NewzIntel.com

Category: Russian Federation

  • MIL-OSI Russia: Exclusive: Russia and China have made significant progress in bilateral cooperation in recent years – Russian businessman O. Deripaska

    Translation. Region: Russian Federal

    Source: People’s Republic of China in Russian – People’s Republic of China in Russian –

    Source: People’s Republic of China – State Council News

    Moscow, May 21 /Xinhua/ — Russia and China have made significant progress in bilateral cooperation in recent years, and the countries have established a deep level of cooperation in many areas, Russian businessman Oleg Deripaska said in a recent interview with Xinhua.

    “We have made serious progress over the past four years. In general, this is a large, deep, large-scale cooperation in many areas: energy, transport, logistics, mechanical engineering, joint developments in aviation, space, nuclear energy. The countries share experience, organize joint design, develop engineering. This is already a fairly deep level of cooperation,” he noted.

    According to O. Deripaska, the countries are taking important steps to develop transport and logistics infrastructure. “The Russian side is modernizing railways, transport crossings, pipelines, power lines, communication lines, and ports. The Chinese and Russian sides are stimulating trade turnover by providing subsidies for transportation,” the businessman said, emphasizing that increasing the speed of cargo delivery improves trade.

    Another important area for further deepening trade and economic cooperation between the two countries, he believes, is improving financial conditions. This is not only about settlements in national currencies, but also about developing project financing mechanisms. “Our companies are already opening enterprises in China to produce modules that are needed for use in Russian production. In the same way, Chinese companies should invest in creating joint production facilities in Russia,” the Xinhua source believes.

    Speaking about cooperation between China and Russia in the field of science and education, O. Deripaska emphasized that in the next two years this issue will be given special attention, because joint educational projects not only bring the peoples of the two countries closer together, but also allow building a foundation for the future.

    As an example of such cooperation, the Russian entrepreneur cited the Chinese-Russian University PPI-MSU in Shenzhen /Guangdong Province, South China/. With the support of O. Deripaska’s funds, the university has created several educational programs for Chinese and Russian students. “Science is a source of progress, that is, all innovations begin with scientific developments, and this is important for us. Our investments create the opportunity for joint education in Russia and China,” he explained, adding that joint programs are being developed between universities in Irkutsk, Krasnoyarsk and universities in Harbin /the administrative center of Heilongjiang Province, Northeast China/ and Xi’an /the administrative center of Shaanxi Province, Northwest China/.

    The businessman praised the level of development of science, technology and engineering knowledge in China, noting significant successes in such high-tech areas as renewable energy, space programs, electronics, and electric vehicle production. “China has focused on education and building a system of scientific universities and research centers. A lot has been spent on training Chinese specialists abroad. Now many of them have returned. We see this progress,” he added.

    According to O. Deripaska, the deep level of cooperation between China and Russia allows us to hope that all the development goals set for the two countries will be achieved. –0–

    MIL OSI Russia News

  • MIL-OSI Russia: Kyrgyzstan sees rise in intestinal infections

    Translation. Region: Russian Federal

    Source: People’s Republic of China in Russian – People’s Republic of China in Russian –

    Source: People’s Republic of China – State Council News

    BISHKEK, May 21 (Xinhua) — Kyrgyzstan recorded a 35.7 percent increase in the incidence of intestinal infections in the first four months of 2025, the Department of Disease Prevention and State Sanitary and Epidemiological Surveillance of the Kyrgyz Ministry of Health reported on Wednesday.

    It is noted that since the beginning of the year, a total of 6,348 cases of infection have been registered, compared to 4,610 cases for the same period in 2024. Among those infected, 81.6 percent are children under 14 years of age.

    “According to data from a long-term analysis of acute intestinal infections, the incidence rate rises from May to September with a peak in August. The main cause of acute intestinal diseases remains failure to comply with personal hygiene rules, which is why children are most at risk of infection,” the agency said in a statement. -0-

    MIL OSI Russia News

  • MIL-OSI Russia: Ukrainian shot dead near American School of Madrid

    Translation. Region: Russian Federal

    Source: People’s Republic of China in Russian –

    Source: People’s Republic of China – State Council News

    MADRID, May 21 (Xinhua) — Spain’s National Police have launched an investigation into the murder of a 52-year-old Ukrainian citizen who was shot dead on Wednesday morning outside the American School in the Madrid suburb of Pozuelo de Alarcon.

    The incident occurred at around 09:15 local time /08:15 GMT/. Emergency medical personnel who arrived at the scene confirmed the man’s death from four gunshot wounds to the chest and one to the head. The injuries were assessed as “incompatible with life.”

    As a precaution, classes at the school were immediately suspended. No other casualties were reported. Parents of the students told local media that the deceased was the father of one of the students at the school.

    Although the investigation is still ongoing, preliminary police information suggests that the assailant was waiting for the victim on a motorcycle. Spanish radio station Cadena Ser identified the victim as Andriy Portnov, a former adviser to ex-Ukrainian President Viktor Yanukovych. –0–

    MIL OSI Russia News

  • MIL-OSI United Kingdom: UK reaffirms support for Ukraine, tightens sanctions on Russia, and urges ceasefire: UK statement to the OSCE

    Source: United Kingdom – Executive Government & Departments

    Speech

    UK reaffirms support for Ukraine, tightens sanctions on Russia, and urges ceasefire: UK statement to the OSCE

    UK Military Advisor, Lt Col Joby Rimmer, says that despite claiming commitment to peace, Russia has escalated its military aggression by refusing to engage in peace talks, launching record-breaking drone attacks on Ukrainian civilians, and continuing to violate international law.

    Thank you, Madame Chair. When Russia initiated its war of aggression on Ukraine on 24 February 2022, there was no doubt about the illegality of this undertaking. The full-scale invasion contravened all the underpinning documents of this organisation to which we are all signatories and violates international law. The responsibility for this illegal military invasion absolutely sits with Russia. However, Russia continues to blame others for prolonging the conflict that they started and continues to accuse others of seeking to ‘gain military superiority’ in a conflict that they initiated.

    The UK’s continued and unwavering support to Ukraine is not about achieving military superiority but about defending a sovereign nation under attack. The UK, along with our allies, has consistently emphasised that military aid is in support of Ukraine’s self-defence and aimed at helping Ukraine uphold its territorial integrity in accordance with international law. Prime Minister Keir Starmer recently reiterated that the UK’s goal is peace, not escalation.

    In contrast, the Russian Federation insist that they remain committed to a negotiated solution, but their actions say otherwise. While President Zelenskyy travelled to Istanbul on 15th May to attend peace talks, supported by the USA and hosted by Türkiye, in good faith, President Putin refused to the same. On the same day President Putin dodged the possibility for constructive negotiations, his Armed Forces launched 112 drones at Ukrainian cities, killing and injuring civilians. On 17th May, the UN Human Rights Monitoring Mission confirmed that a Russian drone hit a bus evacuating civilians in Ukraine’s Sumy region, killing nine non-combatants. On 18th May, Russia launched 273 one-way attack (OWA) drones against multiple targets in Kyiv, Dnipropetrovsk and Donetsk oblasts. This is reportedly the largest wave of uncrewed aerial systems Russia has launched into Ukraine – surpassing the 267 drones launched on 23rd February 2025.

    This is not evidence of a genuine commitment to peaceful resolution. This is fundamentally military escalation and an increase in the indiscriminate targeting of civilians. As a result, the UK is further increasing sanctions on Russia as President Putin further intensifies these strikes on Ukrainian civilians. Yesterday we announced the sanctioning of 100 targets across Russian energy, and financial services sectors, the Russian military industrial complex and its third country suppliers, and malign actors involved in democratic interference and Russia’s information war on Ukraine.

    At the opening session of the FSC on 14th May, The Russian delegation spoke of the ‘need to increase the effectiveness of the FSC’. We couldn’t agree more. The UK supports the opportunity to pursue the politico-military advantages of the FSC, to encourage enhanced implementation of arms control, and of confidence- and security-building measures. But this is impossible whilst Russia continues to violate the principles of the Helsinki Final Act, and broader international law. The UK also agrees with another comment from Russia’s opening address last week that ‘the FSC is not a place for hate speech and incitement to confrontation’. And we would encourage Russia to refrain from disrespectful language in the forum, particularly towards Ukraine, and of spreading disinformation about the intentions of the UK and our allies. We look forward to a constructive trimester.

    The UK will continue to play a leading role in accelerating work on Ukraine’s future security, and we strongly urge Russia to commit to an immediate, complete and unconditional 30-day ceasefire to buy the space and conditions for further negotiations. Europe is ready if President Putin chooses the path of peace. Thank you, Madame Chair.

    Updates to this page

    Published 21 May 2025

    Invasion of Ukraine

    MIL OSI United Kingdom

  • MIL-OSI Europe: European Union – Foreign Affairs Council meeting of May 20 (21 May 2025)

    Source: France-Diplomatie – Ministry of Foreign Affairs and International Development

    France took part in the EU’s Foreign Affairs Council meeting in Brussels on May 20. This meeting focused on the situation in Ukraine and the Middle East.

    With regard to Ukraine, France welcomed the adoption of an ambitious sanctions package against Russia – the 17th – which must now be further strengthened, as that country is still refusing to negotiate a peace agreement. France is determined to continue current efforts to give Ukraine solid security guarantees.

    France reiterated its strong condemnation of the expansion of Israeli military operations in Gaza and its blockade against humanitarian aid, which violates the principles of international law. France stressed its strong concern over Israel’s settlement policy and underscored the need for an agreement by Member States on sanctions against violent settlers and entities that promote settlement activity. It also called on the EU to take concrete measures, including the reexamination of the association agreement between the EU and Israel, and commended the High Representative’s announcement in this regard at the end of the meeting. France reaffirmed its commitment to the two-State solution and noted its efforts to ensure its implementation at the conference it will co-chair with Saudi Arabia this June in New York.

    As for Syria, France supported the decision to lift economic sanctions against the country. This historic decision is the concrete expression of the commitments France made to the transition authorities with a view to supporting Syria’s economic recovery and transition process. France also emphasized that the easing of sanctions should go hand in hand with solid guarantees on transparency, the proper use of international funds and respect for our political conditions. The EU will have to continue ensuring that priority challenges are taken into account, especially the fight against terrorism. At France’s initiative, the EU member States also pledged to adopt sanctions against the perpetrators of human rights violations committed in Syria since the fall of Bashar al-Assad.

    MIL OSI Europe News

  • MIL-OSI Russia: “We attach great importance to the development of sales in the Chinese market” — Director of the Baltika-Khabarovsk branch R. Degtyarev

    Translation. Region: Russian Federal

    Source: People’s Republic of China in Russian – People’s Republic of China in Russian –

    Source: People’s Republic of China – State Council News

    Khabarovsk, May 21 /Xinhua/ — “We attach great importance to developing sales in the Chinese market; since 2011, the bulk of Baltika deliveries to China have been carried out from the plant in Khabarovsk. During this time, exports from Khabarovsk Krai to China have increased 15-fold,” said Roman Degtyarev, director of the Baltika-Khabarovsk branch (a branch of the Russian brewing company Baltika in Khabarovsk), in his speech at the session “Agroexport: How to Sell in China,” held on May 19 as part of the Russian-Chinese Forum.

    R. Degtyarev told the forum participants about the company’s successful experience in entering the Chinese market. “We have been long-standing partners with China: regular export of Baltika has been carried out here since 2001, and during this time, deliveries have increased dozens of times.”

    According to him, in order to expand Baltika’s presence in the Chinese market and certify the quality of its products, the company underwent voluntary certification “Made in Russia”. A network of representative offices was deployed in the country and abroad, including in the Chinese cities of Beijing and Harbin. Taking into account the preferences of Chinese consumers, in 2024 the company released the Baltika Bolshoy Medved brand specifically for the Chinese market.

    The Baltika-Khabarovsk enterprise, launched in April 2003, is the largest producer of beer and soft drinks in the Khabarovsk Territory. The annual capacity of the plant currently amounts to 230 million liters. The bulk of deliveries to the countries of the Asia-Pacific region comes from China.

    On May 19, a two-day Russian-Chinese forum dedicated to cooperation between the two countries opened in Khabarovsk. More than 3,000 applications were received from representatives of business, government bodies, and creative industries of Russia and China to participate in the forum. –0–

    MIL OSI Russia News

  • MIL-OSI Russia: Chinese, ASEAN ministers call for expanded bilateral trade and economic cooperation

    Translation. Region: Russian Federal

    Source: People’s Republic of China in Russian – People’s Republic of China in Russian –

    Source: People’s Republic of China – State Council News

    BEIJING, May 21 (Xinhua) — The ministers of economy and trade of China and the Association of Southeast Asian Nations (ASEAN) have called for deepening bilateral economic and trade cooperation to counter negative uncertainties. The call was made at a special meeting of China-ASEAN ministers of economy and trade held via video link on Tuesday.

    As Chinese Commerce Minister Wang Wentao noted during the meeting, China is willing to work with ASEAN to maintain the stable and smooth operation of global industrial and supply chains, make greater contributions to promoting the development and rise of both sides, and safeguarding international fairness and justice.

    Wang Wentao recalled that recently some economies have been abusing so-called “mirror duties” and engaging in economic bullying, which has seriously undermined the international trade system and introduced a high degree of uncertainty into the global economy. Such practices do not comply with economic rules and violate market principles, the head of the Ministry of Commerce of the People’s Republic of China stated.

    During the meeting, the ministers called for collective action to defend the multilateral trading system and free trade, as well as for the effective use of the World Trade Organization mechanisms to establish constructive contacts, find joint solutions and address concerns in global trade.

    ASEAN Secretary-General Kao Kim Horn said all parties should cooperate with a forward-looking approach, firmly uphold openness and inclusiveness, and continuously promote regional economic integration.

    He expressed hope that ASEAN and China can deepen their partnership, achieve high-quality common development, promote cooperation in areas such as smart manufacturing, and strengthen connectivity and green transformation.

    Following the meeting, a joint statement was issued reaffirming China and ASEAN’s position on economic exchanges and challenges to the global economy.

    China and 10 ASEAN countries have completed negotiations to upgrade the China-ASEAN Free Trade Area to version 3.0, the Ministry of Commerce said on Wednesday. –0–

    MIL OSI Russia News

  • MIL-OSI Russia: HSE students win gold medals at international mathematical Olympiad in Ashgabat

    Translation. Region: Russian Federal

    Source: State University Higher School of Economics – State University Higher School of Economics –

    In Ashgabat (Turkmenistan) was held V Open Mathematical Olympiad for Students OMOUS-2025 (Open Mathematical Olympiad for University Students), which brought together teams from Turkmenistan, Uzbekistan, Indonesia, Iran, Romania, Poland, the United Arab Emirates, Russia and India. In total, about 500 students joined the event.

    Four undergraduate students from HSE took part in the competition.Applied Mathematics and Computer ScienceFaculty of Computer Science (FKN) Vasily Silvestrov, Bogdan Butyrin, Daniil Soulnov and Anastasia Salimova, as well as the team coach, expert Center for Student Olympiads Igor Vorontsov.

    The Olympiad consisted of two rounds: individual and team. The individual round lasted four hours, the participants were asked to solve six problems. In this competition, the students of the Faculty of Computer Science showed excellent results, winning gold medals.

    The team round of the Olympiad took place the next day and lasted two hours, during which ten problems had to be solved. Here, the FKN team took second place, scoring 69 points out of 100.

    Vasily Silvestrov

    — Preparing for the problems of previous years, we understood that the Olympiad is not easy, but we have a good chance of winning gold medals. For me, this was the first international Olympiad, which added reasons to be nervous. We got a lot of points on the appeal. We prepared for it for two nights: we wrote alternative solutions and prepared criteria for them. Overall, it was an unforgettable experience: interesting culture, a beautiful city, delicious food. I would like to thank the organizers of the Olympiad for choosing and preparing the problems. We hope that next year, our university teams will also achieve excellent results.

    Text: Maria Vorontsova

    Please note: This information is raw content directly from the source of the information. It is exactly what the source states and does not reflect the position of MIL-OSI or its clients.

    MIL OSI Russia News

  • MIL-OSI USA: Grassley, Klobuchar Lead Bipartisan Resolution Calling for Return of Kidnapped Ukrainian Children

    US Senate News:

    Source: United States Senator for Minnesota Amy Klobuchar

    WASHINGTON – Senators Amy Klobuchar (D-MN) and Chuck Grassley (R-IA) led a bipartisan group of senators in introducing a resolution calling for the return of abducted Ukrainian children before finalizing any peace agreement to end Russia’s brutal invasion of Ukraine. 

    The resolution condemns Russia’s abduction and forcible transfer of Ukrainian children and notes Russia’s invasion has increasingly exposed children to human trafficking and exploitation, child labor, sexual violence, hunger, injury, trauma and death. 

    “The mass kidnapping of Ukrainian children by Russia is an atrocity,” said Klobuchar. “We cannot accept a world where children are abducted during wartime and used as a form of hostage-taking for negotiations. These children must be returned unconditionally before any peace deal is finalized.”

    “Putin’s inhumane and unprovoked attack on Ukraine started the largest war in Europe since World War II. He has kidnapped thousands of children to brainwash and Russify them in an attempt to destroy their cultural identity and heritage. The United States ought to demand these children are returned before inking a deal to end the war in Ukraine,” Grassley said. 

    Additional cosponsors of the resolution include Senators Joni Ernst (R-IA), Dick Durbin (D-IL), and John Fetterman (D-PA), Roger Wicker (R-MS) and Rick Scott (R-FL). You can find the full text of the resolution here.

    This resolution follows a bipartisan letter sent in March, led by Senators Klobuchar, Grassley and Durbin, calling for the State Department to continue supporting efforts to investigate Russia’s abduction and deportation of Ukrainian children.

    To date, Ukrainian authorities have received at least 19,546 confirmed reports of unlawful deportations and forced transfers of Ukrainian children to Russia, Belarus or Russian-occupied Ukrainian territory. The abductions aim to erase the children’s Ukrainian names, language and identity. As of April 16, Ukraine and its partners have only managed to return 1,274 abducted children. 

    The State Department’s 2024 Trafficking in Persons Report found Russia recruits or uses child soldiers, has a state-sponsored policy or pattern of human trafficking and is among the worst hubs for human trafficking in the world. 

    MIL OSI USA News

  • MIL-OSI Russia: Work on a memorandum on a future peace treaty between Russia and Ukraine is proceeding dynamically – press secretary of the Russian president

    Translation. Region: Russian Federal

    Source: People’s Republic of China in Russian – People’s Republic of China in Russian –

    Source: People’s Republic of China – State Council News

    Moscow, May 21 /Xinhua/ — Work on a memorandum on a future peace treaty between Russia and Ukraine is proceeding dynamically, and no one is interested in delaying the process, Russian presidential press secretary Dmitry Peskov said at a briefing on Wednesday.

    “Nobody is interested in delaying the process; everyone is working dynamically,” TASS quotes him as saying.

    The Kremlin representative emphasized that most of this work is being conducted in a discrete mode and should not be “open to the public for obvious reasons.” D. Peskov promised to inform about the progress of the document’s preparation.

