Category: Ukraine

MIL-OSI United Kingdom: UK and South Korea sign first of its kind agreement to support global infrastructure development and Ukraine’s reconstruction
Source: United Kingdom – Executive Government & Departments

World news story

UK and South Korea sign first of its kind agreement to support global infrastructure development and Ukraine’s reconstruction

The UK has signed a MoU with South Korea to jointly support Ukraine’s reconstruction and global infrastructure, boosting trade and sustainable development.
The United Kingdom of Great Britain and Northern Ireland (UK) has signed a Memorandum of Understanding (MoU) with the Republic of Korea (ROK).

The MoU enhances cooperation between the UK Department for Business and Trade (DBT) and the Korean Overseas Infrastructure & Urban Development Corporation (KIND) to work on Ukrainian reconstruction projects, as well as global infrastructure development in other markets.

This first of its kind agreement signals an exciting opportunity for British and South Korean businesses to make a difference in Ukraine, as well as demonstrate their expertise to the global market, boosting both countries’ economies while being a force for good.

This agreement was signed in the Old Admiralty Building in London on Thursday 22nd May 2025, between the UK Business and Trade Minister, Gareth Thomas MP, and the KIND CEO, Mr. Bok Hwan Kim. It is KIND’s inaugural MoU with DBT and the UK Government.

The MoU will promote new UK-South Korean business partnerships across third markets in the fields of sustainable transport, healthcare infrastructure, smart cities and urban development, clean energy, water and waste management, and sustainable infrastructure and related technologies. In Ukraine, this agreement will kickstart urgent repairs to critical national infrastructure, including housing, hospitals and power generators.

The partnership will advance the UK’s strong diplomatic and trade ties with the Republic of Korea as set out in the 2023 Downing Street Accord. It is also underpinned by £16.3 billion in bilateral trade and supported through the existing UK-ROK Free Trade Agreement, which the Government has committed to upgrading.

The agreement also builds on the UK’s landmark 100-Year Partnership with Ukraine, whereby reconstruction programmes form a key part of the £5bn the UK Government has provided to Ukraine in non-military support.

Business and Trade Minister Gareth Thomas said:

This agreement is the first of its kind and strengthens our relationship with the Republic of Korea.

As part of our Plan for Change it will secure vital opportunities for UK businesses to work with KIND and South Korean companies in overseas infrastructure and deepen our commitment to supporting Ukrainian reconstruction efforts.

KIND CEO, Bok Hwan KIM, said:

This Memorandum of Understanding with the UK government marks a historic moment that elevates infrastructure cooperation between Korea and the United Kingdom to a new level. KIND is delighted to contribute to Ukraine’s reconstruction and sustainable infrastructure development worldwide through this partnership. By combining our countries’ expertise and technological capabilities, we can make a tangible impact across various sectors, from critical infrastructure repairs to clean energy and smart cities. This collaboration goes beyond business opportunities—it represents our joint response to global challenges, and we are honoured to embark on this important journey alongside British companies.

Background

KIND was established in June 2018 by the Government of the Republic of Korea to support Korean companies for project planning, feasibility studies, project information and project bankability.

The UK works with partner countries to jointly deliver high-quality infrastructure projects in third markets through the Third Country Cooperation (TCC) model.

The TCC partnership builds on the complementary strengths of both countries: South Korea brings globally recognised contracting expertise and cost-effective project delivery; the UK offers advisory services, engineering, project finance (including through UK Export Finance), and high-tech solutions.

Ukraine is a priority TCC market for both sides, although the agreement will also allow cooperation with other third countries.

Early reconstruction is vital to Ukraine’s resilience and ultimate victory, and the UK government is committed to mobilising British businesses to support this effort – helping to rebuild critical infrastructure, drive investment, and ensure Ukraine emerges stronger in the face of Russian aggression.

