Centers are also available in Calabasas and Altadena for residents impacted by the Palisades and Eaton fires. LA County permitting agencies, including Fire Department, Regional Planning, Public Health, Public Works Geotechnical and Materials Engineering Division and Public Works Building and Safety, are available to guide owners and their representatives through the rebuild process and answer any questions they may have. Walk-ins are welcome and consultation appointments can be scheduled. More information including days and hours of operation, can be found here: recovery.lacounty.gov/rebuilding/one-stop-permit-centers.
Follow FEMA online, on X @FEMA or @FEMAEspanol, on FEMA’s Facebook page or Espanol page and at FEMA’s YouTube account. For preparedness information follow the Ready Campaign on X at @Ready.gov, on Instagram @Ready.gov or on the Ready Facebook page.
California is committed to supporting residents impacted by the Los Angeles Hurricane-Force Firestorm as they navigate the recovery process. Visit CA.gov/LAFires for up-to-date information on disaster recovery programs, important deadlines, and how to apply for assistance.
News In Brief – Source: US Computer Emergency Readiness Team
Executive Summary
This joint cybersecurity advisory (CSA) highlights a Russian state-sponsored cyber campaign targeting Western logistics entities and technology companies. This includes those involved in the coordination, transport, and delivery of foreign assistance to Ukraine. Since 2022, Western logistics entities and IT companies have faced an elevated risk of targeting by the Russian General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (85th GTsSS), military unit 26165—tracked in the cybersecurity community under several names (see “Cybersecurity Industry Tracking”). The actors’ cyber espionage-oriented campaign, targeting technology companies and logistics entities, uses a mix of previously disclosed tactics, techniques, and procedures (TTPs). The authoring agencies expect similar targeting and TTP use to continue.
Executives and network defenders at logistics entities and technology companies should recognize the elevated threat of unit 26165 targeting, increase monitoring and threat hunting for known TTPs and indicators of compromise (IOCs), and posture network defenses with a presumption of targeting.
This cyber espionage-oriented campaign targeting logistics entities and technology companies uses a mix of previously disclosed TTPs and is likely connected to these actors’ wide scale targeting of IP cameras in Ukraine and bordering NATO nations.
The following authors and co-sealers are releasing this CSA:
United States National Security Agency (NSA)
United States Federal Bureau of Investigation (FBI)
United Kingdom National Cyber Security Centre (NCSC-UK)
Germany Federal Intelligence Service (BND) Bundesnachrichtendienst
Germany Federal Office for Information Security (BSI) Bundesamt für Sicherheit in der Informationstechnik
Germany Federal Office for the Protection of the Constitution (BfV) Bundesamt für Verfassungsschutz
Czech Republic Military Intelligence (VZ) Vojenské zpravodajství
Czech Republic National Cyber and Information Security Agency (NÚKIB) Národní úřad pro kybernetickou a informační bezpečnost
Czech Republic Security Information Service (BIS) Bezpečnostní informační služba
Poland Internal Security Agency (ABW) Agencja Bezpieczeństwa Wewnętrznego
Poland Military Counterintelligence Service (SKW) Służba Kontrwywiadu Wojskowego
United States Cybersecurity and Infrastructure Security Agency (CISA)
United States Department of Defense Cyber Crime Center (DC3)
United States Cyber Command (USCYBERCOM)
Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC)
Canadian Centre for Cyber Security (CCCS)
Danish Defence Intelligence Service (DDIS) Forsvarets Efterretningstjeneste
Estonian Foreign Intelligence Service (EFIS) Välisluureamet
Estonian National Cyber Security Centre (NCSC-EE) Küberturvalisuse keskus
French Cybersecurity Agency (ANSSI) Agence nationale de la sécurité des systèmes d’information
Netherlands Defence Intelligence and Security Service (MIVD) Militaire Inlichtingen- en Veiligheidsdienst
Download the PDF version of this report:
Russian GRU Targeting Western Logistics Entities and Technology Companies (PDF, 1,081KB)
For a downloadable list of IOCs, visit:
Introduction
For over two years, the Russian GRU 85th GTsSS, military unit 26165—commonly known in the cybersecurity community as APT28, Fancy Bear, Forest Blizzard, BlueDelta, and a variety of other identifiers—has conducted this campaign using a mix of known tactics, techniques, and procedures (TTPs), including reconstituted password spraying capabilities, spearphishing, and modification of Microsoft Exchange mailbox permissions. In late February 2022, multiple Russian state-sponsored cyber actors increased the variety of cyber operations for purposes of espionage, destruction, and influence—with unit 26165 predominately involved in espionage. [1] As Russian military forces failed to meet their military objectives and Western countries provided aid to support Ukraine’s territorial defense, unit 26165 expanded its targeting of logistics entities and technology companies involved in the delivery of aid. These actors have also targeted Internet-connected cameras at Ukrainian border crossings to monitor and track aid shipments. Note: This advisory uses the MITRE ATT&CK® for Enterprise framework, version 17. See Appendix A: MITRE ATT&CK tactics and techniques for a table of the threat actors’ activity mapped to MITRE ATT&CK tactics and techniques. This advisory uses the MITRE D3FEND® framework, version 1.0.
Description of Targets
The GRU unit 26165 cyber campaign against Western logistics providers and technology companies has targeted dozens of entities, including government organizations and private/commercial entities across virtually all transportation modes: air, sea, and rail. These actors have targeted entities associated with the following verticals within NATO member states, Ukraine, and at international organizations:
Defense Industry
Transportation and Transportation Hubs (ports, airports, etc.)
Maritime
Air Traffic Management
IT Services
In the course of the targeting lifecycle, unit 26165 actors identified and conducted follow-on targeting of additional entities in the transportation sector that had business ties to the primary target, exploiting trust relationships to attempt to gain additional access [T1199].
The actors also conducted reconnaissance on at least one entity involved in the production of industrial control system (ICS) components for railway management, though a successful compromise was not confirmed [TA0043].
The countries with targeted entities include the following, as illustrated in Figure 1:
Bulgaria
Czech Republic
France
Germany
Greece
Italy
Moldova
Netherlands
Poland
Romania
Slovakia
Ukraine
United States
Figure 1: Countries with Targeted Entities
Initial Access TTPs
To gain initial access to targeted entities, unit 26165 actors used several techniques to gain initial access to targeted entities, including (but not limited to):
The actors abused vulnerabilities associated with a range of brands and models of small office/home office (SOHO) devices to facilitate covert cyber operations, as well as proxy malicious activity via devices with geolocation in proximity to the target [T1665]. [2]
Credential Guessing/Brute Force
Unit 26165 actors’ credential guessing [T1110.001] operations in this campaign exhibit some similar characteristics to those disclosed in the previous CSA “Russian GRU Conducting Global Brute Force Campaign to Compromise Enterprise and Cloud Environments.” [3] Based on victim network investigations, the current iteration of this TTP employs a similar blend of anonymization infrastructure, including the use of Tor and commercial VPNs [T1090.003]. The actors frequently rotated the IP addresses used to further hamper detection. All observed connections were made via encrypted TLS [T1573].
Spearphishing
GRU unit 26165 actors’ spearphishing emails included links [T1566.002] leading to fake login pages impersonating a variety of government entities and Western cloud email providers’ webpages. These webpages were typically hosted on free third-party services or compromised SOHO devices and often used legitimate documents associated with thematically similar entities as lures. The subjects of spearphishing emails were diverse and ranged from professional topics to adult themes. Phishing emails were frequently sent via compromised accounts or free webmail accounts [T1586.002, T1586.003]. The emails were typically written in the target’s native language and sent to a single targeted recipient.
Some campaigns employed multi-stage redirectors [T1104] verifying IP-geolocation [T1627.001] and browser fingerprints [T1627] to protect credential harvesting infrastructure or provide multifactor authentication (MFA) [T1111] and CAPTCHA relaying capabilities [T1056]. Connecting endpoints failing the location checks were redirected to a benign URL [T1627], such as msn.com. Redirector services used include:
Webhook[.]site
FrgeIO
InfinityFree
Dynu
Mocky
Pipedream
Mockbin[.]org
The actors also used spearphishing to deliver malware (including HEADLACE and MASEPIE) executables [T1204.002] delivered via third-party services and redirectors [T1566.002], scripts in a mix of languages [T1059] (including BAT [T1059.003] and VBScript [T1059.005]) and links to hosted shortcuts [T1204.001].
CVE Usage
Throughout this campaign, GRU unit 26165 weaponized an Outlook NTLM vulnerability (CVE-2023-23397) to collect NTLM hashes and credentials via specially crafted Outlook calendar appointment invitations [T1187]. [4],[5] These actors also used a series of Roundcube CVEs (CVE-2020-12641, CVE-2020-35730, and CVE-2021-44026) to execute arbitrary shell commands [T1059], gain access to victim email accounts, and retrieve sensitive data from email servers [T1114].
Since at least fall 2023, the actors leveraged a WinRAR vulnerability (CVE-2023-38831) allowing for the execution of arbitrary code embedded in an archive as a means of initial access [T1659]. The actors sent emails with malicious attachments [T1566.001] or embedded hyperlinks [T1566.002] that downloaded a malicious archive prepared using this CVE.
Post-Compromise TTPs
After an initial compromise using one of the above techniques, unit 26165 actors conducted contact information reconnaissance to identify additional targets in key positions [T1589.002]. The actors also conducted reconnaissance of the cybersecurity department [T1591], individuals responsible for coordinating transport [T1591.004], and other companies cooperating with the victim entity [T1591.002].
The actors used native commands and open source tools, such as Impacket and PsExec, to move laterally within the environment [TA0008]. Multiple Impacket scripts were used as .exe files, in addition to the python versions, depending on the victim environment. The actors also moved laterally within the network using Remote Desktop Protocol (RDP) [T1021.001] to access additional hosts and attempt to dump Active Directory NTDS.dit domain databases [T1003.003] using native Active Directory Domain Services commands, such as in Figure 2: Example Active Directory Domain Services command:
C:Windowssystem32ntdsutil.exe "activate instance ntds" ifm "create full C:temp[a-z]{3}" quit quit
Figure 2: Example Active Directory Domain Services command
Additionally, GRU unit 26165 actors used the tools Certipy and ADExplorer.exe to exfiltrate information from the Active Directory. The actors installed python [T1059.006] on infected machines to enable the execution of Certipy. Accessed files were archived in .zip files prior to exfiltration [T1560]. The actors attempted to exfiltrate archived data via a previously dropped OpenSSH binary [T1048].