    Russian President Vladimir Putin previously stated that Moscow is ready to work with Kiev on a memorandum on a future peace treaty, which could also include issues of a ceasefire and principles for resolving the conflict. On May 19, he held a telephone conversation with US President Donald Trump, during which they discussed the resumption of direct negotiations between Russia and Ukraine. –0–

    MIL OSI Russia News

  • MIL-OSI Security: Russian GRU Targeting Western Logistics Entities and Technology Companies

    Source: US Department of Homeland Security

    Executive Summary

    This joint cybersecurity advisory (CSA) highlights a Russian state-sponsored cyber campaign targeting Western logistics entities and technology companies. This includes those involved in the coordination, transport, and delivery of foreign assistance to Ukraine. Since 2022, Western logistics entities and IT companies have faced an elevated risk of targeting by the Russian General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (85th GTsSS), military unit 26165—tracked in the cybersecurity community under several names (see “Cybersecurity Industry Tracking”). The actors’ cyber espionage-oriented campaign, targeting technology companies and logistics entities, uses a mix of previously disclosed tactics, techniques, and procedures (TTPs). The authoring agencies expect similar targeting and TTP use to continue.

    Executives and network defenders at logistics entities and technology companies should recognize the elevated threat of unit 26165 targeting, increase monitoring and threat hunting for known TTPs and indicators of compromise (IOCs), and posture network defenses with a presumption of targeting.

    This cyber espionage-oriented campaign targeting logistics entities and technology companies uses a mix of previously disclosed TTPs and is likely connected to these actors’ wide scale targeting of IP cameras in Ukraine and bordering NATO nations.

    The following authors and co-sealers are releasing this CSA:

    • United States National Security Agency (NSA)
    • United States Federal Bureau of Investigation (FBI)
    • United Kingdom National Cyber Security Centre (NCSC-UK)
    • Germany Federal Intelligence Service (BND) Bundesnachrichtendienst
    • Germany Federal Office for Information Security (BSI) Bundesamt für Sicherheit in der Informationstechnik
    • Germany Federal Office for the Protection of the Constitution (BfV) Bundesamt für Verfassungsschutz
    • Czech Republic Military Intelligence (VZ)  Vojenské zpravodajství
    • Czech Republic National Cyber and Information Security Agency (NÚKIB) Národní úřad pro kybernetickou a informační bezpečnost
    • Czech Republic Security Information Service (BIS) Bezpečnostní informační služba
    • Poland Internal Security Agency (ABW) Agencja Bezpieczeństwa Wewnętrznego
    • Poland Military Counterintelligence Service (SKW) Służba Kontrwywiadu Wojskowego
    • United States Cybersecurity and Infrastructure Security Agency (CISA)
    • United States Department of Defense Cyber Crime Center (DC3)
    • United States Cyber Command (USCYBERCOM)
    • Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC)
    • Canadian Centre for Cyber Security (CCCS)
    • Danish Defence Intelligence Service (DDIS) Forsvarets Efterretningstjeneste
    • Estonian Foreign Intelligence Service (EFIS) Välisluureamet
    • Estonian National Cyber Security Centre (NCSC-EE) Küberturvalisuse keskus
    • French Cybersecurity Agency (ANSSI) Agence nationale de la sécurité des systèmes d’information
    • Netherlands Defence Intelligence and Security Service (MIVD) Militaire Inlichtingen- en Veiligheidsdienst
       

    Download the PDF version of this report:

    Russian GRU Targeting Western Logistics Entities and Technology Companies (PDF, 1,081KB)

    For a downloadable list of IOCs, visit:

    Introduction

    For over two years, the Russian GRU 85th GTsSS, military unit 26165—commonly known in the cybersecurity community as APT28, Fancy Bear, Forest Blizzard, BlueDelta, and a variety of other identifiers—has conducted this campaign using a mix of known tactics, techniques, and procedures (TTPs), including reconstituted password spraying capabilities, spearphishing, and modification of Microsoft Exchange mailbox permissions.
    In late February 2022, multiple Russian state-sponsored cyber actors increased the variety of cyber operations for purposes of espionage, destruction, and influence—with unit 26165 predominately involved in espionage. [1] As Russian military forces failed to meet their military objectives and Western countries provided aid to support Ukraine’s territorial defense, unit 26165 expanded its targeting of logistics entities and technology companies involved in the delivery of aid. These actors have also targeted Internet-connected cameras at Ukrainian border crossings to monitor and track aid shipments.
    Note: This advisory uses the MITRE ATT&CK® for Enterprise framework, version 17. See Appendix A: MITRE ATT&CK tactics and techniques for a table of the threat actors’ activity mapped to MITRE ATT&CK tactics and techniques. This advisory uses the MITRE D3FEND® framework, version 1.0.

    Description of Targets

    The GRU unit 26165 cyber campaign against Western logistics providers and technology companies has targeted dozens of entities, including government organizations and private/commercial entities across virtually all transportation modes: air, sea, and rail. These actors have targeted entities associated with the following verticals within NATO member states, Ukraine, and at international organizations: 

    •  Defense Industry
    • Transportation and Transportation Hubs (ports, airports, etc.)
    • Maritime
    • Air Traffic Management
    • IT Services

    In the course of the targeting lifecycle, unit 26165 actors identified and conducted follow-on targeting of additional entities in the transportation sector that had business ties to the primary target, exploiting trust relationships to attempt to gain additional access [T1199].

    The actors also conducted reconnaissance on at least one entity involved in the production of industrial control system (ICS) components for railway management, though a successful compromise was not confirmed [TA0043].

    The countries with targeted entities include the following, as illustrated in Figure 1:

    • Bulgaria
    • Czech Republic
    • France
    • Germany
    • Greece
    • Italy
    • Moldova
    • Netherlands
    • Poland
    • Romania
    • Slovakia
    • Ukraine
    • United States
       
    Figure 1: Countries with Targeted Entities

    Initial Access TTPs

    To gain initial access to targeted entities, unit 26165 actors used several techniques to gain initial access to targeted entities, including (but not limited to):

    The actors abused vulnerabilities associated with a range of brands and models of small office/home office (SOHO) devices to facilitate covert cyber operations, as well as proxy malicious activity via devices with geolocation in proximity to the target [T1665]. [2]

    Credential Guessing/Brute Force

    Unit 26165 actors’ credential guessing [T1110.001] operations in this campaign exhibit some similar characteristics to those disclosed in the previous CSA “Russian GRU Conducting Global Brute Force Campaign to Compromise Enterprise and Cloud Environments.” [3] Based on victim network investigations, the current iteration of this TTP employs a similar blend of anonymization infrastructure, including the use of Tor and commercial VPNs [T1090.003]. The actors frequently rotated the IP addresses used to further hamper detection. All observed connections were made via encrypted TLS [T1573]. 

    Spearphishing

    GRU unit 26165 actors’ spearphishing emails included links [T1566.002] leading to fake login pages impersonating a variety of government entities and Western cloud email providers’ webpages. These webpages were typically hosted on free third-party services or compromised SOHO devices and often used legitimate documents associated with thematically similar entities as lures. The subjects of spearphishing emails were diverse and ranged from professional topics to adult themes. Phishing emails were frequently sent via compromised accounts or free webmail accounts [T1586.002, T1586.003]. The emails were typically written in the target’s native language and sent to a single targeted recipient. 

    Some campaigns employed multi-stage redirectors [T1104] verifying IP-geolocation [T1627.001] and browser fingerprints [T1627] to protect credential harvesting infrastructure or provide multifactor authentication (MFA) [T1111] and CAPTCHA relaying capabilities [T1056]. Connecting endpoints failing the location checks were redirected to a benign URL [T1627], such as msn.com. Redirector services used include:

    • Webhook[.]site
    • FrgeIO
    • InfinityFree
    • Dynu
    • Mocky
    • Pipedream
    • Mockbin[.]org

    The actors also used spearphishing to deliver malware (including HEADLACE and MASEPIE) executables [T1204.002] delivered via third-party services and redirectors [T1566.002], scripts in a mix of languages [T1059] (including BAT [T1059.003] and VBScript [T1059.005]) and links to hosted shortcuts [T1204.001].

    CVE Usage

    Throughout this campaign, GRU unit 26165 weaponized an Outlook NTLM vulnerability (CVE-2023-23397) to collect NTLM hashes and credentials via specially crafted Outlook calendar appointment invitations [T1187]. [4],[5] These actors also used a series of Roundcube CVEs (CVE-2020-12641, CVE-2020-35730, and CVE-2021-44026) to execute arbitrary shell commands [T1059], gain access to victim email accounts, and retrieve sensitive data from email servers [T1114].

    Since at least fall 2023, the actors leveraged a WinRAR vulnerability (CVE-2023-38831) allowing for the execution of arbitrary code embedded in an archive as a means of initial access [T1659]. The actors sent emails with malicious attachments [T1566.001] or embedded hyperlinks [T1566.002] that downloaded a malicious archive prepared using this CVE. 

    Post-Compromise TTPs

    After an initial compromise using one of the above techniques, unit 26165 actors conducted contact information reconnaissance to identify additional targets in key positions [T1589.002]. The actors also conducted reconnaissance of the cybersecurity department [T1591], individuals responsible for coordinating transport [T1591.004], and other companies cooperating with the victim entity [T1591.002].

    The actors used native commands and open source tools, such as Impacket and PsExec, to move laterally within the environment [TA0008]. Multiple Impacket scripts were used as .exe files, in addition to the python versions, depending on the victim environment. The actors also moved laterally within the network using Remote Desktop Protocol (RDP) [T1021.001] to access additional hosts and attempt to dump Active Directory NTDS.dit domain databases [T1003.003] using native Active Directory Domain Services commands, such as in Figure 2: Example Active Directory Domain Services command:

    C:Windowssystem32ntdsutil.exe "activate instance ntds" ifm "create full C:temp[a-z]{3}" quit quit

    Figure 2: Example Active Directory Domain Services command

    Additionally, GRU unit 26165 actors used the tools Certipy and ADExplorer.exe to exfiltrate information from the Active Directory. The actors installed python [T1059.006] on infected machines to enable the execution of Certipy. Accessed files were archived in .zip files prior to exfiltration [T1560]. The actors attempted to exfiltrate archived data via a previously dropped OpenSSH binary [T1048].

    Incident response investigations revealed that the actors would take steps to locate and exfiltrate lists of Office 365 users and set up sustained email collection. The actors used manipulation of mailbox permissions [T1098.002] to establish sustained email collection at compromised logistics entities, as detailed in a Polish Cybercommand blog. [6]

    After initial authentication, unit 26165 actors would change accounts’ folder permissions and enroll compromised accounts in MFA mechanisms to increase the trust-level of compromised accounts and enable sustained access [T1556.006]. The actors leveraged python scripts to retrieve plaintext passwords via Group Policy Preferences [T1552.006] using Get-GPPPassword.py and a modified ldap-dump.py to enumerate the Windows environment [T1087.002] and conduct a brute force password spray [T1110.003] via Lightweight Directory Access Protocol (LDAP). The actors would additionally delete event logs through the wevtutil utility [T1070.001].

    After gaining initial access to the network, the actors pursued further access to accounts with access to sensitive information on shipments, such as train schedules and shipping manifests. These accounts contained information on aid shipments to Ukraine, including: 

    • sender,
    • recipient,
    • train/plane/ship numbers,
    • point of departure,
    • destination,
    • container registration numbers,
    • travel route, and
    • cargo contents. 

    In at least one instance, the actors attempted to use voice phishing [T1566.004] to gain access to privileged accounts by impersonating IT staff.

    Malware

    Unit 26165’s use of malware in this campaign ranged from gaining initial access to establishing persistence and exfiltrating data. In some cases, the attack chain resulted in multiple pieces of malware being deployed in succession. The actors used dynamic link library (DLL) search order hijacking [T1574.001] to facilitate malware execution. There were a number of known malware variants tied to this campaign against logistics sector victims, including:

    • HEADLACE [7]
    • MASEPIE [8]

    While other malware variants, such as OCEANMAP and STEELHOOK, [8] were not directly observed targeting logistics or IT entities, their deployment against victims in other sectors in Ukraine and other Western countries suggest that they could be deployed against logistics and IT entities should the need arise. 

    Persistence

    In addition to the abovementioned mailbox permissions abuse, unit 26165 actors also used scheduled tasks [T1053.005], run keys [T1547.001], and placed malicious shortcuts [T1547.009] in the startup folder to establish persistence. 

    Exfiltration

    GRU unit 26165 actors used a variety of methods for data exfiltration that varied based on the victim environment, including both malware and living off the land binaries. PowerShell commands [T1059.001] were often used to prepare data for exfiltration; for example, the actors prepared zip archives [T1560.001] for upload to their own infrastructure. 

    The actors also used server data exchange protocols and Application Programming Interfaces (APIs) such as Exchange Web Services (EWS) and Internet Message Access Protocol (IMAP) [T1114.002] to exfiltrate data from email servers. In multiple instances, the actors used periodic EWS queries [T1119] to collect new emails sent and received since the last data exfiltration [T1029]. The actors typically used infrastructure in close geographic proximity to the victim. Long gaps between exfiltration, the use of trusted and legitimate protocols, and the use of local infrastructure allowed for long-term collection of sensitive data to go undetected. 

    Connections to Targeting of IP Cameras

    In addition to targeting logistics entities, unit 26165 actors likely used access to private cameras at key locations, such as near border crossings, military installations, and rail stations, to track the movement of materials into Ukraine. The actors also used legitimate municipal services, such as traffic cams. 

    The actors targeted Real Time Streaming Protocol (RTSP) servers hosting IP cameras primarily located in Ukraine as early as March 2022 in a large-scale campaign, which included attempts to enumerate devices [T1592] and gain access to the cameras’ feeds [T1125]. Actor-controlled servers sent RTSP DESCRIBE requests destined for RTSP servers, primarily hosting IP cameras [T1090.002]. The DESCRIBE requests were crafted to obtain access to IP cameras located on logically distinct networks from that of the routers that received the request. The requests included Base64-encoded credentials for the RTSP server, which included publicly documented default credentials and likely generic attempts to brute force access to the devices [T1110]. An example of an RTSP request is shown in Figure 3.

    DESCRIBE rtsp://[IP ADDRESS] RTSP/1.0

    CSeq: 1

    Authorization: Basic

    User-Agent: WebClient

    Accept: application/sdp

    DESCRIBE rtsp://[IP ADDRESS] RTSP/1.0

    CSeq: 2

    Authorization: Digest username="admin", realm="[a-f0-9]{12}", algorithm="MD5", nonce="[a-f0-9]{32}", uri="", response="[a-f0-9]{32}"

    User-Agent: WebClient

    Accept: application/sdp

    Figure 3: Example RTSP request

    Successful RTSP 200 OK responses contained a snapshot of the IP camera’s image and IP camera metadata such as video codec, resolution, and other properties depending on the IP camera’s configuration. 

    From a sample available to the authoring agencies of over 10,000 cameras targeted via this effort, the geographic distribution of victims showed a strong focus on cameras in Ukraine and border countries, as shown in Table 1:

    Table 1: Geographic distribution of targeted IP cameras
    Country Percentage of Total Attempts
    Ukraine 81.0%
    Romania 9.9%
    Poland 4.0%
    Hungary 2.8%
    Slovakia 1.7%
    Others 0.6%

    Mitigation Actions

    General Security Mitigations

    Architecture and Configuration

    • Employ appropriate network segmentation [D3-NI] and restrictions to limit access and utilize additional attributes (such as device information, environment, and access path) when making access decisions [D3-AMED].
      • Consider Zero Trust principles when designing systems. Base product choices on how those products can solve specific risks identified as part of the end-to-end design. [9]
    • Ensure that host firewalls and network security appliances (e.g., firewalls) are configured to only allow legitimately needed data flows between devices and servers to prevent lateral movement [D3-ITF]. Alert on attempts to connect laterally between host devices or other unusual data flows.
    • Use automated tools to audit access logs for security concerns and identify anomalous access requests [D3-RAPA].
    • For organizations using on-premises authentication and email services, block and alert on NTLM/SMB requests to external infrastructure [D3-OTF].
    • Utilize endpoint, detection, and response (EDR) and other cybersecurity solutions on all systems, prioritizing high value systems with large amounts of sensitive data such as mail servers and domain controllers [D3-PM] first.
      • Perform threat and attack modeling to understand how sensitive systems may be compromised within an organization’s specific architecture and security controls. Use this to develop a monitoring strategy to detect compromise attempts and select appropriate products to enact this strategy.
    • Collect and monitor Windows logs for certain events, especially for events that indicate that a log was cleared unexpectedly [D3-SFA].
    • Enable optional security features in Windows to harden endpoints and mitigate initial access techniques [D3-AH]:
      • Enable attack surface reduction rules to prevent executable content from email [D3-ABPI].
      • Enable attack surface reduction rules to prevent execution of files from globally writeable directories, such as Downloads or %APPDATA% [D3-EAL].
      • Unless users are involved in the development of scripts, limit the local execution of scripts (such as batch scripts, VBScript, JScript/JavaScript, and PowerShell [10]) to known scripts [D3-EI], and audit execution attempts.
      • Disable Windows Host Scripting functionality and configure PowerShell to run in Constrained mode [D3-ACH].
    • Where feasible, implement allowlisting for applications and scripts to limit execution to only those needed for authorized activities, blocking all others by default [D3-EAL].
    • Consider using open source SIGMA rules as a baseline for detecting and alerting on suspicious file execution or command parameters [D3-PSA].
    • Use services that provide enhanced browsing services and safe link checking [D3-URA]. Significant reductions in successful spearphishing attempts were noted when email providers began offering link checking and automatic file detonation to block malicious content.
    • Where possible, block logins from public VPNs, including exit nodes in the same country as target systems, or, if they need to be allowed, alert on them for further investigation. Most organizations should not need to allow incoming traffic, especially logins to systems, from VPN services [D3-NAM].
    • Educate users to only use approved corporate systems for relevant government and military business and avoid the use of personal accounts on cloud email providers to conduct official business. Network administrators should also audit both email and web request logs to detect such activity.

    Many organizations may not need to allow outgoing traffic to hosting and API mocking services, which are frequently used by GRU unit 26165. Organizations should consider alerting on or blocking the following services, with exceptions allowlisted for legitimate activity [D3-DNSDL].

    • *.000[.]pe
    • *.1cooldns[.]com
    • *.42web[.]io
    • *.4cloud[.]click
    • *.accesscan[.]org
    • *.bumbleshrimp[.]com
    • *.camdvr[.]org
    • *.casacam[.]net
    • *.ddnsfree[.]com
    • *.ddnsgeek[.]com
    • *.ddnsguru[.]com
    • *.dynuddns[.]com
    • *.dynuddns[.]net
    • *.free[.]nf
    • *.freeddns[.]org
    • *.frge[.]io
    • *.glize[.]com
    • *.great-site[.]net
    • *.infinityfreeapp[.]com
    • *.kesug[.]com
    • *.loseyourip[.]com
    • *.lovestoblog[.]com
    • *.mockbin[.]io
    • *.mockbin[.]org
    • *.mocky[.]io
    • *.mybiolink[.]io
    • *.mysynology[.]net
    • *.mywire[.]org
    • *.ngrok[.]io
    • *.ooguy[.]com
    • *.pipedream[.]net
    • *.rf[.]gd
    • *.urlbae[.]com
    • *.webhook[.]site
    • *.webhookapp[.]com
    • *.webredirect[.]org
    • *.wuaze[.]com

    Heuristic detections for web requests to new subdomains, including of the above providers, may uncover malicious phishing activity [D3-DNRA]. Logging the requests for each sub-domain requested by users on a network, such as in DNS or firewall logs, may enable system administrators to identify new targeting and victims.