According to the World Bank’s Fourth Rapid Damage and Needs Assessment (RDNA4), as of 31 December 2024, the total cost of reconstruction and recovery in Ukraine is $524 billion (€506 billion) over the next decade, which is approximately 2.8 times the estimated nominal GDP of Ukraine for 2024.

The RDNA4 finds that direct damage in Ukraine has now reached $176 billion (€170 billion), up from $152 billion (€138 billion) in the RDNA3 of February 2024, with housing, transport, energy, commerce and industry, and education as the most affected sectors.

We have developed strong relationships with Ukrainian ministers, local mayors, and officials to identify immediate reconstruction needs, as prioritised by the Government of Ukraine. By promoting the expertise and capabilities of UK businesses, we can ensure UK companies are well-positioned to maximise their contribution to Ukraine’s recovery and reconstruction.

Share this page

The following links open in a new tab

Share on Facebook (opens in new tab)

Share on Twitter (opens in new tab)

Updates to this page

Published 22 May 2025
MIL OSI United Kingdom –
May 22, 2025
MIL-OSI USA: Ernst: American Leadership is Back

US Senate News:

Source: United States Senator Joni Ernst (R-IA)

WASHINGTON – Today on the Senate floor, U.S. Senator Joni Ernst (R-Iowa) reaffirmed that President Trump is showing the world that American leadership is back and echoed his strong message for Vladimir Putin to end Russia’s bloody war.
“Russia’s aggression has already cost too many innocent lives, about 5,000 lives every single week. Too many innocent lives, folks, which is why I support President Trump’s efforts to get a peace deal done now,” said Ernst.

Watch Ernst’s full remarks here.
Ernst’s full remarks:
“Last week, President Trump showed the world that American leadership is back.
“He brought home the last living American hostage – delivering Edan Alexander from Iran-backed Hamas and reuniting him with his family after nearly 600 days.
“He stood with our partners in the Middle East to strengthen the historic Abraham Accords.
“And he delivered a strong message to Vladimir Putin: End the war.
“Today, I stand in support of a sovereign Ukraine and echo the President’s call to Putin to stop this bloodbath that never should have happened.
“This is an issue that not only affects a close partner under siege, but also the strength of the United States of America and the security of the free world.
“Let’s be clear here folks — China is watching. So is Iran and North Korea. And of course, Vladimir Putin is watching, too.
“They call it the ‘new axis of evil’ for a reason.
“Mr. President, I personally witnessed and experienced the growth of the U.S.-Ukrainian relationship when I visited Ukraine in its waning days of Soviet control as part of an agricultural student exchange program.
“This was in 1989, and I had the privilege of living with a Ukrainian family on a very small collective farm.
“Now, as we got together, there were a number of us Iowa students on that exchange, and again, it was an agricultural exchange.
“We came together, each of us with our families, in a group setting, one of the very first nights that we were on that collective.
“And again, with the premise of an agricultural exchange, we were farming tomatoes, working with the cattle and the hogs.
“Very small, small collective.
“We came together, and the Ukrainians wanted to ask us questions.
“So all of us American students, all of us from Iowa, we sat down with our Ukrainian families, and we expected to talk about agriculture.
“Iowa agriculture versus Ukrainian agriculture.
“And much to my surprise, the first question that came from our Ukrainian counterparts, was not about how we raise corn or soybeans in Iowa, it was not about the types of machinery that we used on our farm.
“But the first question the Ukrainians asked us was: What is it like to be free? What is it like to be an American?
“Because in 1989, those Ukrainians were living under Soviet socialist rule.
“They could not travel without having the permission of their government.
“My family did not have a telephone and if they wanted to use the collective manager’s telephone, they would have somebody listening in on the conversation.
“They would have to know the purpose of the telephone call, who they were calling, why they needed to make a telephone call.
“This was 1989, and I learned a lot from that exchange.
“I saw Ukrainian people desperate to break free of socialist economic structures and authoritarian restrictions on freedom of movement, the ability to have your own employment, and on freedom of speech.
“Two years later, Ukraine declared its independence from the Soviet Union and broke free.
“Later, many years later, 2003, the United States was involved in the war in Iraq.
“I was a soldier in 2003, during Iraqi Freedom.
“So I was a transportation company commander permanently stationed in Kuwait.
“My transporters ran convoys from the ports in Kuwait up to Iraq, delivering goods for our war fighters.
“So I was on a little subcamp in Kuwait outside of Camp Arifjan. My soldiers and I lived on that subcamp. The other half of the camp was occupied by other forces.
“Those other forces were Ukrainian soldiers. Ukraine is not part of NATO. They were not required to support the United States of America in Iraq, but Ukraine, of its own volition, sent their soldiers and not just as support elements, they were there as combat forces.
“So again, I was a transporter. We ran convoys in Iraq.
“The other half of that camp that I lived on, they were Ukrainian engineer forces. They did road clearing.
“And I think back, how many American lives did those engineers save from their road clearing efforts, clearing bombs so they wouldn’t be detonated by my drivers?
“Today, Ukraine is fighting its own war.
“And I will remind everyone, the United States does not have forces involved in the Russia-Ukraine war. None. Zero. None.
“Today, Ukraine fights not only for its own survival, but for the very principles the United States was founded on.
“When America leads, the world is safer. When we disengage and when we retreat – like we saw for the last four years under the Biden administration – chaos fills the void.
“Russia’s aggression has already cost too many innocent lives, about 5,000 lives every single week. Too many innocent lives, folks, which is why I support President Trump’s efforts to get a peace deal done now.
“Vladimir Putin cannot keep tapping the United States of America along.
“I vow to keep working with my colleagues to equip the president with all tools necessary to hold Russia accountable – including sanctioning Russia and its supporters – if they continue to drag out peace talks and carry on with the needless bloodshed, so this war that never should have started can come to an end.”