Incident response investigations revealed that the actors would take steps to locate and exfiltrate lists of Office 365 users and set up sustained email collection. The actors used manipulation of mailbox permissions [T1098.002] to establish sustained email collection at compromised logistics entities, as detailed in a Polish Cybercommand blog. [6]
After initial authentication, unit 26165 actors would change accounts’ folder permissions and enroll compromised accounts in MFA mechanisms to increase the trust-level of compromised accounts and enable sustained access [T1556.006]. The actors leveraged python scripts to retrieve plaintext passwords via Group Policy Preferences [T1552.006] using Get-GPPPassword.py and a modified ldap-dump.py to enumerate the Windows environment [T1087.002] and conduct a brute force password spray [T1110.003] via Lightweight Directory Access Protocol (LDAP). The actors would additionally delete event logs through the wevtutil utility [T1070.001].
After gaining initial access to the network, the actors pursued further access to accounts with access to sensitive information on shipments, such as train schedules and shipping manifests. These accounts contained information on aid shipments to Ukraine, including:
sender,
recipient,
train/plane/ship numbers,
point of departure,
destination,
container registration numbers,
travel route, and
cargo contents.
In at least one instance, the actors attempted to use voice phishing [T1566.004] to gain access to privileged accounts by impersonating IT staff.
Malware
Unit 26165’s use of malware in this campaign ranged from gaining initial access to establishing persistence and exfiltrating data. In some cases, the attack chain resulted in multiple pieces of malware being deployed in succession. The actors used dynamic link library (DLL) search order hijacking [T1574.001] to facilitate malware execution. There were a number of known malware variants tied to this campaign against logistics sector victims, including:
HEADLACE [7]
MASEPIE [8]
While other malware variants, such as OCEANMAP and STEELHOOK, [8] were not directly observed targeting logistics or IT entities, their deployment against victims in other sectors in Ukraine and other Western countries suggest that they could be deployed against logistics and IT entities should the need arise.
Persistence
In addition to the abovementioned mailbox permissions abuse, unit 26165 actors also used scheduled tasks [T1053.005], run keys [T1547.001], and placed malicious shortcuts [T1547.009] in the startup folder to establish persistence.
Exfiltration
GRU unit 26165 actors used a variety of methods for data exfiltration that varied based on the victim environment, including both malware and living off the land binaries. PowerShell commands [T1059.001] were often used to prepare data for exfiltration; for example, the actors prepared zip archives [T1560.001] for upload to their own infrastructure.
The actors also used server data exchange protocols and Application Programming Interfaces (APIs) such as Exchange Web Services (EWS) and Internet Message Access Protocol (IMAP) [T1114.002] to exfiltrate data from email servers. In multiple instances, the actors used periodic EWS queries [T1119] to collect new emails sent and received since the last data exfiltration [T1029]. The actors typically used infrastructure in close geographic proximity to the victim. Long gaps between exfiltration, the use of trusted and legitimate protocols, and the use of local infrastructure allowed for long-term collection of sensitive data to go undetected.
Connections to Targeting of IP Cameras
In addition to targeting logistics entities, unit 26165 actors likely used access to private cameras at key locations, such as near border crossings, military installations, and rail stations, to track the movement of materials into Ukraine. The actors also used legitimate municipal services, such as traffic cams.
The actors targeted Real Time Streaming Protocol (RTSP) servers hosting IP cameras primarily located in Ukraine as early as March 2022 in a large-scale campaign, which included attempts to enumerate devices [T1592] and gain access to the cameras’ feeds [T1125]. Actor-controlled servers sent RTSP DESCRIBE requests destined for RTSP servers, primarily hosting IP cameras [T1090.002]. The DESCRIBE requests were crafted to obtain access to IP cameras located on logically distinct networks from that of the routers that received the request. The requests included Base64-encoded credentials for the RTSP server, which included publicly documented default credentials and likely generic attempts to brute force access to the devices [T1110]. An example of an RTSP request is shown in Figure 3.
Successful RTSP 200 OK responses contained a snapshot of the IP camera’s image and IP camera metadata such as video codec, resolution, and other properties depending on the IP camera’s configuration.
From a sample available to the authoring agencies of over 10,000 cameras targeted via this effort, the geographic distribution of victims showed a strong focus on cameras in Ukraine and border countries, as shown in Table 1:
Table 1: Geographic distribution of targeted IP cameras
Country
Percentage of Total Attempts
Ukraine
81.0%
Romania
9.9%
Poland
4.0%
Hungary
2.8%
Slovakia
1.7%
Others
0.6%
Mitigation Actions
General Security Mitigations
Architecture and Configuration
Employ appropriate network segmentation [D3-NI] and restrictions to limit access and utilize additional attributes (such as device information, environment, and access path) when making access decisions [D3-AMED].
Consider Zero Trust principles when designing systems. Base product choices on how those products can solve specific risks identified as part of the end-to-end design. [9]
Ensure that host firewalls and network security appliances (e.g., firewalls) are configured to only allow legitimately needed data flows between devices and servers to prevent lateral movement [D3-ITF]. Alert on attempts to connect laterally between host devices or other unusual data flows.
Use automated tools to audit access logs for security concerns and identify anomalous access requests [D3-RAPA].
For organizations using on-premises authentication and email services, block and alert on NTLM/SMB requests to external infrastructure [D3-OTF].
Utilize endpoint, detection, and response (EDR) and other cybersecurity solutions on all systems, prioritizing high value systems with large amounts of sensitive data such as mail servers and domain controllers [D3-PM] first.
Perform threat and attack modeling to understand how sensitive systems may be compromised within an organization’s specific architecture and security controls. Use this to develop a monitoring strategy to detect compromise attempts and select appropriate products to enact this strategy.
Collect and monitor Windows logs for certain events, especially for events that indicate that a log was cleared unexpectedly [D3-SFA].
Enable optional security features in Windows to harden endpoints and mitigate initial access techniques [D3-AH]:
Enable attack surface reduction rules to prevent executable content from email [D3-ABPI].
Enable attack surface reduction rules to prevent execution of files from globally writeable directories, such as Downloads or %APPDATA% [D3-EAL].
Unless users are involved in the development of scripts, limit the local execution of scripts (such as batch scripts, VBScript, JScript/JavaScript, and PowerShell [10]) to known scripts [D3-EI], and audit execution attempts.
Disable Windows Host Scripting functionality and configure PowerShell to run in Constrained mode [D3-ACH].
Where feasible, implement allowlisting for applications and scripts to limit execution to only those needed for authorized activities, blocking all others by default [D3-EAL].
Consider using open source SIGMA rules as a baseline for detecting and alerting on suspicious file execution or command parameters [D3-PSA].
Use services that provide enhanced browsing services and safe link checking [D3-URA]. Significant reductions in successful spearphishing attempts were noted when email providers began offering link checking and automatic file detonation to block malicious content.
Where possible, block logins from public VPNs, including exit nodes in the same country as target systems, or, if they need to be allowed, alert on them for further investigation. Most organizations should not need to allow incoming traffic, especially logins to systems, from VPN services [D3-NAM].
Educate users to only use approved corporate systems for relevant government and military business and avoid the use of personal accounts on cloud email providers to conduct official business. Network administrators should also audit both email and web request logs to detect such activity.
Many organizations may not need to allow outgoing traffic to hosting and API mocking services, which are frequently used by GRU unit 26165. Organizations should consider alerting on or blocking the following services, with exceptions allowlisted for legitimate activity [D3-DNSDL].
*.000[.]pe
*.1cooldns[.]com
*.42web[.]io
*.4cloud[.]click
*.accesscan[.]org
*.bumbleshrimp[.]com
*.camdvr[.]org
*.casacam[.]net
*.ddnsfree[.]com
*.ddnsgeek[.]com
*.ddnsguru[.]com
*.dynuddns[.]com
*.dynuddns[.]net
*.free[.]nf
*.freeddns[.]org
*.frge[.]io
*.glize[.]com
*.great-site[.]net
*.infinityfreeapp[.]com
*.kesug[.]com
*.loseyourip[.]com
*.lovestoblog[.]com
*.mockbin[.]io
*.mockbin[.]org
*.mocky[.]io
*.mybiolink[.]io
*.mysynology[.]net
*.mywire[.]org
*.ngrok[.]io
*.ooguy[.]com
*.pipedream[.]net
*.rf[.]gd
*.urlbae[.]com
*.webhook[.]site
*.webhookapp[.]com
*.webredirect[.]org
*.wuaze[.]com
Heuristic detections for web requests to new subdomains, including of the above providers, may uncover malicious phishing activity [D3-DNRA]. Logging the requests for each sub-domain requested by users on a network, such as in DNS or firewall logs, may enable system administrators to identify new targeting and victims.
Identity and Access Management
Organizations should take measures to ensure strong access controls and mitigate against common credential theft techniques:
Use MFA with strong factors, such as passkeys or PKI smartcards, and require regular re-authentication [D3-MFA]. [11], [12] Strong authentication factors are not guessable using dictionary techniques, so they resist brute force attempts.
Implement other mitigations for privileged accounts: including limiting the number of admin accounts, considering using hardware MFA tokens, and regularly reviewing all privileged user accounts [D3-JFAPA].
Separate privileged accounts by role and alert on misuse of privileged accounts [D3-UAP]. For example, email administrator accounts should be different from domain administrator accounts.
Reduce reliance on passwords; instead, consider using services like single sign-on [D3-TBA].
For organizations using on-premises authentication and email services, plan to disable NTLM entirely and migrate to more robust authentication processes such as PKI certificate authentication.
Do not store passwords in Group Policy Preferences (GPP). Remove all passwords previously included in GPP and change all passwords on the corresponding accounts [D3-CH]. [13]
Use account throttling or account lockout [D3-ANET]:
Throttling is preferred to lockout. Throttling progressively increases time delay between successive login attempts.