    Identity and Access Management

    Organizations should take measures to ensure strong access controls and mitigate against common credential theft techniques: 

    • Use MFA with strong factors, such as passkeys or PKI smartcards, and require regular re-authentication [D3-MFA]. [11], [12] Strong authentication factors are not guessable using dictionary techniques, so they resist brute force attempts.
    • Implement other mitigations for privileged accounts: including limiting the number of admin accounts, considering using hardware MFA tokens, and regularly reviewing all privileged user accounts [D3-JFAPA].
    • Separate privileged accounts by role and alert on misuse of privileged accounts [D3-UAP]. For example, email administrator accounts should be different from domain administrator accounts.
    • Reduce reliance on passwords; instead, consider using services like single sign-on [D3-TBA].
      • For organizations using on-premises authentication and email services, plan to disable NTLM entirely and migrate to more robust authentication processes such as PKI certificate authentication.
    • Do not store passwords in Group Policy Preferences (GPP). Remove all passwords previously included in GPP and change all passwords on the corresponding accounts [D3-CH]. [13]
    • Use account throttling or account lockout [D3-ANET]:
      • Throttling is preferred to lockout. Throttling progressively increases time delay between successive login attempts.
      • Account lockout can leave legitimate users unable to access their accounts and requires access to an account recovery process.
      • Account lockout can provide a malicious actor with an easy way to launch a Denial of Service (DoS).
      • If using lockout, then allowing 5 to 10 attempts before lockout is recommended.
    • Use a service to check for compromised passwords before using them [D3-SPP]. For example, “Have I Been Pwned” can be used to check whether a password has been previously compromised without disclosing the potential password.
    • Change all default credentials [D3-CRO] and disable protocols that use weak authentication (e.g., clear-text passwords or outdated and vulnerable authentication or encryption protocols) or do not support multi-factor authentication [D3-ACH] [D3-ET]. Always configure access controls carefully to ensure that only well-maintained and well-authenticated accounts have access. [13]

    IP Camera Mitigations

    The following mitigation techniques for IP cameras can be used to defend against this type of malicious activity:

    • Ensure IP cameras are currently supported. Replace devices that are out of support.
    • Apply security patches and firmware updates to all IP cameras [D3-SU].
    • Disable remote access to the IP camera, if unnecessary [D3-ITF].
    • Ensure cameras are protected by a security appliance, if possible, such as by using a firewall to prevent communication with the camera from IP addresses not on an allowlist [D3-NAM].
    • If remote access to IP camera feeds is required, ensure authentication is enabled [D3-AA] and use a VPN to connect remotely [D3-ET]. Use MFA for management accounts if supported [D3-MFA].
    • Disable Universal Plug and Play (UPnP), Peer-to-Peer (P2P), and Anonymous Visit features on IP cameras and routers [D3-NI].
    • Turn off other ports/services not in use (e.g., FTP, web interface, etc.) [D3-ACH].
    • If supported, enable authenticated RTSP access only [D3-AA].
    • Review all authentication activity for remote access to make sure it is valid and expected [D3-UBA]. Investigate any unexpected or unusual activity.
    • Audit IP camera user accounts to ensure they are an accurate reflection of your organization and that they are being used as expected [D3-UAP].
    • Configure, tune, and monitor logging—if available—on the IP camera.

    Indicators of Compromise (IOCs)

    Note: Specific IoCs may no longer be actor controlled, may themselves be compromised infrastructure or email accounts, or may be shared infrastructure such as public VPN or Tor exit nodes. Care should be taken when basing triaging logs or developing detection rules on these indicators. GRU unit 26165 almost certainly uses extensive further infrastructure and TTPs not specifically listed in this report.

    Utilities and scripts

    Legitimate utilities

    Unauthorized or unusual use of the following legitimate utilities can be an indication of a potential compromise:

    • ntdsutil – A legitimate Windows executable used by threat actors to export contents of Active Directory
    • wevtutil – A legitimate Windows executable used by threat actors to delete event logs
    • vssadmin – A legitimate Windows executable possibly used by threat actors to make a copy of the server’s C: drive
    • ADexplorer – A legitimate window executable to view, edit, and backup Active Directory Certificate Services
    • OpenSSH – The Windows version of a legitimate open source SSH client
    • schtasks – A legitimate Windows executable used to create persistence using scheduled tasks
    • whoami – A legitimate Windows executable used to retrieve the name of the current user
    • tasklist – A legitimate Windows executable used to retrieve the list of running processes
    • hostname – A legitimate Windows executable used to retrieve the device name
    • arp – A legitimate Windows executable used to retrieve the ARP table for mapping the network environment
    • systeminfo – A legitimate Windows executable used to retrieve a comprehensive summary of device and operating system information
    • net – A legitimate Windows executable used to retrieve detailed user information
    • wmic – A legitimate Windows executable used to interact with Windows Management Instrumentation (WMI), such as to retrieve letters assigned to logical partitions on storage drives
    • cacls – A legitimate Windows executable used to modify permissions on files
    • icacls – A legitimate Windows executable used to modify permissions to files and handle integrity levels and ownership
    • ssh – A legitimate Windows executable used to establish network shell connections
    • reg – A legitimate Windows executable used to add to or modify the system registry 

    Note: Additional heuristics are needed for effective hunting for these and other living off the land (LOTL) binaries to avoid being overwhelmed by false positives if these legitimate management tools are used regularly. See the joint guide, Identifying and Mitigating Living Off the Land Techniques, for guidance on developing a multifaceted cybersecurity strategy that enables behavior analytics, anomaly detection, and proactive hunting, which are part of a comprehensive approach to mitigating cyber threats that employ LOTL techniques.

    Malicious scripts

    • Certipy – An open source python tool for enumerating and abusing Active Directory Certificate Services
    • Get-GPPPassword.py – An open source python script for finding insecure passwords stored in Group Policy Preferences
    • ldap-dump.py – A script for enumerating user accounts and other information in Active Directory
    • Hikvision backdoor string: “YWRtaW46MTEK”

    Suspicious command lines

    While the following utilities are legitimate, and using them with the command lines shown may also be legitimate, these command lines are often used during malicious activities and could be an indication of a compromise:

    • edge.exe “-headless-new -disable-gpu”
    • ntdsutil.exe “activate instance ntds” ifm “create full C:temp[a-z]{3}” quit quit
    • ssh -Nf
    • schtasks /create /xml

    Outlook CVE Exploitation IOCs

    • md-shoeb@alfathdoor[.]com[.]sa
    • jayam@wizzsolutions[.]com
    • accounts@regencyservice[.]in
    • m.salim@tsc-me[.]com
    • vikram.anand@4ginfosource[.]com
    • mdelafuente@ukwwfze[.]com
    • sarah@cosmicgold469[.]co[.]za
    • franch1.lanka@bplanka[.]com
    • commerical@vanadrink[.]com
    • maint@goldenloaduae[.]com
    • karina@bhpcapital[.]com
    • tv@coastalareabank[.]com
    • ashoke.kumar@hbclife[.]in
    • 213[.]32[.]252[.]221
    • 124[.]168[.]91[.]178
    • 194[.]126[.]178[.]8
    • 159[.]196[.]128[.]120

    Commonly Used Webmail Providers

    • portugalmail[.]pt
    • mail-online[.]dk
    • email[.]cz
    • seznam[.]cz

    Malicious Archive Filenames Involving CVE-2023-38831

    • calc.war.zip
    • news_week_6.zip
    • Roadmap.zip
    • SEDE-PV-2023-10-09-1_EN.zip
    • war.zip
    • Zeyilname.zip

    Brute Forcing IP Addresses

    Disclaimer: These IP addresses date June 2024 through August 2024. The authoring agencies recommend organizations investigate or vet these IP addresses prior to taking action, such as blocking.

    June 2024 July 2024 August 2024
    192[.]162[.]174[.]94 207[.]244[.]71[.]84 31[.]135[.]199[.]145 79[.]184[.]25[.]198 91[.]149[.]253[.]204  
    103[.]97[.]203[.]29 162[.]210[.]194[.]2 31[.]42[.]4[.]138 79[.]185[.]5[.]142 91[.]149[.]254[.]75  
    209[.]14[.]71[.]127   46[.]112[.]70[.]252 83[.]10[.]46[.]174 91[.]149[.]255[.]122  
    109[.]95[.]151[.]207   46[.]248[.]185[.]236 83[.]168[.]66[.]145 91[.]149[.]255[.]19  
        64[.]176[.]67[.]117 83[.]168[.]78[.]27 91[.]149[.]255[.]195  
        64[.]176[.]69[.]196 83[.]168[.]78[.]31   91[.]221[.]88[.]76  
        64[.]176[.]70[.]18 83[.]168[.]78[.]55   93[.]105[.]185[.]139  
        64[.]176[.]70[.]238 83[.]23[.]130[.]49   95[.]215[.]76[.]209  
        64[.]176[.]71[.]201 83[.]29[.]138[.]115   138[.]199[.]59[.]43  
        70[.]34[.]242[.]220 89[.]64[.]70[.]69   147[.]135[.]209[.]245  
        70[.]34[.]243[.]226 90[.]156[.]4[.]204   178[.]235[.]191[.]182  
        70[.]34[.]244[.]100 91[.]149[.]202[.]215   178[.]37[.]97[.]243  
        70[.]34[.]245[.]215 91[.]149[.]203[.]73   185[.]234[.]235[.]69  
        70[.]34[.]252[.]168 91[.]149[.]219[.]158 192[.]162[.]174[.]67  
        70[.]34[.]252[.]186 91[.]149[.]219[.]23   194[.]187[.]180[.]20  
        70[.]34[.]252[.]222 91[.]149[.]223[.]130   212[.]127[.]78[.]170  
        70[.]34[.]253[.]13 91[.]149[.]253[.]118 213[.]134[.]184[.]167
        70[.]34[.]253[.]247   91[.]149[.]253[.]198    
        70[.]34[.]254[.]245 91[.]149[.]253[.]20    

    Detections

    Customized NTLM listener

    rule APT28_NTLM_LISTENER {

           meta:

                  description = "Detects NTLM listeners including APT28's custom one"

           strings:

                  $command_1 = "start-process powershell.exe -WindowStyle hidden"

                  $command_2 = "New-Object System.Net.HttpListener"

                  $command_3 = "Prefixes.Add('http://localhost:8080/')"

                  $command_4 = "-match 'Authorization'"

                  $command_5 = "GetValues('Authorization')"

                  $command_6 = "Request.RemoteEndPoint.Address.IPAddressToString"

                  $command_7 = "@(0x4e,0x54,0x4c,0x4d, 0x53,0x53,0x50,0x00,0x02,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x28,0x00,0x00,0x01,0x82,0x00,0x00,0x11,0x22,0x33,0x44,0x55,0x66,0x77,0x88,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00)"

                  $command_8 = ".AllKeys"

                  

                  $variable_1 = "$NTLMAuthentication" nocase

                  $variable_2 = "$NTLMType2" nocase

                  $variable_3 = "$listener" nocase

                  $variable_4 = "$hostip" nocase

                  $variable_5 = "$request" nocase

                  $variable_6 = "$ntlmt2" nocase

                  $variable_7 = "$NTLMType2Response" nocase

                  $variable_8 = "$buffer" nocase

           condition:

                  5 of ($command_*) 

                  or

                  all of ($variable_*)

    }

    HEADLACE shortcut

    rule APT28_HEADLACE_SHORTCUT {

           meta:

                  description = "Detects the HEADLACE backdoor shortcut dropper. Rule is meant for threat hunting."

           strings:

                  $type = "[InternetShortcut]" ascii nocase

                  $url  = "file://"

                  $edge = "msedge.exe"

                  $icon = "IconFile"

           condition:

                  all of them

    }

    HEADLACE credential dialogbox phishing 

    rule APT28_HEADLACE_CREDENTIALDIALOG {

           meta:

                  description = "Detects scripts used by APT28 to lure user into entering credentials"

           strings:

                  $command_1 = "while($true)"

                  $command_2 = "Get-Credential $(whoami)"

                  $command_3 = "Add-Content"

                  $command_4 = ".UserName"

                  $command_5 = ".GetNetworkCredential().Password"

                  $command_6 = "GetNetworkCredential().Password.Length -ne 0"

           condition:

                  5 of them

    }

    HEADLACE core script

    rule APT28_HEADLACE_CORE {

           meta:

                  description = "Detects HEADLACE core batch scripts"

           strings:

                  $chcp = "chcp 65001" ascii

                  $headless = "start "" msedge --headless=new --disable-gpu" ascii

                  

                  $command_1 = "taskkill /im msedge.exe /f" ascii

                  $command_2 = "whoami>"%programdata%" ascii

                  $command_3 = "timeout" ascii

                  $command_4 = "copy "%programdata%" ascii

                  $non_generic_del_1 = "del /q /f "%programdata%" ascii

                  $non_generic_del_3 = "del /q /f "%userprofile%Downloads" ascii

     

                  $generic_del = "del /q /f" ascii

           condition:

                  (

                          $chcp 

                          and 

                          $headless

                  )

                  and

                  (

                          1 of ($non_generic_del_*)

                          or

                          ($generic_del)

                          or

                          3 of ($command_*)

                  )

    }

    MASEPIE

    rule APT28_MASEPIE {

           meta:

                  description = "Detects MASEPIE python script"

           strings:

                  $masepie_unique_1 = "os.popen('whoami').read()"

                  $masepie_unique_2 = "elif message == 'check'"

                  $masepie_unique_3 = "elif message == 'send_file':"

                  $masepie_unique_4 = "elif message == 'get_file'"

                  $masepie_unique_5 = "enc_mes('ok'"

                  $masepie_unique_6 = "Bad command!'.encode('ascii'"

                  $masepie_unique_7 = "{user}{SEPARATOR}{k}"

                  $masepie_unique_8 = "raise Exception("Reconnect"

           condition:

                  3 of ($masepie_unique_*)

    }

    STEELHOOK

    rule APT28_STEELHOOK {

           meta:

                  description = "Detects APT28's STEELHOOK powershell script"

           strings:

                  $s_1 = "$($env:LOCALAPPDATAGoogleChromeUser DataLocal State)"

                  $s_2 = "$($env:LOCALAPPDATAGoogleChromeUser DataDefaultLogin Data)"

                  $s_3 = "$($env:LOCALAPPDATAMicrosoftEdgeUser DataLocal State)"

                  $s_4 = "$($env:LOCALAPPDATAMicrosoftEdgeUser DataDefaultLogin Data)"

                  $s_5 = "os_crypt.encrypted_key"

                  $s_6 = "System.Security.Cryptography.DataProtectionScope"

                  $s_7 = "[system.security.cryptography.protectdata]::Unprotect"

                  $s_8 = "Invoke-RestMethod"

           condition:

                  all of them

    }

    PSEXEC

    rule GENERIC_PSEXEC {

           meta:

                  description = "Detects SysInternals PSEXEC executable"

           strings:

                  $sysinternals_1 = "SYSINTERNALS SOFTWARE LICENCE TERMS"

                  $sysinternals_2 = "/accepteula"

                  $sysinternals_3 = "SoftwareSysinternals"

                  $network_1 = "%sIPC$"

                  $network_2 = "%sADMIN$%s"

                  $network_3 = "DeviceLanmanRedirector%sipc$"

                  $psexec_1 = "PSEXESVC"

                  $psexec_2 = "PSEXEC-{}-"

                  $psexec_3 = "Copying %s to %s..."

                  $psexec_4 = "gPSINFSVC"

           condition:

                  (

                          ( uint16( 0x0 ) ==0x5a4d )

                          and

                          ( uint16( uint32( 0x3c )) == 0x4550 )

                  )

                  and 

                          filesize < 1024KB

                  and

                  (

                          ( any of ($sysinternals_*) and any of ($psexec_*) )

                          or

                          ( 2 of ($network_*) and 2 of ($psexec_*))

                  )

    }

    The cybersecurity industry provides overlapping cyber threat intelligence, IOCs, and mitigation recommendations related to GRU unit 26165 cyber actors. While not all encompassing, the following are the most notable threat group names related under MITRE ATT&CK G0007 and commonly used within the cybersecurity community: 

    • APT28 [14]
    • Fancy Bear [14]
    • Forest Blizzard [14]
    • Blue Delta [15]

    Note: Cybersecurity companies have different methods of tracking and attributing cyber actors, and this may not be a 1:1 correlation to the U.S. government’s understanding for all activity related to these groupings.