MIL OSI USA News –

May 22, 2025
MIL-Evening Report: Australia’s knowledge of Russia is dwindling. We need to start training our future experts now

Source: The Conversation (Au and NZ) – By Jon Richardson, Visiting Fellow, Centre for European Studies, Australian National University

Shutterstock

Russia’s possible interest in basing long-range aircraft at an Indonesian airbase not far from Australian shores shook up a relatively staid election campaign last month.

The news, which Jakarta immediately dismissed, caught many by surprise in Australia. It shouldn’t have. While Indonesia’s non-aligned stance makes granting such a request highly unlikely, Russia’s defence and political ties with Southeast Asia have actually been deepening over the last decade, at least.

All of this has gone largely unnoticed in Australia. And this highlights a significant problem: Australia has something of a knowledge deficit when it comes to Russia. This is in part due to the fact our expertise on the country has been hollowed out since the Cold War ended.

Russia’s power plays are expanding globally

The Soviet Union loomed large in Australia’s consciousness during the Cold War, if not high on its list of priorities.

Today, Russia remains a major, albeit slightly diminished, power. It is a nuclear weapons state (it has more than 5,500 nuclear warheads, the most of any nation) and a permanent member of the United Nations Security Council. It is also active in other forums of importance to Australia, such as the G20 and APEC, as well as in issues like arms control and climate change.

Most worryingly, under President Vladimir Putin, Russia will no doubt continue to be a disruptor on the international stage.

Russia’s political and security elite perceive the country to be a great power with interests and a right to influence in every part of the world. Just to drive that message home, a giant sign quoting Putin last year read: “Russia’s borders do not end anywhere”.

Even before its full-scale invasion of Ukraine in 2022, Moscow perpetuated an ideology that it is at war with the West. This idea is a key source of legitimacy for Putin’s regime. Russia’s hostile actions against Western democracies continue to proliferate. These include disinformation campaigns, cyber attacks, election interference and, in some regions, sabotage and assassinations.