Account lockout can leave legitimate users unable to access their accounts and requires access to an account recovery process.
Account lockout can provide a malicious actor with an easy way to launch a Denial of Service (DoS).
If using lockout, then allowing 5 to 10 attempts before lockout is recommended.
Use a service to check for compromised passwords before using them [D3-SPP]. For example, “Have I Been Pwned” can be used to check whether a password has been previously compromised without disclosing the potential password.
Change all default credentials [D3-CRO] and disable protocols that use weak authentication (e.g., clear-text passwords or outdated and vulnerable authentication or encryption protocols) or do not support multi-factor authentication [D3-ACH] [D3-ET]. Always configure access controls carefully to ensure that only well-maintained and well-authenticated accounts have access. [13]
IP Camera Mitigations
The following mitigation techniques for IP cameras can be used to defend against this type of malicious activity:
Ensure IP cameras are currently supported. Replace devices that are out of support.
Apply security patches and firmware updates to all IP cameras [D3-SU].
Disable remote access to the IP camera, if unnecessary [D3-ITF].
Ensure cameras are protected by a security appliance, if possible, such as by using a firewall to prevent communication with the camera from IP addresses not on an allowlist [D3-NAM].
If remote access to IP camera feeds is required, ensure authentication is enabled [D3-AA] and use a VPN to connect remotely [D3-ET]. Use MFA for management accounts if supported [D3-MFA].
Disable Universal Plug and Play (UPnP), Peer-to-Peer (P2P), and Anonymous Visit features on IP cameras and routers [D3-NI].
Turn off other ports/services not in use (e.g., FTP, web interface, etc.) [D3-ACH].
If supported, enable authenticated RTSP access only [D3-AA].
Review all authentication activity for remote access to make sure it is valid and expected [D3-UBA]. Investigate any unexpected or unusual activity.
Audit IP camera user accounts to ensure they are an accurate reflection of your organization and that they are being used as expected [D3-UAP].
Configure, tune, and monitor logging—if available—on the IP camera.
Indicators of Compromise (IOCs)
Note: Specific IoCs may no longer be actor controlled, may themselves be compromised infrastructure or email accounts, or may be shared infrastructure such as public VPN or Tor exit nodes. Care should be taken when basing triaging logs or developing detection rules on these indicators. GRU unit 26165 almost certainly uses extensive further infrastructure and TTPs not specifically listed in this report.
Utilities and scripts
Legitimate utilities
Unauthorized or unusual use of the following legitimate utilities can be an indication of a potential compromise:
ntdsutil – A legitimate Windows executable used by threat actors to export contents of Active Directory
wevtutil – A legitimate Windows executable used by threat actors to delete event logs
vssadmin – A legitimate Windows executable possibly used by threat actors to make a copy of the server’s C: drive
ADexplorer – A legitimate window executable to view, edit, and backup Active Directory Certificate Services
OpenSSH – The Windows version of a legitimate open source SSH client
schtasks – A legitimate Windows executable used to create persistence using scheduled tasks
whoami – A legitimate Windows executable used to retrieve the name of the current user
tasklist – A legitimate Windows executable used to retrieve the list of running processes
hostname – A legitimate Windows executable used to retrieve the device name
arp – A legitimate Windows executable used to retrieve the ARP table for mapping the network environment
systeminfo – A legitimate Windows executable used to retrieve a comprehensive summary of device and operating system information
net – A legitimate Windows executable used to retrieve detailed user information
wmic – A legitimate Windows executable used to interact with Windows Management Instrumentation (WMI), such as to retrieve letters assigned to logical partitions on storage drives
cacls – A legitimate Windows executable used to modify permissions on files
icacls – A legitimate Windows executable used to modify permissions to files and handle integrity levels and ownership
ssh – A legitimate Windows executable used to establish network shell connections
reg – A legitimate Windows executable used to add to or modify the system registry
Note: Additional heuristics are needed for effective hunting for these and other living off the land (LOTL) binaries to avoid being overwhelmed by false positives if these legitimate management tools are used regularly. See the joint guide, Identifying and Mitigating Living Off the Land Techniques, for guidance on developing a multifaceted cybersecurity strategy that enables behavior analytics, anomaly detection, and proactive hunting, which are part of a comprehensive approach to mitigating cyber threats that employ LOTL techniques.
Malicious scripts
Certipy – An open source python tool for enumerating and abusing Active Directory Certificate Services
Get-GPPPassword.py – An open source python script for finding insecure passwords stored in Group Policy Preferences
ldap-dump.py – A script for enumerating user accounts and other information in Active Directory
Hikvision backdoor string: “YWRtaW46MTEK”
Suspicious command lines
While the following utilities are legitimate, and using them with the command lines shown may also be legitimate, these command lines are often used during malicious activities and could be an indication of a compromise:
edge.exe “-headless-new -disable-gpu”
ntdsutil.exe “activate instance ntds” ifm “create full C:temp[a-z]{3}” quit quit
Disclaimer: These IP addresses date June 2024 through August 2024. The authoring agencies recommend organizations investigate or vet these IP addresses prior to taking action, such as blocking.
June 2024
July 2024
August 2024
192[.]162[.]174[.]94
207[.]244[.]71[.]84
31[.]135[.]199[.]145
79[.]184[.]25[.]198
91[.]149[.]253[.]204
103[.]97[.]203[.]29
162[.]210[.]194[.]2
31[.]42[.]4[.]138
79[.]185[.]5[.]142
91[.]149[.]254[.]75
209[.]14[.]71[.]127
46[.]112[.]70[.]252
83[.]10[.]46[.]174
91[.]149[.]255[.]122
109[.]95[.]151[.]207
46[.]248[.]185[.]236
83[.]168[.]66[.]145
91[.]149[.]255[.]19
64[.]176[.]67[.]117
83[.]168[.]78[.]27
91[.]149[.]255[.]195
64[.]176[.]69[.]196
83[.]168[.]78[.]31
91[.]221[.]88[.]76
64[.]176[.]70[.]18
83[.]168[.]78[.]55
93[.]105[.]185[.]139
64[.]176[.]70[.]238
83[.]23[.]130[.]49
95[.]215[.]76[.]209
64[.]176[.]71[.]201
83[.]29[.]138[.]115
138[.]199[.]59[.]43
70[.]34[.]242[.]220
89[.]64[.]70[.]69
147[.]135[.]209[.]245
70[.]34[.]243[.]226
90[.]156[.]4[.]204
178[.]235[.]191[.]182
70[.]34[.]244[.]100
91[.]149[.]202[.]215
178[.]37[.]97[.]243
70[.]34[.]245[.]215
91[.]149[.]203[.]73
185[.]234[.]235[.]69
70[.]34[.]252[.]168
91[.]149[.]219[.]158
192[.]162[.]174[.]67
70[.]34[.]252[.]186
91[.]149[.]219[.]23
194[.]187[.]180[.]20
70[.]34[.]252[.]222
91[.]149[.]223[.]130
212[.]127[.]78[.]170
70[.]34[.]253[.]13
91[.]149[.]253[.]118
213[.]134[.]184[.]167
70[.]34[.]253[.]247
91[.]149[.]253[.]198
70[.]34[.]254[.]245
91[.]149[.]253[.]20
Detections
Customized NTLM listener
rule APT28_NTLM_LISTENER {
meta:
description = "Detects NTLM listeners including APT28's custom one"
( any of ($sysinternals_*) and any of ($psexec_*) )
or
( 2 of ($network_*) and 2 of ($psexec_*))
)
}
The cybersecurity industry provides overlapping cyber threat intelligence, IOCs, and mitigation recommendations related to GRU unit 26165 cyber actors. While not all encompassing, the following are the most notable threat group names related under MITRE ATT&CK G0007 and commonly used within the cybersecurity community:
APT28 [14]
Fancy Bear [14]
Forest Blizzard [14]
Blue Delta [15]
Note: Cybersecurity companies have different methods of tracking and attributing cyber actors, and this may not be a 1:1 correlation to the U.S. government’s understanding for all activity related to these groupings.
Further Reference
To search for the presence of malicious email messages targeting CVE-2023-23397, network defenders may consider using the script published by Microsoft: https://aka.ms/CVE-2023-23397ScriptDoc.