    Further Reference

    To search for the presence of malicious email messages targeting CVE-2023-23397, network defenders may consider using the script published by Microsoft: https://aka.ms/CVE-2023-23397ScriptDoc

    For the Impacket TTP, network defenders may consider using the following publicly available Impacket YARA detection rule:
    https://github.com/Neo23x0/signature-base/blob/master/yara/gen_impacket_tools.yar

    Works Cited

    [1] Microsoft. Defending Ukraine: Early Lessons from the Cyber War. 2022. https://blogs.microsoft.com/on-the-issues/2022/06/22/defending-ukraine-early-lessons-from-the-cyber-war/  
    [2] FBI et al. Russian Cyber Actors Use Compromised Routers to Facilitate Cyber Operations. 2024. https://media.defense.gov/2024/Feb/27/2003400753/-1/-1/0/CSA-Russian-Actors-Use-Routers-Facilitate-Cyber_Operations.PDF   
    [3] NSA et al. Russian GRU Conducting Global Brute Force Campaign to Compromise Enterprise and Cloud Environments. 2021. https://media.defense.gov/2021/Jul/01/2002753896/-1/-1/0/CSA_GRU_GLOBAL_BRUTE_FORCE_CAMPAIGN_UOO158036-21.PDF 
    [4] ANSSI. Campagnes d'attaques du mode opératoire APT28 depuis 2021. 2023. https://cert.ssi.gouv.fr/cti/CERTFR-2023-CTI-009/  
    [5] ANSSI. Targeting and compromise of french entities using the APT28 intrusion set. 2025. https://cert.ssi.gouv.fr/cti/CERTFR-2025-CTI-007/   
    [6] Polish Cyber Command. Detecting Malicious Activity Against Microsoft Exchange Servers. 2023. https://www.wojsko-polskie.pl/woc/articles/aktualnosci-w/detecting-malicious-activity-against-microsoft-exchange-servers/ 
    [7] IBM. Israel-Hamas Conflict Lures to Deliver Headlace Malware. 2023. https://securityintelligence.com/x-force/itg05-ops-leverage-israel-hamas-conflict-lures-to-deliver-headlace-malware/ 
    [8] CERT-UA. APT28: From Initial Attack to Creating Domain Controller Threats in an Hour. 2023. https://cert.gov.ua/article/6276894 
    [9] NSA. Embracing a Zero Trust Security Model. 2021. https://media.defense.gov/2021/Feb/25/2002588479/-1/-1/0/CSI_EMBRACING_ZT_SECURITY_MODEL_UOO115131-21.PDF  
    [10] NSA et al. Keeping PowerShell: Security Measures to Use and Embrace. 2022. https://media.defense.gov/2022/Jun/22/2003021689/-1/-1/0/CSI_KEEPING_POWERSHELL_SECURITY_MEASURES_TO_USE_AND_EMBRACE_20220622.PDF 
    [11] National Institute of Standards and Technology (NIST). Special Publication 800-63B: Digital Identity Guidelines – Authentication and Lifecycle Management. 2020. https://pages.nist.gov/800-63-3/sp800-63b.html 
    [12] NSA. Selecting Secure Multi-factor Authentication Solutions. October 16, 2020. https://media.defense.gov/2024/Jul/31/2003515137/-1/-1/0/MULTIFACTOR_AUTHENTICATION_SOLUTIONS_UOO17091520.PDF  
    [13] NSA and CSA. NSA and CISA Red and Blue Teams Share Top Ten Cybersecurity Misconfigurations. 2023. https://media.defense.gov/2023/Oct/05/2003314578/-1/-1/0/JOINT_CSA_TOP_TEN_MISCONFIGURATIONS_TLP-CLEAR.PDF 

    [14] Department of Justice. Justice Department Conducts Court-Authorized Disruption of Botnet Controlled by the Russian Federation’s Main Intelligence Directorate of the General Staff (GRU). 2024. https://www.justice.gov/archives/opa/pr/justice-department-conducts-court-authorized-disruption-botnet-controlled-russian  
    [15] Recorded Future. GRU’s BlueDelta Targets Key Networks in Europe with Multi-Phase Espionage Campaigns. 2024. https://go.recordedfuture.com/hubfs/reports/CTA-RU-2024-0530.pdf  
     

    Disclaimer of endorsement

    The information and opinions contained in this document are provided "as is" and without any warranties or guarantees. Reference herein to any specific commercial products, process, or service by trade name, trademark, manufacturer, or otherwise, does not constitute or imply its endorsement, recommendation, or favoring by the United States Government, and this guidance shall not be used for advertising or product endorsement purposes.

    Purpose

    This document was developed in furtherance of the authoring agencies’ cybersecurity missions, including their responsibilities to identify and disseminate threats and to develop and issue cybersecurity specifications and mitigations. This information may be shared broadly to reach all appropriate stakeholders.

    Contact

    United States organizations

    • National Security Agency (NSA)
    • Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI)
      • U.S. organizations are encouraged to reporting suspicious or criminal activity related to information in this advisory to CISA via the agency’s Incident Reporting System, its 24/7 Operations Center (report@cisa.gov or 888-282-0870), or your local FBI field office. When available, please include the following information regarding the incident: date, time, and location of the incident; type of activity; number of people affected; type of equipment user for the activity; the name of the submitting company or organization; and a designated point of contact.
    • Department of Defense Cyber Crime Center (DC3)

    United Kingdom organizations

    Germany organizations

    Czech Republic organizations

    Poland organizations

    Australian organizations

    • Visit cyber.gov.au or call 1300 292 371 (1300 CYBER 1) to report cybersecurity incidents and access alerts and advisories.

    Canadian organizations

    Estonia organizations

    French organizations

    • French organizations are encouraged to report suspicious activity or incident related to information found in this advisory by contacting ANSSI/CERT-FR by email at cert-fr@ssi.gouv.fr or by phone at: 3218 or +33 9 70 83 32 18. 

    See Table 2 through Table 14 for all the threat actor tactics and techniques referenced in this advisory.

    Table 2: Reconnaissance
    Tactic/Technique Title ID Use
    Reconnaissance TA0043 Conducted reconnaissance on at least one entity involved in the production of ICS components for railway management.
    Gather Victim Identity Information: Email Addresses T1589.002 Conducted contact information reconnaissance to identify additional targets in key positions.
    Gather Victim Org Information T1591 Conducted reconnaissance of the cybersecurity department.
    Gather Victim Org Information: Identify Roles T1591.004 Conducted reconnaissance of individuals responsible for coordinating transport.
    Gather Victim Org Information: Business Relationships T1591.002 Conducted reconnaissance of other companies cooperating with the victim entity.
    Gather Victim Host Information T1592 Attempted to enumerate Real Time Streaming Protocol (RTSP) servers hosting IP cameras.
    Table 3: Resource development
    Tactic/Technique Title ID Use
    Compromise Accounts: Email Accounts T1586.002 Sent phishing emails using compromised accounts.
    Compromise Accounts: Cloud Accounts T1586.003 Sent phishing emails using compromised accounts.
    Table 4: Initial Access
    Tactic/Technique Title ID Use
    Trusted Relationship T1199 Conducted follow-on targeting of additional entities in the transportation sector that had business ties to the primary target, exploiting trust relationships to attempt to gain additional access.
    Phishing T1566 Used spearphishing for credentials and delivering malware to gain initial access to targeted entities.
    Phishing: Spearphishing Attachment T1566.001 Sent emails with malicious attachments.
    Phishing: Spearphishing Link T1566.002 Used spearphishing with included links to fake login pages. Sent emails with embedded hyperlinks that downloaded a malicious archive.
    Phishing: Spearphishing Voice T1566.004 Attempted to use voice phishing to gain access to privileged accounts by impersonating IT staff.
    External Remote Services T1133 Exploited Internet-facing infrastructure, including corporate VPNs, to gain initial access to targeted entities.
    Exploit Public-Facing Application T1190 Exploited public vulnerabilities and SQL injection to gain initial access to targeted entities.
    Content Injection T1659 Leveraged a WinRAR vulnerability allowing for the execution of arbitrary code embedded in an archive.
    Table 5: Execution
    Tactic/Technique Title ID Use
    User Execution: Malicious Link T1204.001 Used malicious links to hosted shortcuts in spearphishing.
    User Execution: Malicious File T1204.002 Delivered malware executables via spearphishing.
    Scheduled Task/Job: Scheduled Task T1053.005 Used scheduled tasks to establish persistence.
    Command and Scripting Interpreter T1059 Delivered scripts in spearphishing. Executed arbitrary shell commands.
    Command and Scripting Interpreter: PowerShell T1059.001 PowerShell commands were often used to prepare data for exfiltration.
    Command and Scripting Interpreter: Windows Command Shell T1059.003 Used BAT script in spearphishing.
    Command and Scripting Interpreter: Visual Basic T1059.005 Used VBScript in spearphishing.
    Command and Scripting Interpreter: Python T1059.006 Installed python on infected machines to enable the execution of Certipy.
    Table 6: Persistence
    Tactic/Technique Title ID Use
    Account Manipulation: 
    Additional Email Delegate 
    Permissions

    T1098.002 

    		 Used manipulation of mailbox permissions to establish sustained email collection. 
    Modify Authentication Process: 
    Multi-Factor Authentication

    T1556.006 

    		 Enrolled compromised accounts in MFA mechanisms to increase the trust-level of compromised accounts and enable sustained access. 
    Hijack Execution Flow: DLL 
    Search Order Hijacking     		 T1574.001  Used DLL search order hijacking to facilitate malware execution. 
    Boot or Logon Autostart 
    Execution: Registry Run Keys / 
    Startup Folder

    T1547.001 

    		 Used run keys to establish persistence. 
    Boot or Logon Autostart 
    Execution: Shortcut 
    Modification

    T1547.009 

    		 Placed malicious shortcuts in the startup folder to establish persistence. 
    Table 7: Defense Evasion
    Tactic/Technique Title ID Use
    Indicator Removal: Clear 
    Windows Event Logs    		 T1070.001  Deleted event logs through the wevtutil utility.
    Table 8: Credential access 
    Tactic/Technique Title ID Use

    Brute Force 

    Sent requests with Base64-encoded credentials for the RTSP server, which included publicly documented default credentials, and likely were generic attempts to brute force access to the devices. 

    Brute Force: Password Guessing 

    T1110.001 

    Used credential guessing to gain initial access to targeted entities. 

    Brute Force: Password Spraying 

    T1110.003 

    Used brute force to gain initial access to targeted entities. Conducted a brute force password spray via LDAP. 

    Multi-Factor Authentication Interception 

    Used multi-stage redirectors to provide MFA relaying capabilities in some campaigns. 

    Input Capture 

    Used multi-stage redirectors to provide CAPTCHA relaying capabilities in some campaigns. 

    Forced Authentication 

    Used an Outlook NTLM vulnerability to collect NTLM hashes and credentials via specially crafted Outlook calendar appointment invitations. 

    OS Credential Dumping: NTDS 

    T1003.003 

    Attempted to dump Active Directory NTDS.dit domain databases. 

    Unsecured Credentials: Group Policy Preferences 

    T1552.006 

    Retrieved plaintext passwords via Group Policy Preferences using Get-GPPPassword.py. 
    Table 9: Discovery
    Tactic/Technique Title ID Use

    Account Discovery: Domain Account

    T1087.002

    Used a modified ldap-dump.py to enumerate the Windows environment.
    Table 10: Command and Control
    Tactic/Technique Title ID Use

    Hide Infrastructure 

    		 T1665 

    Abused SOHO devices to facilitate covert cyber operations, as well as proxy malicious activity, via devices with geolocation in proximity to the target. 

    Proxy: External Proxy 

    		 T1090.002 

    Actor-controlled servers sent RTSP DESCRIBE requests destined for RTSP servers. 

    Proxy: Multi-hop Proxy 

    		 T1090.003 

    Used Tor and commercial VPNs as part of their anonymization infrastructure 

    Encrypted Channel 

    		 T1573 

    Connected to victim infrastructure using encrypted TLS. 

    Multi-Stage Channels 

    		 T1104 

    Used multi-stage redirectors for campaigns. 
    Table 11: Defense evasion (mobile framework)
    Tactic/Technique Title ID Use

    Execution Guardrails 

    Used multi-stage redirectors to verify browser fingerprints in some campaigns. 

    Execution Guardrails: Geofencing 

    T1627.001 

    Used multi-stage redirectors to verify IP-geolocation in some campaigns. 
    Table 12: Lateral movement
    Tactic/Technique Title ID Use

    Lateral Movement 

    Used native commands and open source tools, such as Impacket and PsExec, to move laterally within the environment. 

    Remote Services: Remote Desktop Protocol 

    T1021.001 

    Moved laterally within the network using RDP. 
    Table 13: Collection
    Tactic/Technique Title ID Use

    Email Collection 

    Retrieved sensitive data from email servers. 

    Email Collection: Remote Email Collection 

    T1114.002 

    Used server data exchange protocols and APIs such as Exchange Web Services (EWS) and IMAP to exfiltrate data from email servers. 

    Automated Collection 

    Used periodic EWS queries to collect new emails. 

    Video Capture 

    Attempted to gain access to the cameras’ feeds. 

    Archive Collected Data 

    Accessed files were archived in .zip files prior to exfiltration. 

    Archive Collected Data: Archive via Utility 

    T1560.001 

    Prepared zip archives for upload to the actors’ infrastructure. 
    Table 14: Exfiltration
    Tactic/Technique Title ID Use

    Exfiltration Over Alternative Protocol 

    Attempted to exfiltrate archived data via a previously dropped OpenSSH binary. 

    Scheduled Transfer 

    Used periodic EWS queries to collect new emails sent and received since the last data exfiltration. 

    Appendix B: CVEs exploited

    Table 15: Exploited CVE information
    CVE  Vendor/Product  Details

    CVE-2023-38831 

    RARLAB WinRAR 

    Allows execution of arbitrary code when a user attempts to view a benign file within a ZIP archive. 

    CVE-2023-23397 

    Microsoft Outlook 

    External actors could send specially crafted emails that cause a connection from the victim to an untrusted location of the actor’s control, leaking the Net-NTLMv2 hash of the victim that the actor could then relay to another service to authenticate as the victim. 

    CVE-2021-44026 

    Roundcube Webmail 

    Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to a potential SQL injection via search or search params. 

    CVE-2020-35730 

    Roundcube Webmail 

    An XSS issue was discovered in Roundcube Webmail before 1.2.13, 1.3.x before 1.3.16 and 1.4.x before 1.4.10, where a plaintext email message with JavaScript in a link reference element is mishandled by linkref_addindex in rcube_string_replacer.php. 

    CVE-2020-12641 

    Roundcube Webmail 

    Roundcube Webmail before 1.4.4 allows arbitrary code execution via shell metacharacters in a configuration setting for im_convert_path or im_identify_path in rcube_image.php. 

    Appendix C: MITRE D3FEND Countermeasures

    Table 16: MITRE D3FEND countermeasures
    Countermeasure Title  ID  Details 

    Network Isolation 

    Employ appropriate network segmentation. Disable Universal Plug and Play (UPnP), Peer-to-Peer (P2P), and Anonymous Visit features on IP cameras and routers. 

    Access Mediation 

    Limit access and utilize additional attributes (such as device information, environment, and access path) when making access decisions. Configure access controls carefully to ensure that only well-maintained and well-authenticated accounts have access. 

    Inbound Traffic Filtering 

    Implement host firewall rules to block connections from other devices on the network, other than from authorized management devices and servers, to prevent lateral movement. 

    Resource Access Pattern Analysis 

    Use automated tools to audit access logs for security concerns and identify anomalous access requests. 

    Outbound Traffic Filtering 

    Block NTLM/SMB requests to external infrastructure. 

    Platform Monitoring 

    Install EDR/logging/cybersecurity solutions onto high value systems with large amounts of sensitive data such as mail servers and domain controllers. 

    System File Analysis 

    Collect and monitor Windows logs for certain events, especially for events that indicate that a log was cleared unexpectedly. 

    Application Hardening 

    Enable optional security features in Windows to harden endpoints and mitigate initial access techniques. 

    Application-based Process Isolation 

    Enable attack surface reduction rules to prevent executable content from email. 

    Executable Allowlisting 

    Enable attack surface reduction rules to prevent execution of files from globally writeable directories, such as Downloads or %APPDATA%. 

    Execution Isolation 

    Unless users are involved in the development of scripts, limit the execution of scripts (such as batch, JavaScript, and PowerShell) to known scripts. 

    Application Configuration Hardening 

    Disable Windows Host Scripting functionality and configure PowerShell to run in Constrained mode. Disable protocols that use weak authentication (e.g., clear-text passwords, or outdated and vulnerable authentication or encryption protocols) or do not support multi-factor authentication. Turn off other ports/services not in use (e.g., FTP, web interface, etc.). 

    Process Spawn Analysis 

    Use open source SIGMA rules as a baseline for detecting and alerting on suspicious file execution or command parameters. 

    URL Reputation Analysis 

    Use services that provide enhanced browsing services and safe link checking. 

    Network Access Mediation 

    Do not allow incoming traffic, especially logins to systems, from public VPN services. Where possible, logins from public VPNs, including exit nodes in the same country as target systems, should be blocked or, if allowed, alerted on for further investigation. Ensure cameras and other Internet of Things devices are protected by a security appliance, if possible. 

    DNS Denylisting 

    D3-DNSDL 

    Do not allow outgoing traffic to hosting and API mocking services frequently used by malicious actors. 

    Domain Name Reputation Analysis 

    Heuristic detections for web requests to new subdomains may uncover malicious phishing activity. Logging the requests for each sub-domain requested by users on a network, such as in DNS or firewall logs, may enable system administrators to identify new targeting and victims. 

    Multi-factor Authentication 

    Use MFA with strong factors and require regular re-authentication, especially for management accounts. 

    Job Function Access Pattern Analysis 

    D3-JFAPA 

    Implement other mitigations for privileged accounts: including limiting the number of admin accounts, considering using hardware MFA tokens, and regularly reviewing all privileged user accounts. 

    User Account Permissions 

    Separate privileged accounts by role and alert on misuse of privileged accounts. Audit user accounts on all devices to ensure they are an accurate reflection of your organization and that they are being used as expected. 

    Token-based Authentication 

    Reduce reliance on passwords; instead, consider using services like single sign-on. 

    Credential Hardening 

    Do not store passwords in Group Policy Preferences (GPP). Remove all passwords previously included in GPP and change all passwords on the corresponding accounts. 

    Authentication Event Threshholding 

    Use account throttling or account lockout. Throttling progressively increases time delay between successive login attempts. If using account lockout, allow between 5 to 10 attempts before lockout. 

    Strong Password Policy 

    Use a service to check for compromised passwords before using them. 

    Credential Rotation 

    Change all default credentials. 

    Encrypted Tunnels 

    Disable protocols that use weak authentication (e.g., clear-text passwords, or outdated and vulnerable authentication or encryption protocols). Use a VPN for remote connections to devices. 

    Software Update 

    Apply security patches and firmware updates to all devices. Ensure devices are currently supported. Replace devices that are end-of-life. 

    Agent Authentication 

    Ensure authentication is enabled for remote access to devices. If supported on IP cameras, enable authenticated RTSP access only. 

    User Behavior Analysis 

    Review all authentication activity for remote access to make sure it is valid and expected. Investigate any unexpected or unusual activity. 

    MIL Security OSI -

  • MIL-OSI Russia: Sobyanin: Another drone attack attempt on Moscow has been thwarted

    Translation. Region: Russian Federal

    Source: Moscow Government – Government of Moscow –

    The Defense Ministry’s air defense forces destroyed another drone flying toward Moscow, Sergei Sobyanin reported on your telegram channel.

    “Emergency services specialists are working at the site of the fallen debris,” the Mayor of Moscow wrote.

    Source: Sergei Sobyanin’s Telegram channel @mos_sobyanin 

    Earlier, the Mayor of Moscow reported that the attack had been repelled three more drones.

    Please note: This information is raw content directly from the source of the information. It is exactly what the source states and does not reflect the position of MIL-OSI or its clients.

    Please Note; This Information is Raw Content Directly from the Information Source. It is access to What the Source Is Stating and Does Not Reflect

    https: //vv.mos.ru/mayor/tkhemes/12731050/

    MIL OSI Russia News

  • MIL-OSI United Nations: Strengthening protection of World Heritage Archives with JFIT support

    Source: UNESCO World Heritage Centre

    World Heritage site managers and archive specialists throughout South-East Asia are benefitting from a series of capstone activities under the “Safeguarding World Heritage Site Archives” JFIT project, developed in collaboration between CLT and CI sectors.

    Launched in 2023, the project has contributed to conserving important archival collections related to World Heritage by applying global standards on documentary heritage, notably from the Memory of the World programme. Encompassing diverse material such as photographs, maps, restoration plans and digital media, these collections play a crucial role in understanding, protecting and monitoring World Heritage properties.  Made possible through the generous support of the Government of Japan through UNESCO/Japan Funds-in-Trust, the initiative responds to urgent challenges facing archives today.

    In Cambodia, the project has focused on the newest World Heritage property of Koh Ker: Archaeological Site of Ancient Lingapura or Chok Gargyar. Under the auspices of the  National Authority for Preah Vihear, a Standard Operating Procedure is being finalized in order to provide customized guidance for managing the archives of the Koh Ker site.