This isn’t focused entirely on Europe and the US, either. Russia has an active – and expanding – military presence in the Asia-Pacific. Russia’s Pacific Fleet, based in Vladivostok, now has more than 20 nuclear and conventional submarines and frequently engages in training exercises with the Chinese navy.

More “normal” relations with Russia will not return soon. A lasting peace in Ukraine seems unlikely if any interim ceasefire deal leaves large swathes of the country under a brutal Russian occupation regime. Putin is unlikely to let go of his ambitions to subjugate Ukraine and limit its independence.

While sanctions have made it harder for Moscow to conduct the war, the Russian economy also does not appear in danger of imminent collapse.

Meanwhile, Southeast Asia has proven susceptible to Russia’s anti-Western narratives, particularly when it comes to the claim that the Russian invasion was provoked by Western policies and threats. Most regional governments have been loathe to criticise the invasion and the leaders of Indonesia and Malaysia have made state visits to Moscow despite it.

Russia has had similar success in pushing disinformation through orchestrated social media campaigns across the Global South, including in parts of Africa where Australian companies have made significant investments in the mining sector.

Reviving Russia literacy

All these trends point to the need to enhance Australia’s modest level of Russia literacy, both in language skills and broader country expertise.

This was the key message of a recent conference on “Russian activities and Australian interests in the Indo-Pacific”, hosted by the ANU’s Centre for European Studies. It was attended by a wide range of government officials, academics, analysts and foreign diplomats.

Australia once had strong Russian-language departments at several universities. It also boasted numerous Russian and Soviet scholars of global repute, such as Harry Rigby, Sheila Fitzpatrick, Graeme Gill, Stephen Wheatcroft, Geoffrey Jukes and Stephen Fortescue.

Today, the number of university departments teaching Russian language, history or politics has dwindled, with only the University of Melbourne offering a major in Russian language and literature. That university has also added a much-welcomed fellowship in Ukrainian studies.

And Australia has few lecturers or researchers in international relations, history or social sciences with Russia expertise, including language skills.

We can – and should – return our university Russian offerings to the levels we had 30 years ago. This can be done without cutting back on the existing expansive focus on other countries and regions. There is also scope for greater focus on Russia and the former Soviet countries in government.

It will hard for Russia to shake off the pattern of failed government reform efforts defaulting to strong, centralised rule with imperial ambitions and an anti-Western posture.

But moves towards reform could eventually bear fruit (again) when Putin leaves the stage. If this were to happen, Russia would remain a major power with a rich cultural legacy and many common interests with Australia in areas such as natural resources. There is also a significant Russian diaspora in Australia.

For Australia, it is a mistake to think of Russia as somewhere far away. Both in simple geography – all state capitals except Perth are closer to Vladivostok than to New Delhi – and in terms of the interplay of global interests.

Or, as British commentator Keir Giles puts it: “You may not be interested in Russia, but Russia is interested in you.”

Jon Richardson does not work for, consult, own shares in or receive funding from any company or organisation that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.

– ref. Australia’s knowledge of Russia is dwindling. We need to start training our future experts now – https://theconversation.com/australias-knowledge-of-russia-is-dwindling-we-need-to-start-training-our-future-experts-now-256445

MIL OSI Analysis – EveningReport.nz –

May 22, 2025
MIL-OSI Video: We just want people to stop dying — Secretary Rubio on Ukraine

Source: United States of America – Department of State (video statements)

“We just want people to stop dying. Every day this war goes on, people die, things are destroyed and lives are ruined, and we want it to stop.” —
Secretary of State Marco Rubio on Ukraine

https://www.youtube.com/watch?v=K0CDxl2RIm8

MIL OSI Video –

May 22, 2025
MIL-OSI Security: Update 292 – IAEA Director General Statement on Situation in Ukraine

Source: International Atomic Energy Agency – IAEA

The IAEA team based at Ukraine’s Zaporizhzhya Nuclear Power Plant (ZNPP) heard bursts of gunfire this morning, coinciding with a purported drone attack on the site’s training centre, Director General Rafael Mariano Grossi said.