For the Impacket TTP, network defenders may consider using the following publicly available Impacket YARA detection rule: https://github.com/Neo23x0/signature-base/blob/master/yara/gen_impacket_tools.yar
Works Cited
[1] Microsoft. Defending Ukraine: Early Lessons from the Cyber War. 2022. https://blogs.microsoft.com/on-the-issues/2022/06/22/defending-ukraine-early-lessons-from-the-cyber-war/ [2] FBI et al. Russian Cyber Actors Use Compromised Routers to Facilitate Cyber Operations. 2024. https://media.defense.gov/2024/Feb/27/2003400753/-1/-1/0/CSA-Russian-Actors-Use-Routers-Facilitate-Cyber_Operations.PDF [3] NSA et al. Russian GRU Conducting Global Brute Force Campaign to Compromise Enterprise and Cloud Environments. 2021. https://media.defense.gov/2021/Jul/01/2002753896/-1/-1/0/CSA_GRU_GLOBAL_BRUTE_FORCE_CAMPAIGN_UOO158036-21.PDF [4] ANSSI. Campagnes d'attaques du mode opératoire APT28 depuis 2021. 2023. https://cert.ssi.gouv.fr/cti/CERTFR-2023-CTI-009/ [5] ANSSI. Targeting and compromise of french entities using the APT28 intrusion set. 2025. https://cert.ssi.gouv.fr/cti/CERTFR-2025-CTI-007/ [6] Polish Cyber Command. Detecting Malicious Activity Against Microsoft Exchange Servers. 2023. https://www.wojsko-polskie.pl/woc/articles/aktualnosci-w/detecting-malicious-activity-against-microsoft-exchange-servers/ [7] IBM. Israel-Hamas Conflict Lures to Deliver Headlace Malware. 2023. https://securityintelligence.com/x-force/itg05-ops-leverage-israel-hamas-conflict-lures-to-deliver-headlace-malware/ [8] CERT-UA. APT28: From Initial Attack to Creating Domain Controller Threats in an Hour. 2023. https://cert.gov.ua/article/6276894 [9] NSA. Embracing a Zero Trust Security Model. 2021. https://media.defense.gov/2021/Feb/25/2002588479/-1/-1/0/CSI_EMBRACING_ZT_SECURITY_MODEL_UOO115131-21.PDF [10] NSA et al. Keeping PowerShell: Security Measures to Use and Embrace. 2022. https://media.defense.gov/2022/Jun/22/2003021689/-1/-1/0/CSI_KEEPING_POWERSHELL_SECURITY_MEASURES_TO_USE_AND_EMBRACE_20220622.PDF [11] National Institute of Standards and Technology (NIST). Special Publication 800-63B: Digital Identity Guidelines – Authentication and Lifecycle Management. 2020. https://pages.nist.gov/800-63-3/sp800-63b.html [12] NSA. Selecting Secure Multi-factor Authentication Solutions. October 16, 2020. https://media.defense.gov/2024/Jul/31/2003515137/-1/-1/0/MULTIFACTOR_AUTHENTICATION_SOLUTIONS_UOO17091520.PDF [13] NSA and CSA. NSA and CISA Red and Blue Teams Share Top Ten Cybersecurity Misconfigurations. 2023. https://media.defense.gov/2023/Oct/05/2003314578/-1/-1/0/JOINT_CSA_TOP_TEN_MISCONFIGURATIONS_TLP-CLEAR.PDF
[14] Department of Justice. Justice Department Conducts Court-Authorized Disruption of Botnet Controlled by the Russian Federation’s Main Intelligence Directorate of the General Staff (GRU). 2024. https://www.justice.gov/archives/opa/pr/justice-department-conducts-court-authorized-disruption-botnet-controlled-russian [15] Recorded Future. GRU’s BlueDelta Targets Key Networks in Europe with Multi-Phase Espionage Campaigns. 2024. https://go.recordedfuture.com/hubfs/reports/CTA-RU-2024-0530.pdf
Disclaimer of endorsement
The information and opinions contained in this document are provided "as is" and without any warranties or guarantees. Reference herein to any specific commercial products, process, or service by trade name, trademark, manufacturer, or otherwise, does not constitute or imply its endorsement, recommendation, or favoring by the United States Government, and this guidance shall not be used for advertising or product endorsement purposes.
Purpose
This document was developed in furtherance of the authoring agencies’ cybersecurity missions, including their responsibilities to identify and disseminate threats and to develop and issue cybersecurity specifications and mitigations. This information may be shared broadly to reach all appropriate stakeholders.
Contact
United States organizations
National Security Agency (NSA)
Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI)
U.S. organizations are encouraged to reporting suspicious or criminal activity related to information in this advisory to CISA via the agency’s Incident Reporting System, its 24/7 Operations Center (report@cisa.gov or 888-282-0870), or your local FBI field office. When available, please include the following information regarding the incident: date, time, and location of the incident; type of activity; number of people affected; type of equipment user for the activity; the name of the submitting company or organization; and a designated point of contact.
Department of Defense Cyber Crime Center (DC3)
United Kingdom organizations
Germany organizations
Czech Republic organizations
Poland organizations
Australian organizations
Visit cyber.gov.au or call 1300 292 371 (1300 CYBER 1) to report cybersecurity incidents and access alerts and advisories.
Canadian organizations
Estonia organizations
French organizations
French organizations are encouraged to report suspicious activity or incident related to information found in this advisory by contacting ANSSI/CERT-FR by email at cert-fr@ssi.gouv.fr or by phone at: 3218 or +33 9 70 83 32 18.
See Table 2 through Table 14 for all the threat actor tactics and techniques referenced in this advisory.
Table 2: Reconnaissance
Tactic/Technique Title
ID
Use
Reconnaissance
TA0043
Conducted reconnaissance on at least one entity involved in the production of ICS components for railway management.
Conducted contact information reconnaissance to identify additional targets in key positions.
Gather Victim Org Information
T1591
Conducted reconnaissance of the cybersecurity department.
Gather Victim Org Information: Identify Roles
T1591.004
Conducted reconnaissance of individuals responsible for coordinating transport.
Gather Victim Org Information: Business Relationships
T1591.002
Conducted reconnaissance of other companies cooperating with the victim entity.
Gather Victim Host Information
T1592
Attempted to enumerate Real Time Streaming Protocol (RTSP) servers hosting IP cameras.
Table 3: Resource development
Tactic/Technique Title
ID
Use
Compromise Accounts: Email Accounts
T1586.002
Sent phishing emails using compromised accounts.
Compromise Accounts: Cloud Accounts
T1586.003
Sent phishing emails using compromised accounts.
Table 4: Initial Access
Tactic/Technique Title
ID
Use
Trusted Relationship
T1199
Conducted follow-on targeting of additional entities in the transportation sector that had business ties to the primary target, exploiting trust relationships to attempt to gain additional access.
Phishing
T1566
Used spearphishing for credentials and delivering malware to gain initial access to targeted entities.
Phishing: Spearphishing Attachment
T1566.001
Sent emails with malicious attachments.
Phishing: Spearphishing Link
T1566.002
Used spearphishing with included links to fake login pages. Sent emails with embedded hyperlinks that downloaded a malicious archive.
Phishing: Spearphishing Voice
T1566.004
Attempted to use voice phishing to gain access to privileged accounts by impersonating IT staff.
External Remote Services
T1133
Exploited Internet-facing infrastructure, including corporate VPNs, to gain initial access to targeted entities.
Exploit Public-Facing Application
T1190
Exploited public vulnerabilities and SQL injection to gain initial access to targeted entities.
Content Injection
T1659
Leveraged a WinRAR vulnerability allowing for the execution of arbitrary code embedded in an archive.
Table 5: Execution
Tactic/Technique Title
ID
Use
User Execution: Malicious Link
T1204.001
Used malicious links to hosted shortcuts in spearphishing.
User Execution: Malicious File
T1204.002
Delivered malware executables via spearphishing.
Scheduled Task/Job: Scheduled Task
T1053.005
Used scheduled tasks to establish persistence.
Command and Scripting Interpreter
T1059
Delivered scripts in spearphishing. Executed arbitrary shell commands.
Command and Scripting Interpreter: PowerShell
T1059.001
PowerShell commands were often used to prepare data for exfiltration.
Command and Scripting Interpreter: Windows Command Shell
T1059.003
Used BAT script in spearphishing.
Command and Scripting Interpreter: Visual Basic
T1059.005
Used VBScript in spearphishing.
Command and Scripting Interpreter: Python
T1059.006
Installed python on infected machines to enable the execution of Certipy.
Enrolled compromised accounts in MFA mechanisms to increase the trust-level of compromised accounts and enable sustained access.
Hijack Execution Flow: DLL Search Order Hijacking
T1574.001
Used DLL search order hijacking to facilitate malware execution.
Boot or Logon Autostart Execution: Registry Run Keys / Startup Folder
T1547.001
Used run keys to establish persistence.
Boot or Logon Autostart Execution: Shortcut Modification
T1547.009
Placed malicious shortcuts in the startup folder to establish persistence.
Table 7: Defense Evasion
Tactic/Technique Title
ID
Use
Indicator Removal: Clear Windows Event Logs
T1070.001
Deleted event logs through the wevtutil utility.
Table 8: Credential access
Tactic/Technique Title
ID
Use
Brute Force
Sent requests with Base64-encoded credentials for the RTSP server, which included publicly documented default credentials, and likely were generic attempts to brute force access to the devices.
Brute Force: Password Guessing
T1110.001
Used credential guessing to gain initial access to targeted entities.
Brute Force: Password Spraying
T1110.003
Used brute force to gain initial access to targeted entities. Conducted a brute force password spray via LDAP.
Multi-Factor Authentication Interception
Used multi-stage redirectors to provide MFA relaying capabilities in some campaigns.
Input Capture
Used multi-stage redirectors to provide CAPTCHA relaying capabilities in some campaigns.
Forced Authentication
Used an Outlook NTLM vulnerability to collect NTLM hashes and credentials via specially crafted Outlook calendar appointment invitations.
OS Credential Dumping: NTDS
T1003.003
Attempted to dump Active Directory NTDS.dit domain databases.
Unsecured Credentials: Group Policy Preferences
T1552.006
Retrieved plaintext passwords via Group Policy Preferences using Get-GPPPassword.py.
Table 9: Discovery
Tactic/Technique Title
ID
Use
Account Discovery: Domain Account
T1087.002
Used a modified ldap-dump.py to enumerate the Windows environment.
Table 10: Command and Control
Tactic/Technique Title
ID
Use
Hide Infrastructure
T1665
Abused SOHO devices to facilitate covert cyber operations, as well as proxy malicious activity, via devices with geolocation in proximity to the target.
Proxy: External Proxy
T1090.002
Actor-controlled servers sent RTSP DESCRIBE requests destined for RTSP servers.
Proxy: Multi-hop Proxy
T1090.003
Used Tor and commercial VPNs as part of their anonymization infrastructure
Encrypted Channel
T1573
Connected to victim infrastructure using encrypted TLS.
Multi-Stage Channels
T1104
Used multi-stage redirectors for campaigns.
Table 11: Defense evasion (mobile framework)
Tactic/Technique Title
ID
Use
Execution Guardrails
Used multi-stage redirectors to verify browser fingerprints in some campaigns.
Execution Guardrails: Geofencing
T1627.001
Used multi-stage redirectors to verify IP-geolocation in some campaigns.
Table 12: Lateral movement
Tactic/Technique Title
ID
Use
Lateral Movement
Used native commands and open source tools, such as Impacket and PsExec, to move laterally within the environment.
Remote Services: Remote Desktop Protocol
T1021.001
Moved laterally within the network using RDP.
Table 13: Collection
Tactic/Technique Title
ID
Use
Email Collection
Retrieved sensitive data from email servers.
Email Collection: Remote Email Collection
T1114.002
Used server data exchange protocols and APIs such as Exchange Web Services (EWS) and IMAP to exfiltrate data from email servers.