    In Indonesia, four World Heritage sites will participate in a workshop on “Developing Policies for Disaster Risk Management of Indonesian World Heritage Sites’ Archival Collections” organized collaboratively with the National Archives of the Republic of Indonesia on 3-4 June 2025. The workshop targets policy-making levels at the Ministry of Culture and the World Heritage sites of Prambanan Temple Compounds, Borobudur Temple Compounds, Ombilin Coal Mining Heritage of Sawahlunto, and Cosmological Axis of Yogyakarta.

    In Thailand, UNESCO and the Thai Fine Arts Department joined hands to organize a practical training workshop on “Archives and Record Management for World Heritage Sites” on 22-23 May 2025 at the Historic City of Ayutthaya in Thailand. Led by experts from the National Archives of Thailand, this training is designed to equip cultural World Heritage site managers from Thailand and Lao PDR with knowledge and skills in managing their historic documents.  The workshop is planned to showcase archives activities undertaken at Ayutthaya throughout the project, including an upgraded records management facility holding both paper-based and digital records.

    Finally, the project will also see the upcoming launch of UNESCO’s new manual on World Heritage conservation archives management, which will be available in English along with Baha Indonesia, Chinese, Khmer, Russian and Thai through the coordination of UNESCO Jakarta, UNESCO Beijing, UNESCO Phnom Penh, UNESCO Almaty and UNESCO Bangkok, respectively.

    For further information, please contact:

    Culture Unit, UNESCO Regional Office in Bangkok: culture.bgk@unesco.org 

    MIL OSI United Nations News

  • MIL-OSI USA: ICYMI: On CNN’s The Arena this Evening, Shaheen Reiterates that Putin is Playing Trump in Ukraine Negotiations, Slams Congressional Republicans’ Proposal to Slash Medicaid to Give Billionaires a Tax Break

    US Senate News:

    Source: United States Senator for New Hampshire Jeanne Shaheen

    Published: 05.21.2025

    (Washington, DC) – U.S. Senator Jeanne Shaheen (D-NH), Ranking Member of the U.S. Senate Foreign Relations Committee, joined CNN’s The Arena this evening to discuss her questioning of U.S. Secretary of State Marco Rubio earlier in the day and her belief that Russian President Vladimir Putin is playing President Trump. She also sharply criticized Congressional Republicans’ budget proposal that would gut Medicaid and food assistance benefits to finance tax breaks for billionaires and special interest groups. The interview followed Secretary Rubio’s first testimony to the Senate Foreign Relations Committee since his confirmation hearing in January. Click HERE to watch Senator Shaheen’s interview. 
    Key Quotes from Senator Shaheen: 
    When asked if she feels Secretary Rubio and President Trump are being played by Putin, Shaheen said: “I do, absolutely. And I said that to Secretary Rubio and we heard it again, what the outcome of this phone call between President Trump and Vladimir Putin yesterday was that now Putin is going to bring in a sheet that outlines what they want to see, to end the war in Ukraine, to get them to the table. Well, he’s just playing for time because he thinks the longer he can delay that, we’re going to get disinterested, that we’re going to not want to continue to support Ukraine in this fight. But what he doesn’t understand is that the President and this administration says the biggest threat to America is China, and China and President Xi are watching what the outcome of this war in Ukraine is. And if we are not tough in Ukraine, if we are not tough on Putin, that he knows that we’re not going to be tough on him when he goes after Taiwan. And so that’s a real problem.” 
    On Republicans’ budget proposal, Shaheen said: “Well, it’s clear that the Republicans in the House care more about what Donald Trump thinks than they care about what their constituents think. Because constituents in most of this country don’t want to see massive cuts to the Medicaid program, health care that so many Americans rely on, whether it’s for nursing home care or for people with disabilities, people who get their health insurance through the Medicaid program.” 
    On Republicans threatening cuts to program like Medicaid and SNAP, Shaheen said: “And what they’re actually trying to do with those worker requirements and other changes is to reduce the number of people on Medicaid so they can save money and what they want to do, what they want to do with the money that they’re saving by cutting Medicaid, by cutting food benefits from the Snap program, is to provide a huge tax cut to the wealthiest Americans. 70% of the benefits from the tax cuts are going to go to the wealthiest 1% in this country.” 

    MIL OSI USA News

  • MIL-OSI Russia: GUU and RUDN University open “Horizons of Opportunities” for foreign students

    Translation. Region: Russian Federal

    Source: State University of Management – Official website of the State –

    On May 20, 2025, a seminar for foreign students was held at the State University of Management. During the seminar, foreign students were introduced to a unique educational initiative – the Horizons of Opportunities project, developed with the support of the Ministry of Science and Higher Education of the Russian Federation.

    “Horizons of Possibilities” is a program of additional education for foreign students of 2-3 years of bachelor’s degree, 1 year of master’s degree, 1-2 years of postgraduate studies of Russian universities. The program is aimed at identifying and supporting the most promising foreign students who, after graduation, plan to develop cooperation with Russia in the political, informational and business fields.

    Alana Zangieva, a specialist at the RUDN International Youth Center, held a presentation of the Horizons of Possibility project, introducing foreign students of the State University of Management to the main areas of the program’s activities and the conditions for participation in it, as well as successful cases of its graduates from previous years.

    Foreign students of the State University of Management have shown interest in the work of the International School of Humanitarian Cooperation, whose students can gain practical skills for implementing their own business projects with Russia and employment in the Russian labor market.

    In conclusion, the students thanked the speaker for the informative information and wished success to the Horizons of Possibilities program.

    The event was organized by the State University of Management and the International Youth Center of the Peoples’ Friendship University of Russia named after Patrice Lumumba.

    Please note: This information is raw content directly from the source of the information. It is exactly what the source states and does not reflect the position of MIL-OSI or its clients.

    MIL OSI Russia News

  • MIL-OSI Russia: Wang Yi to chair third China-Pacific Island Foreign Ministers’ Meeting

    Translation. Region: Russian Federal

    Source: People’s Republic of China in Russian –

    Source: People’s Republic of China – State Council News

    BEIJING, May 21 (Xinhua) — Chinese Foreign Minister Wang Yi, a member of the Political Bureau of the Communist Party of China Central Committee and a member of the Political Bureau of the Communist Party of China (CPC) Central Committee, will chair the third China-Pacific Island Countries Foreign Ministers’ Meeting to be held in Xiamen, east China’s Fujian Province, from May 28 to 29, a Chinese Foreign Ministry spokesperson said Wednesday. -0-

    MIL OSI Russia News

  • MIL-OSI Russia: Chinese Foreign Minister Meets Afghan Acting Foreign Minister in Beijing /detailed version-1/

    Translation. Region: Russian Federal

    Source: People’s Republic of China in Russian – People’s Republic of China in Russian –

    Source: People’s Republic of China – State Council News

    BEIJING, May 21 (Xinhua) — Chinese Foreign Minister Wang Yi met with Acting Afghan Foreign Minister Amir Khan Muttaqi in Beijing on Wednesday.

    Wang Yi, also a member of the Political Bureau of the CPC Central Committee, welcomed A.H. Muttaqi’s visit, which coincides with the 70th anniversary of the establishment of diplomatic relations between the two countries. He stressed that China and Afghanistan, as traditional friendly neighbors, always support and understand each other.

    “China respects the independence, sovereignty and territorial integrity of Afghanistan, as well as the independent choice of the Afghan people,” Wang said, stressing that China will continue to support the Afghan government in achieving long-term peace and stability in the country at an early date.

    Wang Yi added that China is willing to work with the Afghan side to develop traditional friendship, strengthen political mutual trust and deepen practical cooperation so as to bring more benefits to the two countries and their peoples, and contribute to regional peace and stability.

    According to him, China is ready to increase cooperation with Afghanistan in the areas of economy and trade, agriculture, energy, mining, poverty reduction, disaster prevention, personnel training, healthcare, law enforcement and security.

    The Chinese side intends to increase imports of high-quality Afghan products and provide all possible support in restoring Afghanistan’s economy and improving the living conditions of its population, the minister said.

    A.H. Muttaqi, in turn, thanked China for its valuable assistance in developing Afghanistan and improving the living conditions of the Afghan people over a long period of time, as well as for its advocacy of justice for Afghanistan in the international arena.

    He stressed that the Afghan government values the traditional friendship between Afghanistan and China, attaches great importance to relations with China in its foreign policy, and will continue to firmly adhere to the one-China principle and firmly oppose interference in China’s internal affairs.

    A. H. Muttaqi noted that the Afghan side is ready to deepen mutual trust with China and contribute to achieving greater positive results in cooperation in various areas. “Afghanistan attaches great importance to China’s security issues and will under no circumstances allow Afghan territory to be used for activities that threaten China’s security,” he stressed.

    Afghanistan is ready to step up cooperation with China in the security sphere, jointly combat violent crimes and ensure security and stability in the region, added A.H. Muttaqi. -0-

    MIL OSI Russia News

  • MIL-OSI Russia: China and ASEAN Complete Negotiations on CAFTA Version 3.0 /Detailed Version-1/

    Translation. Region: Russian Federal

    Source: People’s Republic of China in Russian – People’s Republic of China in Russian –

    Source: People’s Republic of China – State Council News

    BEIJING, May 21 (Xinhua) — China and 10 ASEAN countries have fully concluded negotiations on the China-ASEAN Free Trade Area (CAFTA) 3.0, the Ministry of Commerce said Wednesday.

    The achievement was announced on Tuesday during a special online meeting of China-ASEAN economy and trade ministers.

    CAFTA 3.0 will send a strong signal in support of free trade and open cooperation, the Commerce Ministry official said, noting that it will bring greater certainty to regional and global trade and play a guiding and exemplary role for different countries in upholding the principles of openness, inclusiveness and mutually beneficial cooperation.

    Negotiations on CAFTA version 3.0, which began in November 2022, were substantially concluded in October 2024 after nine rounds of formal negotiations.

    Version 3.0 contains nine new chapters covering areas such as the digital economy, green economy and supply chain connectivity, according to the ministry.

    CAFTA 3.0 will create an inclusive, modern, comprehensive and mutually beneficial free trade agreement. The new additions will provide the parties with the opportunity to advance regional economic integration in a broader and deeper manner and effectively facilitate the deep integration of their production and supply chains in the new environment.

    Moreover, CAFTA 3.0 will provide important institutional guarantees for the construction of the China-ASEAN mega market, thereby giving a steady impetus to the building of a China-ASEAN community with a shared future and promoting the common prosperity and development of both sides, the MOC noted.

    The parties will actively advance their respective internal signature and ratification procedures with a view to formally signing the CAFTA Modernization Protocol version 3.0 by the end of this year, the department added. -0-

    MIL OSI Russia News

  • MIL-OSI Russia: Sobyanin opened the Yuzhnoye electric depot of the Zamoskvoretskaya metro line

    Translation. Region: Russian Federal

    Source: Moscow Government – Government of Moscow –

    Sergei Sobyanin opened a new electric depot “Yuzhnoye” of the Zamoskvoretskaya line. Its commissioning became the final stage of the formation of the largest in Russia and one of the largest in Europe complexes for the repair, maintenance and operation of metro cars.

    On behalf of the President of the Russian Federation Vladimir Putin, Moscow Mayor Sergei Sobyanin presented the Moscow Metro with the Order “For Valiant Labor”, which recognized the great merits of the metro workforce in strengthening and developing the capital’s transport complex. The award was timed to coincide with the 90th anniversary of the metro.

    In addition, 10 new “Moscow-2024” trains ceremoniously entered the Zamoskvoretskaya line. Together with metro employees and invited guests, Sergei Sobyanin rode on the lead train from the depot to the Krasnogvardeyskaya station.

    “This year, the Moscow Metro turns 90. It is a respectable age, but the Moscow Metro demonstrates a very young, energetic life, developing, adding new lines, new stations, first-class trains, electric depots, developing in a way that probably no other metro in the world is developing. Today, a new electric depot “Yuzhnoye” is being opened, the largest and most modern in Russia. The Zamoskvoretskaya line of the metro is being replenished with 10 new trains, the most modern. This year, in honor of the metro’s anniversary, in honor of its merits, the President of the Russian Federation signed a decree on awarding the Moscow Metro team with the Order for Labor Valor. This is a well-deserved award. The Moscow Metro is the most intensive in the world, the most accurate, the most reliable, the safest, the cleanest and the most beautiful. And the most beloved by Muscovite passengers,” said Sergei Sobyanin.

    The Mayor of Moscow congratulated the entire staff of the capital’s metro, metro builders and everyone who is related to the metro on the award and anniversary.

    The head of the Moscow Metro, Viktor Kozlovsky, in turn, thanked the President of Russia for the award and Sergei Sobyanin for his assistance and constant participation in the development of the metro.

    “I would like to say a huge thank you to the President of our country, Vladimir Vladimirovich Putin, for the high assessment of our work, our many thousands of people, and personally to you, Sergey Semenovich, for your constant participation, for the development of the Moscow Metro. For the work that you do. The Moscow Metro is ready to continue to fulfill any tasks at a high level,” said Viktor Kozlovsky.

    Thanks to the unprecedented construction of new lines and stations, more than 90 percent of Muscovites now live in the service area of the rail frame stations. For comparison: in 2010, this figure was 70 percent. On weekdays, the metro carries more than 8.2 million passengers. The Moscow metro has become a world leader in important indicators. Thus, the accuracy of the schedule is 99.9 percent, the traffic intensity reaches 90-second intervals during rush hours on the most popular lines, a variety of payment methods and customer services are available, which leads to a high level of passenger loyalty.

    Development of the capital’s metro

    In 2010, city residents built most of the routes through the center. As a result, transfer stations here were overloaded almost all day long, and at peak times, passengers managed to get on far from the first train.

    Thanks to the development of the Moscow Metro infrastructure – the opening of new stations and the renewal of rolling stock – every year the trips become faster and more comfortable, many additional transfers and route options appear, the carriages become noticeably freer even during rush hours. There are no more overloaded sections in the metro.

    The first stage of the Moscow metro opened on May 15, 1935. It included 11.2 kilometers of lines and 13 stations – from Sokolniki to Park Kultury with a branch to Smolenskaya. Shortly before that, on November 10, 1934, the Severnoye electric depot began operating.

    Today, together with the Moscow Central Circle (MCC), the metro has 302 stations (271 metro stations and 31 MCC stations), as well as 23 electric depots, including the Brateevo car repair complex.

    Since 2011, 123 stations have been built and reconstructed in Moscow — their total number has increased by almost 1.7 times. New lines have started operating: Nekrasovskaya, Solntsevskaya and Troitskaya. Sokolnicheskaya, Lyublinsko-Dmitrovskaya, Zamoskvoretskaya and a number of other metro lines have been extended. Two new rings (MCC and Big Circle Line) provide convenient transfers and transit along routes without entering the center. In Soviet times, it took almost 40 years to build a network of such a scale.

    More than 130 kilometers of the capital’s metro tunnels were laid in five yearsSergei Sobyanin opened full service on the Troitskaya metro line

    The Moscow Metro employs over 65,000 workers (almost a third of whom are women), with an average age of 43. The company is represented by more than 200 professions and specialties. The metro workforce includes more than 100 dynasties with a total work experience of over 15 thousand years.

    In recent years, the city has been paying special attention to the renewal of its rolling stock. Moscow is the leader among European and American megacities in terms of the rate of renewal of its metro cars. Today, the Moscow Metro fleet has over 6.7 thousand cars of various models, with over 77 percent of them being of the current generation. Since 2010, the average age of metro cars has decreased almost twofold — from 20 to 12 years. By the end of 2025, another 272 Moscow-2024 cars are to be added to the fleet, and in 2030, the share of new trains will be about 90 percent, meaning that modern trains will serve passengers on all metro lines. In addition, the share of domestic components in Moscow-2024 trains has reached almost 95 percent.

    Trains created according to the technical specifications of the Moscow Metro are a standard for the metros of other cities and countries. In addition to the capital of Russia, trains based on the Moscow train are supplied to the metros of four cities – Kazan (Russia), Baku (Azerbaijan), Tashkent (Uzbekistan) and Minsk (Belarus).

    Most trains in the Moscow metro are serviced under a life cycle contract. These are the Oka, Moskva, Moskva-2020 and Moskva-2024 type trains. The manufacturer’s service company is responsible for timely and high-quality maintenance, train diagnostics, washing and daily cleaning, as well as the readiness of the trains to go on the line.

    Electric depot as part of the metro

    In addition to performing their main function – parking, scheduled maintenance and washing of rolling stock, electric depots are the basic enterprises of the Moscow Metro for the repair of electric trains and auxiliary production, and also serve to accommodate personnel and equipment of various services. In fact, the electric depot is the technological heart of the metro.

    Without the construction of new electric depots, the development of the metro is impossible; they are as important a part of the infrastructure as stations and tunnels.

    Since 2011, 13 electric depots have been built and reconstructed as part of the Moscow Metro development program. Thus, eight new ones appeared: Aminyevskoye, Brateevo, Likhobory, Mitino, Nizhegorodskoye, Rudnevo, Solntsevo and Yuzhnoye (Brateevo-2). They service trains on six lines, are equipped with all the necessary equipment and are ready for technical maintenance, periodic and unscheduled repairs of cars. Another five electric depots have been reconstructed. These are Vladykino, Vykhino, Pechatniki, Planernoye and Sokol.

    This year, the city plans to complete construction of the Stolbovo (Salaryevo) depot on the Sokolnicheskaya Line. Three more depots are to appear by 2030: Ilyinskoye for the Rublevo-Arkhangelskaya Line, Biryulevskoye for the Biryulevskaya Line, and Troitskoye for the Troitskaya Line.

    Sergei Sobyanin: The first metro train arrived at the Stolbovo electric depot under constructionWhere trains spend the night: how metro cars are serviced and repaired at the Krasnaya Presnya depot

    Electric depot “Yuzhnoye”

    The Yuzhnoye electric depot is the largest in Russia and one of the largest complexes in Europe for the repair, maintenance and operation of wagons.

    The Zamoskvoretskaya Line is one of the longest and most popular in the Moscow metro. From 24 stations on the green line, you can make 19 transfers to other metro lines, the Moscow Central Circle (MCC) and the Moscow Central Diameters (MCD). More than 880 thousand trips are made on the line every day. At the most popular times, trains run at intervals of 1.6 minutes.

    The last 10 years have been a time of dynamic development of the Zamoskvoretskaya line. From 2015 to 2018, new stations “Tekhnopark”, “Khovrino” and “Belomorskaya” were opened, which improved transport accessibility of five districts of the capital: Khovrino, Levoberezhny, Zapadnoye Degunino, Nagatinsky Zaton and Danilovsky.

    In 2023, new tunnels were built in record time on the Kantemirovskaya-Tsaritsyno section. Last year, the first Moskva-2024 train entered service on the Zamoskvoretskaya Line, which marked the beginning of the rolling stock renewal process.