It was the third time this year that the training centre, located just outside the site perimeter, was reportedly targeted by such an unmanned aerial vehicle.

The ZNPP told the IAEA team that the drone hit the roof of the training centre, without causing any casualties or major damage. It was not immediately known whether the drone had directly struck the building or whether it crashed on the structure after being shot down, the ZNPP said.

The IAEA staff members heard the gunfire shortly before 10am local time, but it was not clear if this observation was connected to the drone.

The IAEA team requested to visit the training centre, as it was able to do following the previous such incident that occurred in April. However, on this occasion permission has not yet been granted.

“These reported drone incidents are very concerning, as they could pose a direct threat to nuclear safety and security. To put it simply: there are too many drones flying near nuclear sites, not just the Zaporizhzhya Nuclear Power Plant. It should stop immediately,” Director General Grossi said.

In February, a drone severely damaged the New Safe Confinement (NSC) at the Chornobyl plant in northern Ukraine, built to prevent any radioactive release from the reactor unit 4 destroyed in the 1986 accident and to protect it from external hazards.

In mid-April, a drone was reportedly shot down and crashed near the ZNPP’s training centre, just over three months after another reported drone attack on the same centre.

Ukraine’s operating nuclear power plants (NPPs) – Khmelnytskyy, Rivne and South Ukraine – also regularly report of drones being detected near the respective sites. Last Friday, the IAEA team at the South Ukraine NPP was informed that drones were observed as close as 2km from the site and the team reported hearing anti-aircraft fire from their hotel. The same night, drones were reported to have been observed transiting through the Chornobyl Exclusion Zone.

MIL Security OSI –

May 22, 2025
MIL-OSI USA: Graham: Moral Clarity Will Conquer Evil Regimes

US Senate News:

Source: United States Senator for South Carolina Lindsey Graham
WASHINGTON – U.S. Senator Lindsey Graham (R-South Carolina) today spoke on the Senate floor about peace through strength and moral clarity during dangerous times.
On moral clarity during dangerous times:
GRAHAM: “Russia is the aggressor. Russia must end this bloodbath. That is my view of [the Russia-Ukraine war]. Let’s look in history and see what happens when you have moral clarity and see what happens when you lose it.” https://youtu.be/7QdErvIuatE?si=V0-X6tkjJE_8De10&t=566
GRAHAM: “Hitler told [the world] what he was going to do, he wrote a book. But [former UK Prime Minister] Chamberlain obviously didn’t read the book and he didn’t have the moral clarity to confront the Nazi regime, and a lot of people died. September 30, 1938 [Chamberlain said] ‘I believe it is peace for our time.’ … Less than a year later, the world was on fire.” https://youtu.be/7QdErvIuatE?si=9GJNnus0en6x_S6R&t=643
GRAHAM: “‘When all are free, then we can look forward to that day when this city will be joined as one and this country and this great continent of Europe in a peaceful and hopeful globe.’ [President John F. Kennedy] was talking about Berlin. Moral clarity to the Soviet Union. He stood up for freedom and stood against the Soviet empire.” https://youtu.be/7QdErvIuatE?si=V0-X6tkjJE_8De10&t=718
GRAHAM: “Ronald Reagan: ‘Mr. Gorbachev, tear down this wall!’ How clear could you be? On the other side of this wall is an evil empire. That moral clarity, over time, brought the Soviet Union down to its knees.” https://youtu.be/7QdErvIuatE?si=V0-X6tkjJE_8De10&t=749
On President Trump’s leadership:
GRAHAM: “When [President Trump] got in office, one of his top priorities was to fix a broken border. Look what’s happened…He’s turned it all off because he was firm and resolved with Mexico and others. His border policies have worked.” https://youtu.be/7QdErvIuatE?si=BaLGLKsqVGj9HRCd&t=363
GRAHAM: “What has [President Trump] said about Iran? ‘You know it’s not a complicated formula. Iran cannot have a nuclear weapon. That’s all there is.’ That’s moral clarity. You can understand that no matter where you’re at on the planet.” https://youtu.be/7QdErvIuatE?si=sOxbu_x3XKBdCBOm&t=436
GRAHAM: “I appreciate President Trump’s earnest effort to bring the parties together to find a solution we can all live with, to keep an independent sovereign Ukraine, and end this war sooner rather than later. It is clear to me that after all these months, the earnest efforts by President Trump are not being equally met. I think Zelensky is ready to make concessions to end this war. Putin seems to be [doing] more talking and less acting.” https://youtu.be/7QdErvIuatE?si=uQ3IQiEdRV2rPWwG&t=948
On the Graham-Blumenthal Russia sanctions bill reaching over 80 cosponsors:
GRAHAM: “It is now time to increase the cost of this war to Putin. The sanctions package we have put together has [over] 80 cosponsors. Do you know how hard it is to get 80 Senators to agree on anything? Eighty of us – and the number is climbing – are ready to impose sanctions on Russia if Putin does not come to the table and earnestly seek peace.” https://youtu.be/7QdErvIuatE?si=kWOZu-UhJqd0ru3M&t=1009
GRAHAM: “These sanctions are geared toward China. There are tariffs in these sanctions on any nation that buys Russian oil and gas from the shadow fleet. Putin’s war machine is propped up by China and India buying Russian oil at a massive discount…” https://youtu.be/7QdErvIuatE?si=QJy_NDKD5DdPFoUY&t=1036
Click here to watch Graham’s entire speech