Automated Collection
Used periodic EWS queries to collect new emails.
Video Capture
Attempted to gain access to the cameras’ feeds.
Archive Collected Data
Accessed files were archived in .zip files prior to exfiltration.
Archive Collected Data: Archive via Utility
T1560.001
Prepared zip archives for upload to the actors’ infrastructure.
Table 14: Exfiltration
Tactic/Technique Title
ID
Use
Exfiltration Over Alternative Protocol
Attempted to exfiltrate archived data via a previously dropped OpenSSH binary.
Scheduled Transfer
Used periodic EWS queries to collect new emails sent and received since the last data exfiltration.
Appendix B: CVEs exploited
Table 15: Exploited CVE information
CVE
Vendor/Product
Details
CVE-2023-38831
RARLAB WinRAR
Allows execution of arbitrary code when a user attempts to view a benign file within a ZIP archive.
CVE-2023-23397
Microsoft Outlook
External actors could send specially crafted emails that cause a connection from the victim to an untrusted location of the actor’s control, leaking the Net-NTLMv2 hash of the victim that the actor could then relay to another service to authenticate as the victim.
CVE-2021-44026
Roundcube Webmail
Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to a potential SQL injection via search or search params.
CVE-2020-35730
Roundcube Webmail
An XSS issue was discovered in Roundcube Webmail before 1.2.13, 1.3.x before 1.3.16 and 1.4.x before 1.4.10, where a plaintext email message with JavaScript in a link reference element is mishandled by linkref_addindex in rcube_string_replacer.php.
CVE-2020-12641
Roundcube Webmail
Roundcube Webmail before 1.4.4 allows arbitrary code execution via shell metacharacters in a configuration setting for im_convert_path or im_identify_path in rcube_image.php.
Appendix C: MITRE D3FEND Countermeasures
Table 16: MITRE D3FEND countermeasures
Countermeasure Title
ID
Details
Network Isolation
Employ appropriate network segmentation. Disable Universal Plug and Play (UPnP), Peer-to-Peer (P2P), and Anonymous Visit features on IP cameras and routers.
Access Mediation
Limit access and utilize additional attributes (such as device information, environment, and access path) when making access decisions. Configure access controls carefully to ensure that only well-maintained and well-authenticated accounts have access.
Inbound Traffic Filtering
Implement host firewall rules to block connections from other devices on the network, other than from authorized management devices and servers, to prevent lateral movement.
Resource Access Pattern Analysis
Use automated tools to audit access logs for security concerns and identify anomalous access requests.
Outbound Traffic Filtering
Block NTLM/SMB requests to external infrastructure.
Platform Monitoring
Install EDR/logging/cybersecurity solutions onto high value systems with large amounts of sensitive data such as mail servers and domain controllers.
System File Analysis
Collect and monitor Windows logs for certain events, especially for events that indicate that a log was cleared unexpectedly.
Application Hardening
Enable optional security features in Windows to harden endpoints and mitigate initial access techniques.
Application-based Process Isolation
Enable attack surface reduction rules to prevent executable content from email.
Executable Allowlisting
Enable attack surface reduction rules to prevent execution of files from globally writeable directories, such as Downloads or %APPDATA%.
Execution Isolation
Unless users are involved in the development of scripts, limit the execution of scripts (such as batch, JavaScript, and PowerShell) to known scripts.
Application Configuration Hardening
Disable Windows Host Scripting functionality and configure PowerShell to run in Constrained mode. Disable protocols that use weak authentication (e.g., clear-text passwords, or outdated and vulnerable authentication or encryption protocols) or do not support multi-factor authentication. Turn off other ports/services not in use (e.g., FTP, web interface, etc.).
Process Spawn Analysis
Use open source SIGMA rules as a baseline for detecting and alerting on suspicious file execution or command parameters.
URL Reputation Analysis
Use services that provide enhanced browsing services and safe link checking.
Network Access Mediation
Do not allow incoming traffic, especially logins to systems, from public VPN services. Where possible, logins from public VPNs, including exit nodes in the same country as target systems, should be blocked or, if allowed, alerted on for further investigation. Ensure cameras and other Internet of Things devices are protected by a security appliance, if possible.
DNS Denylisting
D3-DNSDL
Do not allow outgoing traffic to hosting and API mocking services frequently used by malicious actors.
Domain Name Reputation Analysis
Heuristic detections for web requests to new subdomains may uncover malicious phishing activity. Logging the requests for each sub-domain requested by users on a network, such as in DNS or firewall logs, may enable system administrators to identify new targeting and victims.
Multi-factor Authentication
Use MFA with strong factors and require regular re-authentication, especially for management accounts.
Job Function Access Pattern Analysis
D3-JFAPA
Implement other mitigations for privileged accounts: including limiting the number of admin accounts, considering using hardware MFA tokens, and regularly reviewing all privileged user accounts.
User Account Permissions
Separate privileged accounts by role and alert on misuse of privileged accounts. Audit user accounts on all devices to ensure they are an accurate reflection of your organization and that they are being used as expected.
Token-based Authentication
Reduce reliance on passwords; instead, consider using services like single sign-on.
Credential Hardening
Do not store passwords in Group Policy Preferences (GPP). Remove all passwords previously included in GPP and change all passwords on the corresponding accounts.
Authentication Event Threshholding
Use account throttling or account lockout. Throttling progressively increases time delay between successive login attempts. If using account lockout, allow between 5 to 10 attempts before lockout.
Strong Password Policy
Use a service to check for compromised passwords before using them.
Credential Rotation
Change all default credentials.
Encrypted Tunnels
Disable protocols that use weak authentication (e.g., clear-text passwords, or outdated and vulnerable authentication or encryption protocols). Use a VPN for remote connections to devices.
Software Update
Apply security patches and firmware updates to all devices. Ensure devices are currently supported. Replace devices that are end-of-life.
Agent Authentication
Ensure authentication is enabled for remote access to devices. If supported on IP cameras, enable authenticated RTSP access only.
User Behavior Analysis
Review all authentication activity for remote access to make sure it is valid and expected. Investigate any unexpected or unusual activity.
News In Brief – Source: US Computer Emergency Readiness Team
Today, CISA, the National Security Agency, the Federal Bureau of Investigation, and other U.S. and international partners released a joint Cybersecurity Advisory, Russian GRU Targeting Western Logistics Entities and Technology Companies.
This advisory details a Russian state-sponsored cyber espionage-oriented campaign targeting technology companies and logistics entities, including those involved in the coordination, transport, and delivery of foreign assistance to Ukraine.
Russian General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center, military unit 26165 cyber actors are using a mix of previously disclosed tactics, techniques, and procedures (TTPs) and are likely connected to these actors’ widescale targeting of IP cameras in Ukraine and bordering NATO nations.
Executives and network defenders at logistics entities and technology companies should recognize the elevated threat of until 26165 targeting, increase monitoring and threat hunting for known TTPs and indicators of compromise, and posture network defenses with a presumption of targeting. For more information on Russian state-sponsored threat actor activity, see CISA’s Russia Cyber Threat Overview and Advisories page.
Source: United States Senator for Commonwealth of Virginia Mark R Warner
WASHINGTON – U.S. Sens. Mark R. Warner (D-VA), Tim Kaine (D-VA), and Michael Bennet (D-CO) issued the statement below after the Department of Defense (DoD) announced immediate modifications to the military’s broken moving system, which handles servicemember relocations. These modifications follow close advocacy by the senators, who have pushed for months to address the delays, poor communication, and repeated issues under the Global Household Goods Contract.
“Military members and their families sacrifice so much in service to our country, including every time they relocate and integrate into a new community. After pushing for months, we’re pleased to see the Department of Defense move to address ongoing challenges with the contract tasked with moving household goods for military members and families in the process of relocating.
“As these policy changes are implemented, we will continue to work with the Department of Defense and TRANSCOM to ensure that servicemembers and military families who are already well into the relocation process are not left in the lurch. Additionally, as these shifts put more pressure on federal employees to adapt to this change, we will continue to push for adequate federal staffing levels and against Trump’s senseless hiring freeze, which continues to prevent critical positions from being filled across government.”
In February, Sen. Warner requested a briefing from USTRANSCOM and sounded the alarm about missed household goods pickups, delivery issues, and communication difficulties with HomeSafe Alliance, the contractor responsible for the moves. Earlier this month, the lawmakers raised their concerns, reiterating the ongoing delays and confusion being faced by military families, and requesting additional information from TRANSCOM on its plan to address these issues.
Headline: Tawazun Council and Thales Sign Agreement to Establish Ground Master Air Surveillance Radar Production Facility in UAE
Share this article
As part of the Tawazun Economic Program, Thales Emarat Technologies announces its investment in a state-of-the-art factory to produce Ground Master series air surveillance radars.
The facility is expected to be fully operational by 2027, enhancing the UAE’s sovereign and manufacturing capabilities.
This strategic cooperation agreement signed between Tawazun Council and Thales aims to strengthen partnership and support local production.
Abu Dhabi, 20 May 2025 – Tawazun Council and Thales, have signed a cooperation agreement to produce locally advanced Ground Master series air surveillance radars. This agreement supports the UAE’s vision to boost local manufacturing and develop national defence capabilities.
The signing took place during the fourth edition of “Make it in the Emirates 2025,” with Matar Ali Al Romaithi, Sector Chief of Defence and Security Industry Affairs at Tawazun Council, and Abdelhafid Mordi, CEO of Thales in the UAE, alongside representatives from both sides.
This reflects Thales’ commitment to supporting the UAE’s vision of advancing manufacturing capabilities through innovation and industrial excellence.
The Ground Master radars are internationally recognized for their reliability, superior performance, mobility, and adaptability to diverse missions, positioning them amongst the world’s leading air surveillance and defence systems. The facility is scheduled to be fully operational by 2027, where it will assemble, test, and qualify advanced air surveillance radars to meet both domestic and export markets needs.
This factory will serve as a strategic asset, bolstering the UAE’s defence manufacturing capabilities, enhancing self-sufficiency in critical technologies, and providing flexibility to address varying operational requirements.