    Passengers on the Zamoskvoretskaya Line are transported by 78 trains (624 cars), including 30 trains (240 cars) “Moscow-2024”. On May 21, 2025, another 10 of these most modern trains in the world entered service. Thus, more than 50 percent of the rolling stock on the Zamoskvoretskaya Line has been updated. The process on the green line is planned to be completed in 2025-2026. Both modern Russian “Moscow-2024” trains and the newest “Moscow-2026” trains will run on it. More than 1.8 million residents of 21 districts through which the Zamoskvoretskaya Line passes will receive new and modern rolling stock – their trips will become much more comfortable.

    Until 2021, the trains of the Zamoskvoretskaya line were serviced by the Sokol (since 1938), Zamoskvoretskoye (since 1969) and Brateevo (since 2014) electric depots.

    However, in 2021, the Zamoskvoretskoye depot was transferred to service the rolling stock of the Big Circle Line of the metro, and now it fully serves the needs of the BCL, and also temporarily accepts trains of the Troitskaya Line.

    To replace the decommissioned capacities in the south of Moscow, a new electric depot, Yuzhnoye (Brateevo-2), was built next to the existing depot. As a result, the largest in Russia and one of the largest in Europe infrastructure complexes for the maintenance, repair and operation of metro cars was formed.

    “Together with the wagon repair plant, the Yuzhnoye electric depot has surpassed the previous record holder, the Mitino depot, in terms of scale. 46 buildings and structures have been built in Yuzhnoye, and the most modern and technologically advanced equipment has been installed: servicing of trains on the Zamoskvoretskaya line will be fast and high-quality. At the same time, the neighboring wagon repair plant will focus on major and medium repairs of wagons from all over the metro,” Sergei Sobyanin wrote in his

    telegram channel.

    Source: Sergei Sobyanin’s Telegram channel @mos_sobyanin

    In the new Yuzhnoye depot, on a site of 13.6 hectares, buildings and structures with a total area of 77.3 thousand square meters were constructed, including a storage and repair building, a motor depot and an electrical centralization post, a compressor station, a warehouse, an administrative and household building and other structures – a total of 46 buildings for various purposes.

    The total length of the tracks at the Yuzhnoye depot is about 6.2 kilometers, which can be compared with the section between the Krylatskoye and Strogino stations, the longest in the Moscow Metro.

    After reaching its design capacity, the enterprise will create approximately 1.3 thousand jobs.

    Along with the modern carriages, a service company from the manufacturer arrived at the Yuzhnoye depot, which will service the new rolling stock (trains Moscow-2024 and Moscow-2026) under a life cycle contract for 30 years of operation.

    The staff was provided with the most favorable conditions for efficient work and good rest.

    The administrative building has a canteen for 160 people. The locomotive crews’ rest rooms are organized like hotel rooms, and the blocks are equipped with bathrooms. Separate comfortable rooms are provided for female drivers.

    There are currently 130 female drivers and assistant drivers working in the Moscow Metro. In addition, about 50 women are undergoing training in the profession. It is planned that female drivers will soon begin working on the Zamoskvoretskaya Line.

    The medical service includes pre-trip examination rooms, a doctor, a medical psychologist, a treatment room, a vaccination room, and a recovery room.

    There are also a sports hall and a gym with a physical education instructor’s office, an assembly hall and utility rooms (laundry, ironing, storage rooms for special clothing).

    After the commissioning of the Yuzhnoye depot, it took over the functions of servicing the Zamoskvoretskaya line, including the new Moscow-2024 series trains, which began carrying passengers in March 2024.

    At the same time, the Brateevo depot will become the main car repair complex of the Moscow Metro. Its capacity allows repairing the rolling stock of the Zamoskvoretskaya line, as well as carrying out technically complex repairs of cars of the Nomernoy and Rusich types from other metro lines. In total, up to 850 cars, 8.5 thousand wheels and more than 6.4 thousand engines per year – a record for similar facilities in Russia.

    The wagon repair complex will not only be the largest, but also the most modern, with a high level of automation – a conveyor for moving wheel pairs, electric bogies, and CNC machines.

    In terms of its scale, the new infrastructure complex, consisting of the Yuzhnoye depot and a wagon repair plant, has surpassed the previous record holder, the Mitino electric depot, which until now was the largest in Russia in terms of capacity. The total area of the complex is 32.2 hectares. The capacity of the complex allows servicing up to 2.4 thousand wagons per year.

    Main characteristics of the new infrastructure complex

    Depot “Yuzhnoye”:

    — capacity — 34 seats for trains;

    — night storage — 25 places;

    — washing — 12 compositions per day;

    — operational maintenance — 30 trains per day;

    — technical maintenance — four trains per day;

    — turning of wheel pairs — three cars per day;

    — current repairs — three trains per month;

    — jobs — about 1.3 thousand;

    — the total length of the tracks is 6.2 kilometers.

    Wagon repair complex “Brateevo”:

    — capacity — 11 seats for trains;

    — the total length of the tracks is 7.1 kilometers;

    — major repairs — 300 cars per year;

    — average repairs — 550 cars per year;

    — repair of traction electric motors — 6.4 thousand units per year;

    — wheel sets — 8.5 thousand pieces per year;

    — motor-compressors — two thousand pieces per year.

    Please note: This information is raw content directly from the source of the information. It is exactly what the source states and does not reflect the position of MIL-OSI or its clients.

    Please Note; This Information is Raw Content Directly from the Information Source. It is access to What the Source Is Stating and Does Not Reflect

    https: //vv.mos.ru/mayor/tkhemes/12781050/

    MIL OSI Russia News

  • MIL-OSI: GraniteShares launches new YieldBoost ETFs on NVIDIA (NVYY) and Bitcoin (XBTY)

    Source: GlobeNewswire (MIL-OSI)

    NEW YORK, May 21, 2025 (GLOBE NEWSWIRE) — GraniteShares, an ETF issuer specializing in high conviction ETFs, announced that it is launching two ETFs to add to its existing YieldBOOST lineup – the GraniteShares YieldBOOST NVDA ETF (NVYY) and the GraniteShares YieldBOOST Bitcoin ETF (XBTY).

    The GraniteShares YieldBOOST NVDA ETF (NVYY) is designed to generate income from options1 strategies linked to 2x Long NVDA Daily ETF. To generate income, NVYY sells put options2 on leveraged ETFs linked to 2x Long NVDA Daily ETF.

    The GraniteShares YieldBOOST Bitcoin ETF (XBTY) is designed to generate income from options1 strategies linked to 2x Long Bitcoin Daily ETF. To generate income, XBTY sells put options2 on leveraged ETFs linked to 2x Long Bitcoin Daily ETF.

    FUND NAME TICKER CUSIP
    GraniteShares YieldBOOST NVDA ETF NVYY 38747R637
    GraniteShares YieldBOOST Bitcoin ETF XBTY 38747R421
         

    “We are excited to launch the newest additions to our YieldBOOST options income suite,” said Will Rhind, Founder and CEO of GraniteShares. “The GraniteShares YieldBOOST NVDA ETF (NVYY) and the GraniteShares YieldBOOST Bitcoin ETF (XBTY) will seek to generate income from selling put options on their respective underlying leveraged ETFs.”

    Other existing YieldBOOST ETFs include the GraniteShares YieldBOOST SPY ETF (YSPY), the GraniteShares YieldBOOST QQQ ETF (TQQY) and the GraniteShares YieldBOOST TSLA ETF (TSYY).

    For more information, please visit: www.graniteshares.com.

    About GraniteShares:

    GraniteShares is an entrepreneurial ETF provider focused on high-conviction investment solutions. The firm offers a range of ETFs spanning leveraged, inverse, and high-yield strategies, empowering investors with differentiated tools for portfolio construction. Founded in 2016, GraniteShares has grown rapidly by delivering cutting-edge solutions tailored to modern market needs. For more information, visit www.graniteshares.com.

    Source: GraniteShares

    1An option is a contract that gives the holder the right, but not the obligation to buy or sell a specific asset at a predetermined price on or before a specified date. Options are a type of derivative, meaning their value is derived from the underlying asset.

    2A put option is a contract that gives the buyer the right, but not the obligation, to sell an underlying asset at a specified price by or on a specific date.

    RISK FACTORS & IMPORTANT INFORMATION

    Please see the funds’ prospectus for more details – https://graniteshares.com/media/u5odudej/graniteshares-etf-trust-prospectus-yb.pdf.

    Investors should consider the investment objectives, risks, charges and expenses carefully before investing. For a prospectus or summary prospectus with this and other information about the Funds, please call (844) 476 8747 or visit www.graniteshares.com. Read the prospectus or summary prospectus carefully before investing.

    The investment program of the Funds is speculative, entails substantial risks and include asset classes and investment techniques not employed by more traditional mutual funds.

    PRINCIPAL RISKS OF INVESTING IN THE FUND

    The principal risks of investing in the Fund are summarized below. As with any investment, there is a risk that you could lose all or a portion of your investment in the Fund. Each risk summarized below is considered a “principal risk” of investing in the Fund, regardless of the order in which it appears. Some or all of these risks may adversely affect the Fund’s net asset value per share (“NAV”), trading price, yield, total return and/or ability to meet its investment objectives. For more information about the risks of investing in the Fund, see the section in the Fund’s Prospectus titled “Additional Information About the Fund — Principal Risks of Investing in the Fund.”

    The Underlying NVDA ETF Risk. The Fund invests in options contracts that are based on the value of the Underlying NVDA ETF shares. This subjects the Fund to certain of the same risks as if it owned shares of the Underlying NVDA ETF, even though it may not. By virtue of the Fund’s investments in options contracts that are based on the value of the Underlying NVDA ETF shares, the Fund may also be subject to the following risks:

    Effects of Compounding and Market Volatility Risk. The Underlying NVDA ETF shares’ performance for periods greater than a trading day will be the result of each day’s returns compounded over the period, which is likely to differ from 200% of the Underlying Stock’s performance, before fees and expenses. Compounding has a significant impact on funds that are leveraged and that rebalance daily. The impact of compounding becomes more pronounced as volatility and holding periods increase and will impact each shareholder differently depending on the period of time an investment in the Underlying NVDA ETF is held and the volatility of the Underlying Stock during the shareholder’s holding period of an investment in the Underlying NVDA ETF.

    Leverage Risk. The Underlying NVDA ETF obtains investment exposure in excess of its net assets by utilizing leverage and may lose more money in market conditions that are adverse to its investment objective than a fund that does not utilize leverage. An investment in the Underlying NVDA ETF is exposed to the risk that a decline in the daily performance of the Underlying Stock will be magnified. This means that an investment in the Underlying NVDA ETF will be reduced by an amount equal to 2% for every 1% daily decline in the Underlying Stock, not including the costs of financing leverage and other operating expenses, which would further reduce its value. The Underlying NVDA ETF could lose an amount greater than its net assets in the event of an Underlying Stock decline of more than 50%.

    Derivatives Risk. Derivatives are financial instruments that derive value from the underlying reference asset or assets, such as stocks, bonds, or funds (including ETFs), interest rates or indexes. Investing in derivatives may be considered aggressive and may expose the Underlying NVDA ETF to greater risks, and may result in larger losses or smaller gains, than investing directly in the reference assets underlying those derivatives, which may prevent the Underlying NVDA ETF from achieving its investment objective.

    Counterparty Risk. If a counterparty is unwilling or unable to make timely payments to meet its contractual obligations or fails to return holdings that are subject to the agreement with the counterparty resulting in the Underlying NVDA ETF losing money or not being able to meet its daily leveraged investment objective.

    Industry Concentration Risk. The performance of the Underlying Stock, and consequently the Underlying NVDA ETF’s performance, is subject to the risks of the semiconductor industry. The Underlying Stock is subject to many risks that can negatively impact its revenue and viability including, but are not limited to price volatility risk, management risk, inflation risk, global economic risk, growth risk, supply and demand risk, operations risk, regulatory risk, environmental risk, terrorism risk and the risk of natural disasters. The Underlying Stock performance may be affected by NVIDIA Corporation’s ability to identify new products, technologies or services, global competition and business conditions, its dependence on third-party product manufacturers, product defect issues, cybersecurity breaches, and customer concentration. The Underlying Stock may also be affected by risks that affect the broader technology industry, including: government regulation; dramatic and often unpredictable changes in growth rates and competition for qualified personnel; heavy dependence on patent and intellectual property rights, the loss or impairment of which may adversely affect profitability; and a small number of companies representing a large portion of the technology sector as a whole. The Fund’s daily returns may be affected by many factors but will depend on the performance and volatility of the Underlying Stock.

    Indirect Investments in the Underlying NVDA ETF. Investors in the Fund will not have rights to receive dividends or other distributions or any other rights with respect to the Underlying NVDA ETF but will be subject to declines in the performance of the Underlying NVDA ETF. Although the Fund invests in the Underlying NVDA ETF only indirectly, the Fund’s investments are subject to loss as a result of these risks.

    Derivatives Risk. Derivatives are financial instruments that derive value from the underlying reference asset or assets, such as stocks, bonds, or funds, interest rates or indexes. The Fund’s investments in derivatives may pose risks in addition to, and greater than, those associated with directly investing in securities or other ordinary investments, including risk related to the market, imperfect correlation with underlying investments, higher price volatility, lack of availability, counterparty risk, liquidity, valuation and legal restrictions. The use of derivatives is a highly specialized activity that involves investment techniques and risks different from those associated with ordinary portfolio securities transactions. The use of derivatives may result in larger losses or smaller gains than directly investing in securities. When the Fund uses derivatives, there may be an imperfect correlation between the value of the Underlying NVDA ETF and the derivative, which may prevent the Fund from achieving its investment objectives. Because derivatives often require only a limited initial investment, the use of derivatives may expose the Fund to losses in excess of those amounts initially invested. In addition, the Fund’s investments in derivatives are subject to the following risks:

    • Options Contracts. The use of options contracts involves investment strategies and risks different from those associated with ordinary portfolio securities transactions. The prices of options are volatile and are influenced by, among other things, actual and anticipated changes in the value of the underlying instrument, including the anticipated volatility, which are affected by fiscal and monetary policies and by national and international political, changes in the actual or implied volatility or the reference asset, the time remaining until the expiration of the option contract and economic events. For the Fund, in particular, the value of the options contracts in which it invests is substantially influenced by the value of the Underlying NVDA ETF. Selling put options exposes the Fund to the risk of potential loss if the market value of the Underlying NVDA ETF falls below the strike price before the option expires. The Fund may experience substantial downside from specific option positions and certain option positions held by the Fund may expire worthless. As an option approaches its expiration date, its value typically increasingly moves with the value of the underlying instrument. However, prior to such date, the value of an option generally does not increase or decrease at the same rate at the underlying instrument. There may at times be an imperfect correlation between the movement in values of options contracts and the underlying instrument, and there may at times not be a liquid secondary market for certain options contracts. The value of the options held by the Fund will be determined based on market quotations or other recognized pricing methods. Additionally, the Fund’s practice of “rolling” may cause the Fund to experience losses if the expiring contracts do not generate proceeds enough to cover the costs of entering into new options contracts. Rolling refers to the practice of closing out one options position and opening another with a different expiration date and/or a different strike price. Further, if an option is exercised, the seller (writer) of a put option is obligated to purchase the underlying asset at the strike price, which can result in significant financial and regulatory obligations for the Fund if the market value of the asset has fallen substantially. Furthermore, when the Fund seeks to trade out of puts, especially near expiration, there is an added risk that the Fund may be required to allocate resources unexpectedly to fulfill these obligations. This potential exposure to physical settlement can significantly impact the Fund’s liquidity and market exposure, particularly in volatile market conditions.
    • Swap Risk: Swaps are subject to tracking risk because they may not be perfect substitutes for the instruments they are intended to hedge or replace. Over the counter swaps are subject to counterparty default. Leverage inherent in derivatives will tend to magnify the Fund’s losses. The swap agreements may reference standardized exchange-traded, FLEX, European Style or American Style put options contracts that are based on the values of the price returns of the Underlying ETF. that generate specific risks.

    Affiliated Fund Risk. In managing the Fund, the Adviser has the ability to select the Underlying NVDA ETF and substitute the Underlying NVDA ETF with other ETFs that it believes will achieve the Fund’s objective. The Adviser may be subject to potential conflicts of interest in selecting the Underlying NVDA ETF and substituting the Underlying NVDA ETF with other ETFs because the fees paid to the Adviser by some Underlying NVDA ETF may be higher than the fees charged by other Underlying NVDA ETF.

    Counterparty Risk. The Fund is subject to counterparty risk by virtue of its investments in options contracts. Transactions in some types of derivatives, including options, are required to be centrally cleared (“cleared derivatives”). In a transaction involving cleared derivatives, the Fund’s counterparty is a clearing house rather than a bank or broker. Since the Fund is not a member of clearing houses and only members of a clearing house (“clearing members”) can participate directly in the clearing house, the Fund will hold cleared derivatives through accounts at clearing members. In cleared derivatives positions, the Fund will make payments (including margin payments) to and receive payments from a clearing house through their accounts at clearing members. Customer funds held at a clearing organization in connection with any options contracts are held in a commingled omnibus account and are not identified to the name of the clearing member’s individual customers. As a result, assets deposited by the Fund with any clearing member as margin for options may, in certain circumstances, be used to satisfy losses of other clients of the Fund’s clearing member. In addition, although clearing members guarantee performance of their clients’ obligations to the clearing house, there is a risk that the assets of the Fund might not be fully protected in the event of the clearing member’s bankruptcy, as the Fund would be limited to recovering only a pro rata share of all available funds segregated on behalf of the clearing member’s customers for the relevant account class. The Fund is also subject to the risk that a limited number of clearing members are willing to transact on the Fund’s behalf, which heightens the risks associated with a clearing member’s default. If a clearing member defaults the Fund could lose some or all of the benefits of a transaction entered into by the Fund with the clearing member. If the Fund cannot find a clearing member to transact with on the Fund’s behalf, the Fund may be unable to effectively implement its investment strategy. In addition, a counterparty (the other party to a transaction or an agreement or the party with whom the Fund executes transactions) to a transaction (including repurchase transaction) with the Fund may be unable or unwilling to make timely principal, interest or settlement payments, or otherwise honor its obligations.

    Price Participation Risk. The Fund employs an investment strategy that includes the sale of in-the-money put options contracts, which limits the degree to which the Fund will participate in increases in value experienced by the Underlying NVDA ETF over the Call Period. This means that if the Underlying NVDA ETF experiences an increase in value above the strike price of the sold put options during a Call Period, the Fund will likely not experience that increase to the same extent and may significantly underperform the Underlying NVDA ETF over the Call Period. Additionally, because the Fund is limited in the degree to which it will participate in increases in value experienced by the Underlying NVDA ETF over each Call Period, but has full exposure to any decreases in value experienced by the Underlying NVDA ETF over the Call Period, the NAV of the Fund may decrease over any given time period. The Fund’s NAV is dependent on the value of each options portfolio, which is based principally upon the performance of the Underlying NVDA ETF. The degree of participation in the Underlying NVDA ETF gains the Fund will experience will depend on prevailing market conditions, especially market volatility, at the time the Fund enters into the sold put options contracts and will vary from Call Period to Call Period. The value of the options contracts is affected by changes in the value and dividend rates of the Underlying NVDA ETF, changes in interest rates, changes in the actual or perceived volatility of the Underlying NVDA ETF and the remaining time to the options’ expiration, as well as trading conditions in the options market. As the price of the Underlying NVDA ETF share changes and time moves towards the expiration of each Call Period, the value of the options contracts, and therefore the Fund’s NAV, will change. However, it is not expected for the Fund’s NAV to directly correlate on a day-to-day basis with the returns of the Underlying NVDA ETF share price. The amount of time remaining until the options contract’s expiration date affects the impact of the potential options contract income on the Fund’s NAV, which may not be in full effect until the expiration date of the Fund’s options contracts. Therefore, while changes in the price of the Underlying NVDA ETF share will result in changes to the Fund’s NAV, the Fund generally anticipates that the rate of change in the Fund’s NAV will be different than that experienced by the Underlying NVDA ETF share price.