MIL OSI USA News –

May 22, 2025
MIL-OSI USA: Senator Marshall Joins Newsmax to Discuss the President’s ‘One, Big Beautiful Bill,’ The SALT Deduction, and the Golden Dome Defense System

US Senate News:

Source: United States Senator for Kansas Roger Marshall

Washington – U.S. Senator Roger Marshall, M.D. (R-Kansas) joined Shaun Kraisman and Emma Rechenberg on Newsmax this morning to discuss the status of President Donald Trump’s ‘One Big, Beautiful Bill,’ what’s next for the reconciliation process regarding State and Local Tax (SALT) Deduction, and the ‘Golden Dome’ defense system announced by the President and Secretary of Defense Pete Hegseth yesterday.

You may click HERE or above to watch Senator Marshall’s full interview on Newsmax
Highlights from the interview include:
On President Trump helping close out the negotiations:
Senator Marshall: “I thought about this this weekend during a baseball game. If the House, if this was a baseball game, the House is going into the seventh inning, and we’re going to have to bring our closer in sooner than expected. So, we’re going to bring in Donald Trump. And you think of all the great closers in the history of baseball, you’ve got Goose Gossage who had a fastball. So, we’ll bring him in the eighth inning, and then the ninth inning President Trump will be like Mario Rivera, who has his cutter.
“So, look, if it wasn’t for President Trump, this doesn’t happen, but I do believe in Speaker Johnson, President Trump, they’ll get it across the finish line. Send it over here and we’ll make the bill even better.”
On the SALT Deduction negotiations:
Senator Marshall: “If you think about where the big divisions are on this bill, it’s the SALT tax… You have some Republicans from districts that are blue, and they want this SALT tax to go up. And by the way, it’s going to cost $1 trillion dollars over the next 10 years, and you have conservative Republicans like myself who say the biggest issue in the country right now is our national debt. And there’s so many other things we could do with that trillion dollars rather than spending it, you know, giving these people from blue states a big tax break as well.
“So, President Trump is trying to find that sweet spot. This bill is not perfect. This is not the bill that a conservative Republican like myself would write, but we’re getting there. This is the first step towards a balanced budget. We need to deliver on the President’s promises.”
On the Golden Dome Defense System:
Senator Marshall: “Well, obviously this would give us a big advantage. If we could shoot down all the Chinese nuclear warheads and their warp speed missiles that they have as well, this would just put our military at a big, big advantage. But to me this is a defensive weapon, as far as United States has been concerned.
“Look, we don’t want to rule the world. We just want to make sure our families are safe and secure. I think this will be a great investment. $175 billion is what the President’s going to spend on this probably. Think about this, we spent $200 billion in Ukraine and I don’t know what that did for the safety of American citizens.
“I think that you know, this takes me back to my boyhood when they announced… going to the moon. And this is something that Americans can rally around together, that we can cheer for together. We don’t have the technology to complete this yet. It looks next to impossible. I would put this way ahead of any purpose of going to Mars for America right now. So, I think this is a good investment. It’s going to make Americans safer – that’s what President Trump promised us. He said he’s going to make our family safer and more secure. So, I’m behind it, I’m excited about the technology, and there will be so many other benefits from this technology going forward as we develop this.”