A core pillar of Thales Radar Centre of Excellence’s expansion is the development of Emirati talents. Thales places localization at the heart of its growth strategy through advanced training programs and sustainable professional career development, building specialized local expertise in advanced radar technologies in support of the UAE’s National Defence Strategy and its vision of a highly capable, future-ready national workforce. As the project is not only focused on building the radar system, but also on qualifying domestic suppliers, it further contributes to strengthening the national industrial base and promoting long-term self-reliance.
Commenting on the agreement, Matar Ali Al Romaithi, Sector Chief of Defence and Security Industry Affairs at Tawazun Council, said:“The expansion of Thales’ Radar Centre of Excellence reflects the strength of the UAE’s defence industrial strategy and its regional leadership in advanced technologies. This initiative enhances national capabilities in air surveillance radar systems while creating significant opportunities for local companies to grow, innovate, and compete globally.”
Abdelhafid Mordi, CEO of Thales in the UAE said:“Thales is proud to contribute to the growth of the UAE’s industrial defence ecosystem by advancing local capabilities, in-line with the national vision. The expansion of our Radar Centre of Excellence, through the establishment of a new production facility, marks a major milestone – from integration, testing, manufacturing to lifecycle support. This investment reinforces the UAE’s sovereignty in critical defence technologies, strengthens the national supply chain, embarks UAE talents and deepens local expertise in advanced radar systems.”
About Thales
Thales (Euronext Paris: HO) is a global leader in advanced technologies for the Defence, Aerospace, and Cyber & Digital sectors. Its portfolio of innovative products and services addresses several major challenges: sovereignty, security, sustainability and inclusion.
The Group invests more than €4 billion per year in Research & Development in key areas, particularly for critical environments, such as Artificial Intelligence, cybersecurity, quantum and cloud technologies.
Thales has more than 83,000 employees in 68 countries. In 2024, the Group generated sales of €20.6 billion.
About Thales in the UAE
Thales has been present in the UAE for 50 years, providing customers with technologically advanced solutions in Defence and Security, Digital Identity and Security, Aerospace, and Space industries.
Part of the Tawazun Economic Program, Thales Emarat Technologies (TET) is a fully-owned Thales Group entity that was established in 2019 to boost localization and the development of Emirati talent. It houses centres of excellence for critical systems and a variety of defence and digital aerospace technologies. Since its establishment in 2019, Tawazun Economic Council and TET have launched the Radar Centre of Excellence, the Defence Services Center and Digital Center of Excellence.
Source: United States House of Representatives – Congresswoman Norma Torres (35th District of California)
May 21, 2025
Amendments Address Critical Issues facing Californians, including higher taxes, Cuts to Healthcare and food assistance, and dangerous Trump Administration changes to Air Safety Systems
WASHINGTON, D.C. — Congresswoman Norma Torres introduced targeted amendments to the Republican Budget Reconciliation aimed at protecting working families’ access to healthcare, food assistance, fairness in tax policy, and protecting essential public services. These amendments address critical areas, including healthcare, SNAP, transportation, and infrastructure, ensuring that policies serve the best interests of American workers and communities.
“Republican budget proposals threaten essential programs that millions of Americans depend on,” said Congresswoman Torres. “These amendments are a necessary step to ensure that our tax policies, public services, and infrastructure investments are fair and effective in supporting the American people.”
The proposed amendments aim to address the issues in the Republican Budget Reconciliation bill, which includes cutting healthcare coverage for nearly 14 million people, reducing SNAP benefits by $300 billion, and leaving 42 million Americans facing cuts to their benefits:
Protect Healthcare and Prevent Medicaid Cuts: Torres is pushing to strike provisions to cut hundreds of billions of dollars from Medi-Cal, California’s Medicaid. This amendment would protect the healthcare of millions of Americans who rely on Medicaid for essential health services, including the nearly 340,000 adults and children in the Inland Empire who rely on Medi-Cal (California’s Medicaid program). Cuts to Medicaid disproportionately harm children, seniors, and people with disabilities. A cut to Medicaid is also a cut to Medicare, as 30% of Medicaid dollars support Medicare enrollees.
Prevent Harmful SNAP Cuts: Torres is proposing an amendment to prevent $300 billion in cuts to the Supplemental Nutrition Assistance Program (SNAP), which would endanger the food security of millions of American families, including 112,000 Americans in the Inland Empire. By striking these harmful provisions, nearly 90% of households that participate in SNAP have either a child, a senior, or an individual with disability. Rep. Torres seeks to protect vulnerable working families from losing access to the resources they need to stay healthy and nourished.
Lift the SALT Deduction Cap: Torres is advocating for the removal of the $10,000 cap on State and Local Tax (SALT) deductions that Trump signed into law in 2017. By limiting the SALT deduction to $10,000, the Trump 2017 Tax bill effectively raised taxes on Californians by eliminating their ability to deduct their state and local tax payments (including state income taxes and local property taxes) from their income for federal taxes. As residents of a state with a high cost of living and high housing costs, hardworking Californians are hit particularly hard by Trump’s cap on the SALT deduction. Californians pay more than their fair share of taxes, contributing $83 billion more in federal taxes than they received in return. Lifting the cap is about fairness and provides Californians with deserved tax relief in Trump’s high-priced economy.
Protect Aviation Safety and Ensure Fair FAA Staffing Practices: Torres introduced an amendment to keep the flying public safe, protecting Federal Aviation Administration (FAA) employees from unlawful firings. The FAA has fired at least 400 individuals responsible for maintaining air traffic control systems. This amendment will ensure that no funds made available by this Act may be used to terminate a probationary or non-probationary employee unless an individual performance assessment is conducted. This amendment aims to prevent unlawful terminations, ensuring that FAA staff are treated fairly and that safety standards are upheld for the traveling public. This amendment protects local jobs while maintaining air travel safety standards at Ontario International and regional airports.
Support California’s Critical Infrastructure Needs: Torres is fighting back against the indefensible corruption of this Administration, specifically the newly released U.S. Army Corps of Engineers plan to help only Republican leaning states, not all Americans equally. Torres is advocating for the U.S. Army Corps of Engineers (USACE) to allocate resources for California’s water infrastructure, environmental restoration, and flood management projects. Given California’s challenges with drought, wildfires, and floods, this amendment is designed to strengthen the state’s infrastructure and ensure communities are better protected from environmental and flood-related disasters.
Remove harmful tax on remittances: Torres is fighting back against this bill’s unjust 5% federal tax on remittance transfers that targets immigrant communities. With Americans sending over $93 billion in 2023 to help families abroad with basic necessities, this tax would devastate economies in countries like Honduras, Haiti, and El Salvador, where remittances comprise up to 30% of GDP. This amendment would prevent harmful policies that destabilize regional allies, contradict migration management efforts, and punish those playing by the rules—ensuring our policies support rather than harm immigrant communities and diplomatic partnerships.
“These amendments are designed to protect the well-being of American families, ensure the long-term viability of essential public programs, and support fair policies that address the unique needs of communities across the country,” Congresswoman Torres added. “We cannot afford to let partisan politics undermine the services and resources that our citizens rely on every day.”
Source: United States House of Representatives – Congressman Scott Perry (PA-10)
Washington, D.C. – Today, Congressman Scott Perry (PA-10), with Senator Rick Scott (FL), and co-sponsored by Congressman Tom Tiffany (WI-07), introduced the Taiwan PLUS Act to strengthen U.S.–Taiwan defense cooperation and ensure peak efficiency in delivering vital weapons systems to deter the Chinese Communist Party (CCP).
“Taiwan is on the front lines of CCP’s growing aggression, and it’s time our policies reflect the urgency of the threat,” said Congressman Perry. “This legislation streamlines our arms sales process to Taiwan, strengthens deterrence, and solidifies our commitment to defending American interests in the Indo-Pacific.”
Under current law, Taiwan must wait for congressional notification and a 30-day review period when requesting critical weapons systems exceeding low financial thresholds – $14 million for major defense equipment, $50 million for defense services, and $200 million for construction support. The Taiwan PLUS Act boosts these thresholds ($25 million, $100 million, and $300 million, respectively) to the same levels afforded to “NATO Plus” partners and shortens the review window to 15 days. By elevating Taiwan to the same status as trusted U.S. defense partners like Australia, Israel, and Japan, the bill removes red tape and improves speed and efficiency in military aid.
“Communist China has tried to intimidate and overpower our ally, Taiwan for years. Communist China has made clear they are more than willing to invade Taiwan as it continues its attacks on democracy around the world, and the United States must make clear we will continue to stand by Taiwan,”said Senator Rick Scott.The Taiwan PLUS Act will cut red tape and make it faster and easier for Taiwan to purchase the weapons it needs from the U.S. to defend itself should Communist China invade. Taiwan is a critical partner in the Indo-Pacific, and the U.S. must act with urgency to strengthen our defense ties to help our nation and our ally counter these threats from Communist China.“
Taiwan already is one of the United States’ closest defense collaborators – the top Foreign Military Sales customer in FY20, and historically tied with Japan as the third largest buyer since 1950. This bill ensures that future sales meet the moment by providing Taiwan with the tools needed to defend itself when needed.
“Streamlining the arms sale process will help ensure that Taiwan can defend itself in the face of Communist China’s reckless and relentless campaign of intimidation, said Congressman Tom Tiffany. “Promoting greater US-Taiwan security cooperation benefits both of our countries, and that’s exactly what this bill will do.“
As the CCP continues to escalate its hostile posture, the Taiwan PLUS Act sends a clear and unambiguous message: America stands with Taiwan, and will ensure our partners have the means to protect peace, freedom, and security in the Indo-Pacific.
Source: United States House of Representatives – Congressman Scott Peters (52nd District of California)
Washington D.C. – Today, at an Energy and Commerce Committee hearing, Representative Scott Peters (CA-50) thanked Environmental Protection Agency (EPA) Administrator Lee Zeldin for touring the U.S.-Mexico border in southern San Diego and for his commitment to address the scourge of cross-border wastewater pollution. This follows a joint announcement from the EPA and U.S. International Border and Water Commission (IBWC) this morning, that both agencies will speed up the first phase of the incremental expansion of the South Bay International Wastewater Treatment Plant (SBIWTP) from two years to 100 days. This phase will increase the plant’s capacity to treat wastewater from 25 to 35 million gallons per day (mgd). The full project to repair and expand the dilapidated plant, for which Representative Peters and the San Diego delegation have secured $360 million in the last 18 months, will double treatment capacity to 50 mgd.