    Distribution Risk. As part of the Fund’s investment objective, the Fund seeks to provide current monthly income. There is no assurance that the Fund will make a distribution in any given month. If the Fund makes distributions, the amounts of such distributions will likely vary greatly from one distribution to the next. Additionally, the monthly distributions, if any, may consist of returns of capital, which would decrease the Fund’s NAV and trading price over time. As a result, an investor may suffer significant losses to their investment.

    NAV Erosion Risk Due to Distributions. When the Fund makes a distribution, the Fund’s NAV will typically drop by the amount of the distribution on the related ex-dividend date. The repeated payment of distributions by the Fund, if any, may significantly erode the Fund’s NAV and trading price over time. As a result, an investor may suffer significant losses to their investment.

    Put Writing Strategy Risk. The path dependency (i.e., the continued use) of the Fund’s put writing strategy will impact the extent that the Fund participates in the positive price returns of the Underlying NVDA ETF and, in turn, the Fund’s returns, both during the term of the sold put options and over longer time periods. 187 If, for example, the Fund were to sell 10% in-the-money put options having a one-month term, the Fund’s participation in the positive price returns of the Underlying NVDA ETF will be capped at 10% for that month. However, over a longer period (e.g., a three-month period), the Fund should not be expected to participate fully in the first 30% (i.e., 3 months x 10%) of the positive price returns of the Underlying NVDA ETF, or the Fund may even lose money, even if the Underlying NVDA ETF share price has appreciated by at least that much over such period, if during any particular month or months over that period the Underlying NVDA ETF had a return less than 10%. This example illustrates that both the Fund’s participation in the positive price returns of the Underlying NVDA ETF and its returns will depend not only on the price of the Underlying NVDA ETF but also on the path that the Underlying NVDA ETF takes over time.

    If, for example, the Fund were to sell 5% out-of-the-money put options having a one-week term, the Fund’s downward protection against the negative price returns of the Underlying NVDA ETF will be capped at 5% for that week. However, over a longer period (e.g., a four-week period), the Fund should not be expected to be protected fully in the first 25% (i.e., 4 weeks x 5%) of the negative price returns of the Underlying NVDA ETF, and the Fund may lose money, even if the Underlying NVDA ETF share price has appreciated over such period, if during any particular week or weeks over that period the Underlying NVDA ETF share price had decreases by more than 5%. This example illustrates that both the Fund’s protection against the negative price returns of the Underlying NVDA ETF and its returns will depend not only on the price of the Underlying NVDA ETF but also on the path that the Underlying NVDA ETF takes over time.

    Under both cases the Fund may be fully exposed to the downward movements of the Underlying NVDA ETF, offset only by the premiums received from selling put contracts. The Fund does not seek to offer any downside protection, except for the fact that the premiums from the sold options may offset some or all of the Underlying NVDA ETF’s decline.

    Option Market Liquidity Risk. The trading activity in the option market of the Underlying NVDA ETF may be limited and the option contracts may trade at levels significantly different from their economic value. The lack of liquidity may negatively affect the ability of the Fund to achieve its investment objective. This risk may increase if the portfolio turnover is elevated, for instance because of frequent changes in the number of Shares outstanding, and if the net asset value of the Underlying NVDA ETF is modest. For the 12-month period ending September 30, 2024, the net asset value of the Underlying NVDA ETF ranged from $0.6m to $5,986m.

    Concentration Risk. To the extent that the Underlying NVDA ETF concentrates its investments in a particular industry, the Fund will be subject to the risks associated with that industry.

    ETF Risks.

    Authorized Participants, Market Makers, and Liquidity Providers Concentration Risk. The Fund has a limited number of financial institutions that are authorized to purchase and redeem Shares directly from the Fund (known as “Authorized Participants” or “APs”). In addition, there may be a limited number of market makers and/or liquidity providers in the marketplace. To the extent either of the following events occur, Shares may trade at a material discount to NAV and possibly face delisting: (i) APs exit the business or otherwise become unable to process creation and/or redemption orders and no other APs step forward to perform these services; or (ii) market makers and/or liquidity providers exit the business or significantly reduce their business activities and no other entities step forward to perform their functions.

    Cash Redemption Risk. The Fund currently expects to affect a significant portion of its creations and redemptions for cash, rather than in-kind securities. Paying redemption proceeds in cash rather than through in-kind delivery of portfolio securities may require the Fund to dispose of or sell portfolio securities or other assets at an inopportune time to obtain the cash needed to meet redemption orders. This may cause the Fund to sell a security and recognize a capital gain or loss that might not have been incurred if it had made a redemption in-kind. As a result, the Fund may pay out higher or lower annual capital gains distributions than ETFs that redeem in-kind. The use of cash creations and redemptions may also cause the Fund’s Shares to trade in the market at greater bid-ask spreads or greater premiums or discounts to the Fund’s NAV. Furthermore, the Fund may not be able to execute cash transactions for creation and redemption purposes at the same price used to determine the Fund’s NAV. To the extent that the maximum additional charge for creation or redemption transactions is insufficient to cover the execution shortfall, the Fund’s performance could be negatively impacted.

    Costs of Buying or Selling Shares. Due to the costs of buying or selling Shares, including brokerage commissions imposed by brokers and bid-ask spreads, frequent trading of Shares may significantly reduce investment results and an investment in Shares may not be advisable for investors who anticipate regularly making small investments.

    Shares May Trade at Prices Other Than NAV. As with all ETFs, Shares may be bought and sold in the secondary market at market prices. Although it is expected that the market price of Shares will approximate the Fund’s NAV, there may be times when the market price of Shares is more than the NAV intra-day (premium) or less than the NAV intra-day (discount) due to supply and demand of Shares or during periods of market volatility. This risk is heightened in times of market volatility, periods of steep market declines, and periods when there is limited trading activity for Shares in the secondary market, in which case such premiums or discounts may be significant.

    Trading. Although Shares are listed on a national securities exchange, such as The Nasdaq Stock Market, LLC (the “Exchange”), and may be traded on U.S. exchanges other than the Exchange, there can be no assurance that an active trading market for the Shares will develop or be maintained or that the Shares will trade with any volume, or at all, on any stock exchange. This risk may be greater for the Fund as it seeks to have exposure to a single underlying stock as opposed to a more diverse portfolio like a traditional pooled investment. In stressed market conditions, the liquidity of Shares may begin to mirror the liquidity of the Fund’s underlying portfolio holdings, which can be significantly less liquid than Shares. Shares trade on the Exchange at a market price that may be below, at or above the Fund’s NAV. Trading in Shares on the Exchange may be halted due to market conditions or for reasons that, in the view of the Exchange, make trading in Shares inadvisable. In addition, trading in Shares on the Exchange is subject to trading halts caused by extraordinary market volatility pursuant to the Exchange “circuit breaker” rules. There can be no assurance that the requirements of the Exchange necessary to maintain the listing of the Fund will continue to be met or will remain unchanged. In the event of an unscheduled market close for options contracts that reference a single stock, such as the Underlying NVDA ETF’s securities being halted or a market wide closure, settlement prices will be determined by the procedures of the listing exchange of the options contracts. As a result, the Fund could be adversely affected and be unable to implement its investment strategies in the event of an unscheduled closing.

    High Portfolio Turnover Risk. The Fund may actively and frequently trade all or a significant portion of the Fund’s holdings. A high portfolio turnover rate increases transaction costs, which may increase the Fund’s expenses. Frequent trading may also cause adverse tax consequences for investors in the Fund due to an increase in short-term capital gains.

    Inflation Risk. Inflation risk is the risk that the value of assets or income from investments will be less in the future as inflation decreases the value of money. As inflation increases, the present value of the Fund’s assets and distributions, if any, may decline.

    Liquidity Risk. Some securities held by the Fund, including options contracts, may be difficult to sell or be illiquid, particularly during times of market turmoil. This risk is greater for the Fund as it will hold options contracts on a single security, and not a broader range of options contracts. Markets for securities or financial instruments could be disrupted by a number of events, including, but not limited to, an economic crisis, natural disasters, epidemics/pandemics, new legislation or regulatory changes inside or outside the United States. Illiquid securities may be difficult to value, especially in changing or volatile markets. If the Fund is forced to sell an illiquid security at an unfavorable time or price, the Fund may be adversely impacted. Certain market conditions or restrictions, such as market rules related to short sales, may prevent the Fund from limiting losses, realizing gains or achieving a high correlation with the Underlying NVDA ETF. There is no assurance that a security that is deemed liquid when purchased will continue to be liquid. Market illiquidity may cause losses for the Fund.

    Management Risk. The Fund is subject to management risk because it is an actively managed portfolio. In managing the Fund’s investment portfolio, the portfolio managers will apply investment techniques and risk analyses that may not produce the desired result. There can be no guarantee that the Fund will meet its investment objective.

    Money Market Instrument Risk. The Fund may use a variety of money market instruments for cash management purposes, including money market funds, depositary accounts and repurchase agreements. Repurchase agreements are contracts in which a seller of securities agrees to buy the securities back at a specified time and price. Repurchase agreements may be subject to market and credit risk related to the collateral securing the repurchase agreement. Money market instruments, including money market funds, may lose money through fees or other means.

    New Fund Risk. The Fund is a recently organized management investment company with no operating history. As a result, prospective investors do not have a track record or history on which to base their investment decisions.

    Non-Diversification Risk. Because the Fund is “non-diversified,” it may invest a greater percentage of its assets in the securities of a single issuer or a smaller number of issuers than if it was a diversified fund. As a result, a decline in the value of an investment in a single issuer or a smaller number of issuers could cause the Fund’s overall value to decline to a greater degree than if the Fund held a more diversified portfolio.

    Operational Risk. The Fund is subject to risks arising from various operational factors, including, but not limited to, human error, processing and communication errors, errors of the Fund’s service providers, counterparties or other third-parties, failed or inadequate processes and technology or systems failures. The Fund relies on third-parties for a range of services, including custody. Any delay or failure relating to engaging or maintaining such service providers may affect the Fund’s ability to meet its investment objective. Although the Fund, Adviser, and Sub-Adviser seek to reduce these operational risks through controls and procedures, there is no way to completely protect against such risks.

    Recent Market Events Risk. U.S. and international markets have experienced significant periods of volatility in recent years and months due to a number of economic, political and global macro factors including the impact of COVID-19 as a global pandemic, which has resulted in a public health crisis, disruptions to business operations and supply chains, stress on the global healthcare system, growth concerns in the U.S. and overseas, staffing shortages and the inability to meet consumer demand, and widespread concern and uncertainty. The global recovery from COVID-19 is proceeding at slower than expected rates due to the emergence of variant strains and may last for an extended period of time. Continuing uncertainties regarding interest rates, rising inflation, political events, rising government debt in the U.S. and trade tensions also contribute to market volatility. Conflict, loss of life and disaster connected to ongoing armed conflict between Ukraine and Russia in Europe and Israel and Hamas in the Middle East could have severe adverse effects on the region, including significant adverse effects on the regional or global economies and the markets for certain securities. The U.S. and the European Union have imposed sanctions on certain Russian individuals and companies, including certain financial institutions, and have limited certain exports and imports to and from Russia. The war has contributed to recent market volatility and may continue to do so.

    Single Issuer Risk. Issuer-specific attributes may cause an investment in the Fund to be more volatile than a traditional pooled investment vehicle which diversifies risk or the market generally. The value of the Fund, which focuses on an individual security (the Underlying NVDA ETF), may be more volatile than a traditional pooled investment or the market as a whole and may perform differently from the value of a traditional pooled investment or the market as a whole.

    Tax Risk. The Fund intends to elect and to qualify each year to be treated as a RIC under Subchapter M of the Code. As a RIC, the Fund will not be subject to U.S. federal income tax on the portion of its net investment income and net capital gain that it distributes to Shareholders, provided that it satisfies certain requirements of the Code. If the Fund does not qualify as a RIC for any taxable year and certain relief provisions are not available, the Fund’s taxable income will be subject to tax at the Fund level and to a further tax at the shareholder level when such income is distributed. To comply with the asset diversification test applicable to a RIC, the Fund will attempt to ensure that the value of the derivatives it holds is never 25% of the total value of Fund assets at the close of any quarter. If the Fund’s investments in the derivatives were to exceed 25% of the Fund’s total assets at the end of a tax quarter, the Fund, generally, has a grace period to cure such lack of compliance. If the Fund fails to timely cure, it may no longer be eligible to be treated as a RIC. In addition, distributions received by the Fund from the Underlying NVDA ETF may generate “bad income” that could prevent the Fund from meeting the “Income Requirement” of Subchapter M of the Code, which may cause the Fund to fail to qualify as a RIC.

    Investing in U.S. Equities Risk. Investing in U.S. issuers subjects the Fund to legal, regulatory, political, currency, security, and economic risks that are specific to the U.S. Certain changes in the U.S., such as a weakening of the U.S. economy or a decline in its financial markets, may have an adverse effect on U.S. issuers.

    U.S. Government and U.S. Agency Obligations Risk. The Fund may invest in securities issued by the U.S. government or its agencies or instrumentalities. U.S. Government obligations include securities issued or guaranteed as to principal and interest by the U.S. Government, its agencies or instrumentalities, such as the U.S. Treasury. Payment of principal and interest on U.S. Government obligations may be backed by the full faith and credit of the United States or may be backed solely by the issuing or guaranteeing agency or instrumentality itself. In the latter case, the investor must look principally to the agency or instrumentality issuing or guaranteeing the obligation for ultimate repayment, which agency or instrumentality may be privately owned. There can be no assurance that the U.S. Government would provide financial support to its agencies or instrumentalities (including government-sponsored enterprises) where it is not obligated to do so.

    Fixed Income Securities Risk. The market value of Fixed Income Securities will change in response to interest rate changes and other factors, such as changes in the effective maturities and credit ratings of fixed income investments. During periods of falling interest rates, the values of outstanding Fixed Income Securities and related financial instruments generally rise. Conversely, during periods of rising interest rates, the values of such securities and related financial instruments generally decline. Fixed Income Securities are also subject to credit risk.

    Investments in Fixed Income Securities may also involve the following risks, depending on the instrument involved:

    • Asset-Backed/Mortgage-Backed Securities Risk – The market value and yield of asset-backed and mortgage-backed securities can vary due to market interest rate fluctuations and early prepayments of underlying instruments.
    • Credit Risk – An investment in the Fund also involves the risk that the issuer of a Fixed Income Security that the Fund holds will fail to make timely payments of interest or principal or go bankrupt, or that the value of the securities will decline because of a market perception that the issuer may not make payments on time, thus potentially reducing the Fund’s return.
    • Event Risk – Event risk is the risk that corporate issuers may undergo restructurings, such as mergers, leveraged buyouts, takeovers, or similar events financed by increased debt. As a result of the added debt, the credit quality and market value of a company’s bonds and/or other debt securities may decline significantly.
    • Extension Risk – Payment on the loans underlying Fixed Income Securities held by the Fund may be made more slowly when interest rates are rising.
    • Interest Rate Risk – Generally, the value of Fixed Income Securities will change inversely with changes in interest rates. As interest rates rise, the market value of Fixed Income Securities tends to decrease. Conversely, as interest rates fall, the market value of Fixed Income Securities tends to increase. This risk will be greater for long-term securities than for short-term securities. In recent periods, governmental financial regulators, including the U.S. Federal Reserve, have taken steps to maintain historically low interest rates. Very low or negative interest rates may magnify interest rate risk. Changes in government intervention may have adverse effects on investments, volatility, and illiquidity in debt markets.
    • Prepayment Risk – When interest rates are declining, issuers of Fixed Income Securities held by the Fund may prepay principal earlier than scheduled.

    The Fund is distributed by ALPS Distributors, Inc, which is not affiliated with GraniteShares or any of its affiliates ©2024 GraniteShares Inc. All rights reserved. GraniteShares, GraniteShares Trusts, and the GraniteShares logo are registered and unregistered trademarks of GraniteShares Inc., in the United States and elsewhere. All other marks are the property of their respective owners.

    Media Contact:
    GraniteShares Inc.
    Attn: Media Relations
    222 Broadway, 21st Floor
    New York, NY 10038
    844-476-8747
    info@graniteshares.com

    The MIL Network

  • MIL-OSI Russia: The Soloma Festival will celebrate its 10th anniversary at the Moskino cinema park

    Translation. Region: Russian Federal

    Source: Moscow Government – Government of Moscow –

    The multi-genre festival “Soloma” will be held in the capital for the 10th time on June 7 and 8. This time it will be held on the central square of the Moskino cinema park. The event can be attended with entrance tickets to the cinema park. Musicians will perform from 14:00 to 22:00 every day of the festival.

    On June 7, the program will be opened by students of the Moscow State Conservatory named after P.I. Tchaikovsky. They will perform songs and compositions from famous Soviet and world films. In addition, guests will see performances by performers Sasha de Buryak, Flora and Minaeva, musician Anton Lavrentyev, the group Ubel and participants of the multi-genre musical project “Tima is looking for light”.

    On the second day of the festival, guests will meet the performer Alena Samartseva, the groups Dreams Shadow, Shoo and “Elli na makovom pole”, as well as the participants of the musical project “Shaly”. At the end, the singer and songwriter Tosya Chaikina will perform.

    In addition, on June 7 and 8, guests of the Moskino cinema park will be treated to lessons from professional makeup artists, an inflatable trampoline for children, as well as ping-pong and mini-golf games. A food court with a variety of takeaway snacks will open on the central square.

    The Soloma festival has been opening new names to the general public for 10 years and giving young musicians the opportunity to present their work to a wider audience. In different years, such up-and-coming artists as Untone Chernov, Zavazalsky, Sasha Garahanov, as well as the groups Obe Dve, Neeeet, Ty Chko, Komnata Kultury and many others have performed at the venues.

    The festival is held with the support of the capital Department of Culture within the framework of the program “Summer in Moscow”. The event contributes to the implementation of the goals and objectives of the national project “Family” in Moscow.