MIL OSI USA News –

May 22, 2025

MIL-OSI USA: Russian GRU Targeting Western Logistics Entities and Technology Companies

News In Brief – Source: US Computer Emergency Readiness Team

Executive Summary

This joint cybersecurity advisory (CSA) highlights a Russian state-sponsored cyber campaign targeting Western logistics entities and technology companies. This includes those involved in the coordination, transport, and delivery of foreign assistance to Ukraine. Since 2022, Western logistics entities and IT companies have faced an elevated risk of targeting by the Russian General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (85th GTsSS), military unit 26165—tracked in the cybersecurity community under several names (see “Cybersecurity Industry Tracking”). The actors’ cyber espionage-oriented campaign, targeting technology companies and logistics entities, uses a mix of previously disclosed tactics, techniques, and procedures (TTPs). The authoring agencies expect similar targeting and TTP use to continue.

Executives and network defenders at logistics entities and technology companies should recognize the elevated threat of unit 26165 targeting, increase monitoring and threat hunting for known TTPs and indicators of compromise (IOCs), and posture network defenses with a presumption of targeting.

This cyber espionage-oriented campaign targeting logistics entities and technology companies uses a mix of previously disclosed TTPs and is likely connected to these actors’ wide scale targeting of IP cameras in Ukraine and bordering NATO nations.

The following authors and co-sealers are releasing this CSA:

United States National Security Agency (NSA)
United States Federal Bureau of Investigation (FBI)
United Kingdom National Cyber Security Centre (NCSC-UK)
Germany Federal Intelligence Service (BND) Bundesnachrichtendienst
Germany Federal Office for Information Security (BSI) Bundesamt für Sicherheit in der Informationstechnik
Germany Federal Office for the Protection of the Constitution (BfV) Bundesamt für Verfassungsschutz
Czech Republic Military Intelligence (VZ) Vojenské zpravodajství
Czech Republic National Cyber and Information Security Agency (NÚKIB) Národní úřad pro kybernetickou a informační bezpečnost
Czech Republic Security Information Service (BIS) Bezpečnostní informační služba
Poland Internal Security Agency (ABW) Agencja Bezpieczeństwa Wewnętrznego
Poland Military Counterintelligence Service (SKW) Służba Kontrwywiadu Wojskowego
United States Cybersecurity and Infrastructure Security Agency (CISA)
United States Department of Defense Cyber Crime Center (DC3)
United States Cyber Command (USCYBERCOM)
Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC)
Canadian Centre for Cyber Security (CCCS)
Danish Defence Intelligence Service (DDIS) Forsvarets Efterretningstjeneste
Estonian Foreign Intelligence Service (EFIS) Välisluureamet
Estonian National Cyber Security Centre (NCSC-EE) Küberturvalisuse keskus
French Cybersecurity Agency (ANSSI) Agence nationale de la sécurité des systèmes d’information
Netherlands Defence Intelligence and Security Service (MIVD) Militaire Inlichtingen- en Veiligheidsdienst