During the hearing, Rep. Peters stated, “I want to thank you for your recent visit to the South Bay and your tour of the Tijuana River Valley. This contamination issue remains, what I believe is one of the worst environmental catastrophes of the hemisphere and we are so encouraged by your commitment to working on a 100% solution… We’ve all worked really hard to get resources here — Republicans and Democrats. You have a partner here, and we’re happy to partner with you.”
During his opening remarks, EPA Administrator Zeldin stated, “[We] have issued immediate action items for Mexico to permanently and urgently end the Tijuana River sewage crisis that has plagued Southern California for decades.”
Last month, EPA Administrator Zeldin toured the South Bay at Rep. Peters’ invitation to see firsthand the ecological, economic, and health harms caused by this crisis.
Further Background:
Representative Peters has, for years, worked to address the cross-border pollution fouling San Diego’s coastal waters, including pushing for additional funding to fix and expand the dilapidated SBIWTP. The following are some recent actions:
2025
In March, Rep. Peters introduced legislation to authorize the International Boundary and Water Commission (IBWC) to accept funding from federal and non-federal entities for wastewater treatment, flood control projects, or other water conservation efforts.
2024
In January, Rep. Peters took to the House floor to demand that the President’s requested $310 million to fix and expand the dilapidated SBIWTP be included in any upcoming spending deal.
In February, Rep. Peters joined members of San Diego’s Congressional delegation to ask U.S. Navy Secretary Carlos Del Toro about the effects of cross-border pollution on Navy operations.
In March, Rep. Peters celebrated the inclusion of $156 million, at his request, for the International Boundary and Water Commission’s (IBWC) construction budget in the Fiscal Year 2024 Appropriations bill. The IBWC is the federal agency tasked with operating and maintaining the SBIWTP.
In May, Rep. Peters joined Rep. Veronica Escobar (TX-16) in a bipartisan request for $278 million for the IBWC’s construction budget in the Fiscal Year 2025 Appropriations bill.
In August, Rep. Peters hosted Deputy Secretary of State Richard Verma on a tour of the broken wastewater treatment plant.
In September, Rep. Peters joined members of San Diego’s Congressional delegation to reiterate their call for a federal state of emergency declaration amid high levels of toxic gases.
In December, Rep. Peters and the Congressional delegation successfully fought to include an additional $250 million to fully repair and expand the capacity of the SBIWTP in the government funding bill. This brought the total amount of funds secured to $650 million.
2023
In June, Rep. Peters led a letter with other members of the San Diego Congressional delegation to the governor of Baja California urging accountability for the Mexican government’s commitments to build wastewater treatment infrastructure.
In July, members of the San Diego congressional delegation requested that the Environmental Protection Agency assist with directing environmental justice funds from the Infrastructure Investment and Jobs Act and the Inflation Reduction Act to help stop the flow of pollutants and urged Secretary of State Antony Blinken to tour the broken plant.
Also in July, they sent a letter to President Biden and submitted an amendment to the National Defense Authorization Act for Fiscal Year 2024, calling on the administration to declare this crisis a federal emergency.
In August, he led two letters to the Office of Management and Budget and to OMB and the State Department, calling for urgent additional funding to confront this crisis.
In September, he proposed an amendment to the Fiscal Year 2024 Interior, Environment, and Related Programs Appropriations Bill to boost U.S.- Mexico Border Water Infrastructure Grant Program funding. Additionally, he proposed two amendments to the Fiscal Year 2024 State, Foreign Operations, and Related Programs Appropriations Bill to boost annual construction funding to the USIBWC to $100 million.
In October, Rep. Peters led a bipartisan letter to the Department of State demanding a complete account of how the SBIWTP fell into such a severe state of disrepair.
In December, he led a letter urging leaders of the U.S. House of Representatives and U.S. Senate to include President Biden’s $310 million supplemental budget request to repair the SBIWTP in any upcoming funding package.
In previous years, Peters and colleagues have secured funding, introduced legislation, called for investigations, and arranged a visit by EPA Administrator Regan in response to the wastewater contamination crisis.
overnor Kathy Hochul today announced that contracts have been executed for 26 large-scale land-based renewable energy projects that, upon completion, will provide more than 2.5 gigawatts of clean energy, enough to power more than 670,000 homes throughout New York State. These projects are expected to create more than 1,900 near-term, family-supporting jobs and generate more than $6 billion in private investment while reinforcing the State’s commitment to the development of locally-produced clean energy, grid resiliency and economic development.
“New York is creating competitive opportunities for the clean energy industry, and we could not do this without the shared commitment of our private partners,” Governor Hochul said. “The advancement of renewable energy is part of the foundation of New York’s plan to transform to a zero-emission electricity system and continue our green economy’s momentum forward.”
These contracted awards are the result of the New York State Energy Research and Development Authority’s (NYSERDA) 2024 Tier 1 Renewable Energy Standard solicitation. Once constructed, the projects will produce approximately 5,000 gigawatt-hours annually–which is enough to power more than 670,000 homes–provide public health benefits resulting from reduced exposure to harmful air pollutants; and provide more than $300 million in commitments to disadvantaged communities, as defined by the Climate Justice Working Group, from long-term payments to community benefit funds.
New York State Energy Research and Development Authority President and CEO Doreen M. Harris said, “As New York transitions to a clean energy economy, we celebrate these 26 projects and the significant energy they will provide. New York remains an innovator in accelerating clean energy projects, advancing clean energy jobs, and spurring economic development opportunities for businesses and our local communities all across our state.”
Contracted projects include:
Capital Region
Dolan Solar, Washington County
Hawthorn Solar, Rensselaer County
Somers Solar, Washington County
Shepherd’s Run Solar Project, Columbia County
Central New York
Agricola Wind, Cayuga County
Homer Solar Energy Center, Cortland County
Finger Lakes
Highbanks Solar, Livingston County
Horseshoe Solar Energy Center, Livingston and Monroe Counties
Valcour Bliss Windpark, Wyoming County
Mohawk Valley
Dolgeville Hydro, Herkimer County
Flat Creek Solar, Montgomery County
Mill Point Solar I, Montgomery County
Skyline Solar, Oneida County
North Country
ELP Ticonderoga Solar, Essex County
Fort Covington Solar Farm, Franklin County
Lyons Falls Mill Repower, Lewis County
Tracy Solar Energy Center, Jefferson County
Two Rivers Solar Farm, St. Lawrence County
Valcour Altona Windpark, Clinton County
Valcour Clinton Windpark, Clinton County
Southern Tier
High Bridge Wind, Chenango County
Prattsburgh Wind Farm, Steuben County
Yellow Barn Solar, Tompkins County
Western New York
Moraine Solar Energy Center, Allegany County
South Ripley Solar, Chautauqua County
York Run Solar, Chautauqua County
The payments under the contracted projects will only begin once projects are constructed and begin delivering renewable energy to New York after obtaining all required permits and approvals. Several projects have already commenced construction activities. All projects are expected to be operational by 2029.
Additionally, the State will continue to emphasize engagements with the projects’ host communities. NYSERDA offers resources and no-cost technical assistance to help local governments understand how to manage responsible clean energy development in their communities, including step-by-step instructions and tools to guide the coordination of new clean energy projects, permitting processes, property taxes, siting, zoning, and more.
New York State Department of Public Service CEO Rory M. Christian said, “We applaud Governor Hochul’s commitment to move New York State toward a clean energy economy. The projects being announced today will spur the creation of clean energy jobs as well as encouraging economic development opportunities in New York State.”
New York State Department of Environmental Conservation Acting Commissioner Amanda Lefton said, “These large-scale renewable energy projects demonstrate how clean energy and job creation go hand-in-hand to build healthier communities and stronger economies. More than two dozen projects under contracts through NYSERDA will generate renewable power and private investment that helps continue the significant progress underway to reduce polluting power sources.”
New York State Department of Labor Commissioner Roberta Reardon said, “I thank Governor Hochul for maintaining our state’s leadership in the clean energy sector and for continuing to create great career opportunities for New Yorkers statewide. These investments will continue to build a more energy efficient and environmentally friendly future for New York State.”
State Senator Kevin Parker said, “As Chair of the Senate Energy and Telecommunications Committee, I am proud to work alongside NYSERDA, a critical partner in advancing New York’s clean energy future. Their continued leadership in delivering funding awards and innovative programs is essential to meeting the goals of the Climate Leadership and Community Protection Act. Together, we are not only strengthening the state’s electric grid with renewable energy, but also ensuring that disadvantaged communities share in the economic and environmental benefits of this transition.”
New York State AFL-CIO President Mario Cilento said, “Congratulations to Governor Hochul and NYSERDA on another major milestone toward achieving New York’s renewable energy goals while adhering to robust labor standards and protections and Buy American policies. This will create good union jobs while building up the State’s clean energy program.”
New York State Building Trades President Gary LaBarbera said, “Renewable energy projects continue to represent major opportunities for New York to not only achieve the goals set out by CLCPA but also create thousands of family-sustaining union careers and economic stimulus that will reinvigorate our communities and the middle class. The execution of these contracts represents a significant milestone for reaping the benefits of these clean energy initiatives. We thank Governor Hochul and NYSERDA for their continued commitment to pushing forward the development of green infrastructure in New York.”
Alliance for Clean Energy New York Executive Director Marguerite Wells said, “The benefits of locally-produced renewable energy are immense and wide-ranging. We thank Governor Hochul for continuing to guide the state through our clean energy transition, which will not only benefit the New Yorkers of today but also those of generations to come. Today’s announcement shows there is continued enthusiasm from private developers to invest in New York, and New York remains ready to greet them.”