    The play “Victory! The Banner over the Reichstag!” was seen by about seven thousand spectatorsSobyanin: Moskino Cinema Park has become one of the most popular filming locations

    The Moskino Cinema Park is part of the Moscow Mayor Sergei Sobyanin’s project “Moscow – City of Cinema” and an object of the Moscow cinema cluster, which is being developed by the capital Department of Culture. The first stage of creation has already been completed here: 24 natural sites, four pavilions and six infrastructure facilities have been built. Among them are the sets “Center of Moscow”, “Moscow of the 1940s”, “Vitebsk Station”, “Yurovo Airport”, “Cathedral Square of Moscow”, “Deaf Village”, “County Town”, “Cowboy Town”, “St. Petersburg Bar” and other sites.

    The Moscow Film Cluster is an infrastructure facility, services and facilities for filmmakers, which are being developed by the Moscow Government within the framework of the Moscow — City of Cinema project. Its structure includes the Moskino film park, the Gorky Film Studio (sites on Sergei Eisenstein Street and Valdaisky Proyezd), the Moskino film factory, the Moskino cinema chain, the film commission and the Moskino film platform.

    Get the latest news quicklyofficial telegram channel the city of Moscow.

    Please note: This information is raw content directly from the source of the information. It is exactly what the source states and does not reflect the position of MIL-OSI or its clients.

    Please Note; This Information is Raw Content Directly from the Information Source. It is access to What the Source Is Stating and Does Not Reflect

    https: //vv.mos.ru/nevs/ite/154142073/

    MIL OSI Russia News

  • MIL-OSI Russia: Amur Region Governor Expects to Expand Humanitarian Cooperation with China

    Translation. Region: Russian Federal

    Source: People’s Republic of China in Russian – People’s Republic of China in Russian –

    Source: People’s Republic of China – State Council News

    HARBIN, May 21 (Xinhua) — “In terms of humanitarian cooperation, the Amur Region is the leader among other Russian regions in the number of Russian-Chinese joint events, just like Heilongjiang Province is among Chinese regions. I very much hope that in the future we will be able to raise the level of these events by attracting additional partner regions from both sides,” Amur Region Governor Vasily Orlov said in an interview with Xinhua.

    He made the statement on the sidelines of the 34th Harbin International Economic and Trade Fair, which is being held in Harbin, the capital of Heilongjiang Province, northeast China, from May 17 to 21.

    “We have more than 200 events. They are held annually, there are very bright and iconic ones that have become the calling card of our cities – Blagoveshchensk and Heihe and the Amur Region and Heilongjiang Province,” explained V. Orlov.

    Among the above-mentioned events, the governor named the annual winter festival held on the ice of the Amur River (Heilongjiang River), which includes hockey matches, car rallies, and winter swimming competitions.

    “We have a number of regions that would like to act as partners in this event, and Heilongjiang Province will certainly also find such partners from the Chinese side,” noted V. Orlov.

    The Governor of the Amur Region highly praised the Harbin Winter Ice and Snow Festival. “It has become such a calling card that people from all over China come here to see it, but we have every chance that the winter festival in Blagoveshchensk and Heihe will be the same calling card and tourists will come there.”

    According to V. Orlov, there is colossal potential for tourism between Russia and China. “We are implementing several large logistics projects, including a cable car, the construction of which will be completed this year. Such a facility will give a serious boost to the growth of the tourist flow.”

    “We are further developing the theme of promoting tourism throughout Russia among Chinese tourists. We have built a new airport in Blagoveshchensk, built all the infrastructure for aircraft, and by the end of the year we will build an international passenger terminal. We are also actively working to develop the sector of flights from Blagoveshchensk to other cities of interest to Chinese tourists in Russia, such as Petropavlovsk-Kamchatsky, Irkutsk and to Baikal,” the governor noted.

    V. Orlov is also aware of the high demand and congestion of flights between Blagoveshchensk and Harbin. “We really hope that the number of such flights will increase so that they fly regularly between the two cities,” he summed up. -0-

    MIL OSI Russia News

  • MIL-OSI Russia: Jewelry from the Russian Ethnographic Museum’s collection on display in Hangzhou

    Translation. Region: Russian Federal

    Source: People’s Republic of China in Russian – People’s Republic of China in Russian –

    Source: People’s Republic of China – State Council News

    BEIJING, May 21 (Xinhua) — An exhibition of jewelry from the 18th-20th centuries from the collection of the Russian Ethnographic Museum, “Jewelry Box,” has opened at the West Lake Museum in Hangzhou, east China’s Zhejiang Province. The event is an important project within the framework of the China-Russia Cross-Culture Years, and will run until September 1 this year.

    The exhibition, organized by the West Lake Scenic Area Management Committee with the assistance of the above-mentioned two museums, displayed a total of 209 pieces/sets of jewelry and clothing, covering the unique artistic styles of nearly 40 ethnic groups in Russia, local media reported.

    It is reported that the exhibits presented at the exhibition are being shown in China for the first time. Among them are exquisitely painted ornaments of ethnic Russians, magnificent Siberian products, skillful ornaments from Central Asia, openwork ornaments by Caucasian craftsmen, etc.

    According to a senior official of the West Lake Museum, the current exhibition aims to create a model platform for dialogue between Chinese and Russian civilizations, thereby giving a sustainable impetus to humanitarian exchanges between the two countries.

    The exhibition is also part of the events marking the 20th anniversary of the establishment of the West Lake Museum. -0-

    MIL OSI Russia News

  • MIL-OSI Russia: Why are young Chinese marrying less often?

    Translation. Region: Russian Federal

    Source: People’s Republic of China in Russian – People’s Republic of China in Russian –

    Source: People’s Republic of China – State Council News

    BEIJING, May 21 (Xinhua) — A total of 1.81 million couples in China legalized their relationships in the first quarter of 2025, down 8 percent from the same period in 2024, according to data from the Ministry of Civil Affairs.

    After a nine-year decline, the country’s marriage rate briefly turned up in 2023. However, in 2024, the downward trend resumed, and the number of marriages fell to its lowest level since 1980.

    Experts attribute the overall decline to a decline in the number of people of marriageable age, changing Chinese attitudes about marriage and financial concerns associated with marriage.

    Demographer He Yafu, who has been tracking marriage data in the country for a long time, calculated based on data from the 7th National Population Census that in 2025, the number of women aged 15-49 in China will decrease by more than 16 million compared to 2020, among which the number of women aged 20-39 will decrease by more than 14 million. At the same time, according to the census data, there were 17.52 million more men of marriageable age (20 to 40 years old) in China than women.

    Li Ting, a population expert at Renmin University of China, said higher levels of education and a growing sense of individualism had combined to significantly change traditional Chinese views on marriage.

    “Nowadays, master’s students are usually 25 or 26 years old when they graduate, and doctoral graduates are usually around 30 or older. If they work for a few years, they will become even older and will postpone marriage until later,” said Tan Kejian, a research fellow at the Shanxi Academy of Social Sciences in northern China.

    “In the past, young people often got married around the time they finished their studies or started working, but now many do not think about marriage, or only if they plan to have children,” Li Ting added.

    According to the 2020 China Census Yearbook, the average age at first marriage in China was 28.67 years old, up nearly four years from 24.89 years in 2010. And the figure is still rising. Official data showed that among those in their 30s, the proportion of those who have never married rose from 14.56 percent in 2014 to 29.97 percent in 2024.

    Moreover, for some young people, celibacy is their voluntary choice.

    As one netizen put it on the popular microblogging site Weibo: “If I were married, there’s no way I could enjoy the freedom I have now.” Another commented: “If I can’t find the right person, I’d rather stay single than settle down.”

    Other Weibo users pointed out the difficulties of life, noting that raising a child can be a grueling process that often involves the entire family, including parents on both sides.

    Sociologist Li Yinhe believes that the growing number of single people is closely linked to the country’s ongoing processes of urbanization and modernization.

    “In the past, women who were not married often had no means of support. But today, women are quite capable of earning their own living and no longer have to rely on men. As a result, the desire to marry has significantly decreased compared to earlier times,” she explained.

    While Chinese society has become more accepting of single people, the decline in new marriages has also led to a decline in the birth rate, a trend that is causing growing public concern.

    In response to these changes, Chinese authorities have introduced various incentives to create a society that is friendly to newlyweds.

    Earlier in April, the government revised the rules for registering marriages, reducing the amount of paperwork and giving couples more freedom to choose where to register their union. The new rules came into force on May 10 this year.

    Some parts of China have already begun offering incentives for getting married. In a village in the southern city of Guangzhou, Guangdong Province, newlyweds can apply for a bonus of up to 40,000 yuan (about $5,490), while the northern city of Lüliang, Shanxi Province, is offering 1,500 yuan to women who marry before age 35. In east China’s Zhejiang Province, paid leave for marriage has been extended from three to 13 days.

    China is also increasingly offering conveniences to single young people as a “single person economy” gradually takes shape.

    Restaurants are offering single-serving meals, the market for single-occupancy apartments is booming, and small appliances and compact kitchenware are gaining popularity. Services such as solo travel and one-person wedding photo shoots are also on the rise.

    Li Ting noted that over the past three decades, the number of people choosing to remain single for life in countries such as the Republic of Korea and Japan has steadily increased, and this trend may well reflect the future of marriage in China. -0-

    MIL OSI Russia News

  • MIL-OSI Russia: China-Kazakhstan friendly chess match held in Tacheng

    Translation. Region: Russian Federal

    Source: People’s Republic of China in Russian – People’s Republic of China in Russian –

    Source: People’s Republic of China – State Council News

    URUMQI, May 21 (Xinhua) — A friendly chess match between China and Kazakhstan was held recently in Tacheng City, northwest China’s Xinjiang Uygur Autonomous Region, on the China-Kazakhstan border.

    The event was organized by the Tacheng County Department of Culture, Sports, Radio, Television and Tourism and was attended by amateur chess players from Kazakhstan and players from different ethnic groups in Tacheng.

    The match is an individual rapid chess tournament for adults, played according to the Swiss system using computer programming, consisting of five rounds.

    The current match is not only a recognition of the achievements in the development of chess culture in Tacheng County, but also an important opportunity to popularize intellectual sports. It is not only an exchange in the field of chess, but also a vivid manifestation of friendship between China and Kazakhstan, said the organizer, expressing hope that the tournament will contribute to the growth of the popularity of this sport in Tacheng and promote deep integration of sports and culture between the two sides. -0-

    MIL OSI Russia News

  • MIL-OSI Russia: US poses biggest threat to peace and stability in South China Sea: Chinese official

    Translation. Region: Russian Federal

    Source: People’s Republic of China in Russian – People’s Republic of China in Russian –

    Source: People’s Republic of China – State Council News

    UNITED NATIONS, May 21 (Xinhua) — A Chinese spokesman on Tuesday refuted Washington’s baseless accusations against Beijing over the South China Sea (SCS) issue, saying the United States poses the biggest threat to the region’s security and stability.

    In response to US Security Council Ambassador Dorothy Shea’s remarks on maritime security during an open debate, China’s Chargé d’Affaires to the UN Geng Shuang said China firmly opposes these remarks because the Security Council is not the appropriate venue to discuss the SCS issue.

    “The United States, under the slogan of freedom of navigation, often sends its warships to the South China Sea to demonstrate its power and stir up confrontation among countries in the region,” Geng Shuang said. “The United States itself is the biggest threat to peace and stability in the South China Sea.”

    China is committed to working with relevant countries to properly resolve maritime disputes through dialogue and consultation based on respect for historical facts and international law, he said.

    The so-called arbitration over the South China Sea issue is “illegal and invalid” and China does not accept or recognize it, Geng Shuang said.

    Noting that the situation in the South China Sea is currently generally stable thanks to the joint efforts of China and ASEAN countries, he said: “We have the determination and ability to turn the South China Sea into a sea of peace, friendship and cooperation.”

    Regarding the US representative’s comment on the Taiwan issue, Geng Shuang called on the US side to adhere to the one-China principle.

    He reminded the US representative that her remarks “contrast sharply with statements by other colleagues.”

    “The statements made by the [UN] Secretary-General and other colleagues focus on how to maintain maritime security and promote international cooperation. However, the United States took the opportunity to attack and discredit other countries and recklessly suppress them in its statement,” Geng Shuang said. “We hope that the United States can join other countries and play a constructive role in maintaining maritime security.”

    The Chinese diplomat also called on the international community to uphold the concept of a maritime community with a shared future, maintain a fair and just maritime order, jointly safeguard maritime security and stability, and strengthen global maritime governance.

    “We will always build global maritime governance, promote the sustainable development of the oceans and seas, and safeguard global maritime security and stability,” Geng said, adding that China is willing to work with the international community to promote a maritime order characterized by peace, tranquility and mutually beneficial cooperation. -0-

    MIL OSI Russia News

  • MIL-OSI Russia: The First Central Asian Sinology Forum was held in Almaty

    Translation. Region: Russian Federal

    Source: People’s Republic of China in Russian –

    Source: People’s Republic of China – State Council News

    ALMATY, May 21 (Xinhua) — The First Central Asian Sinology Forum (Kazakhstan) was held in Almaty on Wednesday. The event is aimed at strengthening dialogue between Central Asian countries and China, as well as studying the trends and prospects for the development of Sinology in the region.

    Chairman of the Senate of the Parliament of the Republic of Kazakhstan Maulen Ashimbayev noted in his congratulatory letter that China is one of the most important partners /of Kazakhstan/ in Central Asia. At present, relations between the two countries are being actively updated and brought to a qualitative level.

    Consul General of the People’s Republic of China in Almaty Jiang Wei stated in her keynote speech that China and Kazakhstan, being good neighbors and reliable partners, are actively developing humanitarian cooperation: the number of students studying at universities in both countries is constantly growing, and interest in studying the Chinese language in Kazakhstan is steadily increasing.

    “The study of China in Central Asian countries already has a solid political foundation and is facing a historic opportunity that has no precedent. I am confident that the upcoming Second China-Central Asia Summit will open up new prospects for the development of Sinology in the region,” she said.

    Chairperson of the Almaty Association of Sinologists Dinara Dauen noted that in order for the interaction between China and Central Asia to be truly deep and meaningful, it is especially important to strive for deeper mutual understanding.

    The forum was attended by Sinologists, scholars and experts from Kazakhstan, Kyrgyzstan, Uzbekistan and Tajikistan, as well as representatives of universities and research centers in China. The participants discussed the current state and prospects for the development of Sinology in Central Asia, the role of Sinology in cooperation between China and the countries of the region, the study and teaching of the Chinese language in Central Asia, and the development of the Chinese language and literature in the region. –0–

    MIL OSI Russia News

  • MIL-OSI United Kingdom: UK attends Kimberley Process Intersessional hosted by the United Arab Emirates

    Source: United Kingdom – Executive Government & Departments 3

    News story

    UK attends Kimberley Process Intersessional hosted by the United Arab Emirates

    The United Kingdom reaffirms commitment to the Kimberley Process and support for its tripartite framework following the 2025 Kimberley Process Intersessional.

    The United Kingdom thanks the United Arab Emirates (UAE) for hosting the Kimberley Process Intersessional from 12 to 16 May.

    A strength of the Kimberley Process is its tripartite nature, which brings together leading expert voices from governments, local communities and industry.

    We reaffirm our commitment to listening to and championing the voice of the Civil Society Coalition in the Kimberley Process and look forward to their contributions to the ongoing review and reform cycle.

    We are proud to be a founding member of the Kimberley Process and continue to support the Initiative’s efforts to address the evolving nature of conflicts.  

    We look forward in particular to continuing collaboration with all Kimberley Process Participants and Observers on broadening the definition of “conflict diamonds”. This will ensure that the Kimberley Process remains relevant to emerging challenges.

    The Kimberley Process was designed to ensure that diamonds are not used to finance armed conflict. We regret that to date, the Process has not addressed the implications of Russia’s use of rough diamond revenue to fund their illegal war in Ukraine and will continue to press for this to be on its agenda.

    Updates to this page

    Published 21 May 2025

    Invasion of Ukraine

    MIL OSI United Kingdom

  • MIL-OSI Russia: The first project in Central Asia to generate electricity through the utilization of exhaust gases has been launched

    Translation. Region: Russian Federal

    Source: People’s Republic of China in Russian – People’s Republic of China in Russian –

    Source: People’s Republic of China – State Council News

    TIANJIN, May 21 (Xinhua) — China Tianchen Engineering Corporation Ltd. (TCC), based in the northern Chinese city of Tianjin, and Kazakhstan’s ERG have signed an EPC (turnkey) contract for the construction of a power plant that will utilize tail gases from the Aktobe Ferroalloy Plant to generate electricity. The signing ceremony was held recently at ERG’s headquarters in Astana, the capital of Kazakhstan.

    According to Lin Tao, General Director of the Kazakhstan branch of TCC, this project will be the first facility in Central Asia for the recovery of exhaust gases for power generation. The introduction of highly efficient environmentally friendly technology for the utilization of tail gases will save about 200 million cubic meters of natural gas annually and reduce carbon dioxide emissions by 320 thousand tons. The implementation of the project will contribute to the multi-stage use of energy resources, a significant reduction in the enterprise’s production costs, as well as the achievement of Kazakhstan’s decarbonization goals.

    Guo Chengzhan, Chairman of the China Association of Environmental Protection Industry, noted that China’s innovative achievements in environmental technology not only promote the green transformation of the domestic energy sector, but also contribute to the global transition to a low-carbon energy system, offering the international community a Chinese option.

    Founded in 1953, TCC, a subsidiary of China National Chemical Engineering Corporation (CNCEC), has rich experience in implementing more than 3,000 major R&D, design and construction projects worldwide. -0-

    MIL OSI Russia News

  • MIL-OSI Russia: Exciting and effective: the first ESU Summer School has started in Bishkek

    Translation. Region: Russian Federal

    Source: State University of Management – Official website of the State –

    On May 20, 2025, the first Summer School of the Eurasian Network University began its work in Bishkek with the participation of teachers from the State University of Management.

    The initiative belongs to Kyrgyzstan, so Bishkek became the host city, where 25 best graduating students from Russia, Kazakhstan, Armenia, Belarus and Kyrgyzstan arrived. They were divided into teams representing the countries of the Eurasian Economic Union. Professors from the best universities of the EAEU, including from the State University of Management, work with them.

    Students are taught leadership, teamwork and public speaking skills. Classes have a minimum of theory, and real situations are simulated during the learning process.

    Deputy Head of the Department of Economic Policy and Economic Measurements of the State University of Management Artem Savostitsky: “We try to make the learning process as exciting as possible. That’s why we use interactive formats. This is a business game where decisions are made and tested in practice during the game instantly. That is, the student does not just listen, but acts and understands which decisions were ineffective.”

    In addition to the educational program, students will also have a cultural one – excursions around Bishkek and trips to the cultural centers of Kyrgyzstan are planned.

    Let us recall that the Eurasian Network University was established in 2022. It is a scientific and educational consortium that includes 32 universities from Armenia, Belarus, Kazakhstan, Kyrgyzstan, Russia and Uzbekistan. The ENU Secretariat is located at the State University of Management, and Vice-Rector Dmitry Bryukhanov was reappointed to the position of Head of the Secretariat at the 10th meeting of the ENU Coordination Council in March this year.

    Photo: MTRK “Mir”.

    Please note: This information is raw content directly from the source of the information. It is exactly what the source states and does not reflect the position of MIL-OSI or its clients.

    MIL OSI Russia News