New York League of Conservation Voters President Julie Tighe said, “Climate change is happening now and the impacts will only get worse if we don’t transition off of fossil fuels and deliver on our clean energy future. Today’s announcement of new land-based renewable energy projects will mean fewer greenhouse gas emissions, better air quality, and good union jobs for New Yorkers. We thank Governor Hochul for her environmental leadership and congratulate NYSERDA on this progress toward meeting our clean energy goals.”
Natural Resources Defense Council Power Sector Managing Director Kit Kennedy said, “New York State’s leadership on clean energy is more important now than ever, given the federal government’s efforts to turn back progress. The clean energy projects announced today by Governor Hochul mean more jobs, more economic development for communities, less health-harming air pollution, and lower electricity system costs. This is what leadership means. Let’s keep it coming!”
Citizens Campaign for the Environment Executive Director Adrienne Esposito said, “We are thrilled that NY is taking another significant step forward in our state’s ongoing transition to a clean energy future. As national momentum around renewable energy and climate action stumbles, it’s more important than ever for states like New York to lead. Leadership matters and we need NY to continue on a course of establishing a 21st century energy infrastructure plan we can be proud of! These projects will deliver reliable, locally-produced clean energy to millions of New Yorkers helping to meet the state’s ambitious renewable energy goals while combating climate change, creating jobs, strengthening our economy, and enhancing long-term energy security. CCE commends Governor Hochul and NYSERDA for their commitment to advancing critical renewable energy projects that benefit both our environment and our communities.”
Advanced Energy United New York Policy Lead Kristina Persaud said, “This is an exciting milestone for New York’s clean energy future. These large-scale renewable energy projects will bring real economic benefits to communities across the state. These projects will not only provide clean power, but also quality jobs for New Yorkers. At the same time, they strengthen New York’s leadership in the rapidly growing clean energy sector, positioning the state to compete in a global market and reap the long-term economic benefits of a modern energy economy.”
These projects will add to New York’s robust portfolio of large-scale renewable energy projects, now comprised of nearly 100 solar, land-based wind, hydroelectric and offshore wind projects currently operating or under development that are expected to deliver approximately 10 gigawatts of clean power to the grid — enough to power more than 3.3 million New York homes. Of these nearly 100 projects, more than one gigawatt of capacity is under construction, which once completed will add to the 31 operational projects currently delivering 1.4 gigawatts of clean energy to the grid – now supplying power to nearly half a million New York homes.
New York State’s Climate Agenda
New York State’s climate agenda calls for an affordable and just transition to a clean energy economy that creates family-sustaining jobs, promotes economic growth through green investments, and directs a minimum of 35 percent of the benefits to disadvantaged communities. New York is advancing a suite of efforts to achieve an emissions-free economy by 2050, including in the energy, buildings, transportation, and waste sectors.
Source: United States Senator for Nebraska Deb Fischer
Today, U.S. Senator Deb Fischer (R-Neb.), a senior member of the Senate Armed Services Committee, released the following statement after President Donald Trump announced an investment in the Golden Dome Missile Defense Shield project and that Gen. Michael Guetlein, Space Force’s vice chief of operations, will lead the project:“I applaud President Trump’s announcement today of the selection of a Golden Dome architecture and significant investments to fund this vision. The Golden Dome will be crucial in protecting our people and homeland from incoming missile attacks by foreign adversaries.
“It’s important to note that as we look to fully realize the Golden Dome project, the Department of Defense must retain access to key portions of certain bands of spectrum or the project will not succeed. This has been reiterated by defense officials, including the Commanders of U.S. SPACECOM and U.S. NORTHCOM.
“On the Armed Services Committee, I’ve been laying the groundwork to develop a comprehensive, integrated architecture for defending the United States from missile attacks, and I look forward to working with President Trump and Gen. Guetlein to build upon these efforts.”Background on DOD Spectrum Access:
Source: United States Senator for Nebraska Deb Fischer
U.S. Senator Deb Fischer (R-Neb.), a senior member of the Senate Armed Services Committee, questioned Secretary of the Air Force Troy Meink on the urgent need to accelerate the Sentinel Program to improve U.S. intercontinental ballistic missile (ICBM) capabilities. Fischer emphasized that further delays will only lead to increased costs. She also stressed the importance of military construction projects to support the new Survivable Airborne Operations Center (SAOC). SAOC will eventually replace the Air Force’s current fleet of E-4Bs, highly specialized “doomsday” planes hosted by Offutt Air Force Base.
During her remarks, Fischer questioned Chief of Space Operations General B. Chance Saltzman about the Space Force’s role in integrating requirements and developing programs that would address potential threats.
Click the image above to watch a video of Fischer’s questioning
Click here to download audioClick here to download video
On Accelerating the Sentinel Program and Ensuring its ICBM Capability:Fischer: Secretary Meink, at your confirmation hearing, you committed to utilizing all available tools to accelerate Sentinel emplacement and ensure that our nation’s ICBM capability does move forward. The Nunn-McCurdy review concluded that the continuation of Sentinel is essential to our national security, and thanks to the thoroughness of that review, we can make smarter changes to the program that will reduce the projected cost and schedule of the program.
However, the Air Force needs to start making design decisions that will get us to Milestone B. The longer you wait, the more likely it is that costs will increase. I also don’t want to see the Air Force choose to raid Sentinel budget lines to pay for other programs, because the Air Force has delayed Milestone B decisions.
On Fulfilling STRATCOM B-21 Bomber Recommendations:
Fischer: U.S. STRATCOM Commander General Cotton has recommended that the Air Force procure at least 145 B-21 bombers to meet his requirements as STRATCOM commander. How do you intend to work with STRATCOM to understand these requirements and ensure that the Air Force procures enough B-21s so that we can meet that projected threat?
Meink: The Department’s working with STRATCOM – as well as Joint Staff and throughout the administration, the SecDef (United States Secretary of Defense) – to help define what is that long term requirement, and do we need to increase beyond 100. So, we are looking at that, and thankfully, that is one of the programs that’s actually executing pretty well within the Department.
On Maintaining Space Force Capabilities to Address Threats:
Fischer: General Saltzman, all of the other services are investing heavily in long range fires, and as I’ve said many times, we can’t shoot what we can’t see. We are going to need to rely heavily on our space-based systems to track objects beyond the line of sight. How does Space Force work with your sister services to understand what space capabilities they will need to rely on so that they can close those kill chains?
Saltzman: Yes, ma’am, we were designated the Joint Space Requirements integrator by the JROC on the Joint Staff, and one of the ways that we execute those responsibilities is we stood up a Requirements Integration Cell in the J8 where all the services can put their requirements in, vet them all, make sure there’s proper attention given to each requirement, and there’s not too much redundancy but no gaps in the capabilities as well. Programs like our ground moving target indicator, soon to be our air moving target indicator, account for these requirements—what the fidelity of the data is, what the latency of the data to support weapon system in flight updates, etc. We make sure we account for all those things as we develop the programs.
On Supporting the Crucial Survivable Airborne Operations Center:
Fischer: Mr. Secretary, in the submitted Air Force posture statement, you describe SAOC as “crucial to any future warfare endeavor.” I agree with that. And it’s for this reason that I was disappointed that President Biden – his budget request last year – did not include any military construction funding necessary to support SAOC. Do you agree that the Air Force should be planning for SAOC’s associated military construction projects – those hangars and ramps, for example – to be completed by the time that SAOC is expected to reach the initial operating capability by 2032?Meink: Yes, Senator, we should be planning for that, and I’ve already had some discussions on that to make sure that we’re ready.
Fischer: Will you continue to have the Air Force work to ensure that those projects are going to be completed in a timely manner?
Meink: Yes, Senator.
Source: United States Senator for Michigan Gary Peters
WASHINGTON, D.C. —U.S. Senator Gary Peters (D-MI), Ranking Member of the Senate Homeland Security and Governmental Affairs Committee, released a report detailing the Trump Administration’s unprecedented attacks on Inspectors General – the independent watchdogs tasked with rooting out waste, fraud, and abuse in federal agencies. Peters’ report finds that the 19 Inspectors General (IGs) President Trump fired earlier this year identified billions of dollars more in potential savings to taxpayers than the Department of Government Efficiency (DOGE) created by the Trump Administration and Elon Musk with the supposed goal of identifying wasteful spending.
“This report underscores the value of professional, independent and nonpartisan Inspectors General and the work they do to effectively identify waste, fraud and abuse of taxpayer dollars,” said Senator Peters. “If the Trump Administration were serious about eliminating waste, it would rely on the proven track record of independent Inspectors General. Instead, President Trump’s decision to fire them will not only undermine efforts to reduce waste – it sends a message of intimidation to anyone who wants to hold this Administration accountable.”
READ THE FULL REPORT: “Undermining the Watchdogs: The 19 Independent Inspectors General Fired by President Trump Uncovered Billions in Fraud, Waste, and Abuse”
Inspectors General play a critical role in ensuring transparency and accountability in government operations. The report documents how, in his first week in office, President Trump fired 18 Inspectors General across major federal agencies, including the Departments of Defense, State, Commerce, and Veterans Affairs. The Administration later removed the USAID Inspector General, an act widely seen as retaliatory for conducting oversight of the Administration’s actions to shutter the agency. These terminations violated the Inspector General Act, which requires the President to provide Congress with a 30-day notice and a detailed justification before dismissing an IG.
The report finds that the fired IGs had a collective monetary impact of over $50 billion in fiscal year 2024 alone through investigations and audits, uncovering significant fraud and abuse. To date, the Offices of Inspectors General (OIGs) have pinpointed $175 billion in potential savings that could be achieved if federal agencies implement all of their outstanding recommendations.
These watchdogs have also conducted criminal investigations that resulted in financial recoveries, including a Department of Energy OIG probe that halted an illegal semiconductor export scheme, which led to the cancellation of $100 million in grants. Similarly, an investigation by the Department of Defense OIG uncovered fraudulent financial practices targeting Gold Star families, leading to a 12-year prison sentence and a $1.4 million penalty.
The impact of the Administration’s actions has been deeply felt across federal oversight agencies, as staffing cuts further compromise their ability to conduct audits, evaluations, and investigations. Interviews with affected IG offices revealed serious concerns about the erosion of independence and morale within these agencies.