Download the PDF version of this report:

Russian GRU Targeting Western Logistics Entities and Technology Companies (PDF, 1,081KB)

For a downloadable list of IOCs, visit:

Introduction

For over two years, the Russian GRU 85th GTsSS, military unit 26165—commonly known in the cybersecurity community as APT28, Fancy Bear, Forest Blizzard, BlueDelta, and a variety of other identifiers—has conducted this campaign using a mix of known tactics, techniques, and procedures (TTPs), including reconstituted password spraying capabilities, spearphishing, and modification of Microsoft Exchange mailbox permissions.
In late February 2022, multiple Russian state-sponsored cyber actors increased the variety of cyber operations for purposes of espionage, destruction, and influence—with unit 26165 predominately involved in espionage. [1] As Russian military forces failed to meet their military objectives and Western countries provided aid to support Ukraine’s territorial defense, unit 26165 expanded its targeting of logistics entities and technology companies involved in the delivery of aid. These actors have also targeted Internet-connected cameras at Ukrainian border crossings to monitor and track aid shipments.
Note: This advisory uses the MITRE ATT&CK® for Enterprise framework, version 17. See Appendix A: MITRE ATT&CK tactics and techniques for a table of the threat actors’ activity mapped to MITRE ATT&CK tactics and techniques. This advisory uses the MITRE D3FEND® framework, version 1.0.

Description of Targets

The GRU unit 26165 cyber campaign against Western logistics providers and technology companies has targeted dozens of entities, including government organizations and private/commercial entities across virtually all transportation modes: air, sea, and rail. These actors have targeted entities associated with the following verticals within NATO member states, Ukraine, and at international organizations:

Defense Industry
Transportation and Transportation Hubs (ports, airports, etc.)
Maritime
Air Traffic Management
IT Services

In the course of the targeting lifecycle, unit 26165 actors identified and conducted follow-on targeting of additional entities in the transportation sector that had business ties to the primary target, exploiting trust relationships to attempt to gain additional access [T1199].

The actors also conducted reconnaissance on at least one entity involved in the production of industrial control system (ICS) components for railway management, though a successful compromise was not confirmed [TA0043].

The countries with targeted entities include the following, as illustrated in Figure 1:

Bulgaria
Czech Republic
France
Germany
Greece
Italy
Moldova
Netherlands
Poland
Romania
Slovakia
Ukraine
United States

Figure 1: Countries with Targeted Entities

Initial Access TTPs

To gain initial access to targeted entities, unit 26165 actors used several techniques to gain initial access to targeted entities, including (but not limited to):

The actors abused vulnerabilities associated with a range of brands and models of small office/home office (SOHO) devices to facilitate covert cyber operations, as well as proxy malicious activity via devices with geolocation in proximity to the target [T1665]. [2]

Credential Guessing/Brute Force

Unit 26165 actors’ credential guessing [T1110.001] operations in this campaign exhibit some similar characteristics to those disclosed in the previous CSA “Russian GRU Conducting Global Brute Force Campaign to Compromise Enterprise and Cloud Environments.” [3] Based on victim network investigations, the current iteration of this TTP employs a similar blend of anonymization infrastructure, including the use of Tor and commercial VPNs [T1090.003]. The actors frequently rotated the IP addresses used to further hamper detection. All observed connections were made via encrypted TLS [T1573].

Spearphishing

GRU unit 26165 actors’ spearphishing emails included links [T1566.002] leading to fake login pages impersonating a variety of government entities and Western cloud email providers’ webpages. These webpages were typically hosted on free third-party services or compromised SOHO devices and often used legitimate documents associated with thematically similar entities as lures. The subjects of spearphishing emails were diverse and ranged from professional topics to adult themes. Phishing emails were frequently sent via compromised accounts or free webmail accounts [T1586.002, T1586.003]. The emails were typically written in the target’s native language and sent to a single targeted recipient.

Some campaigns employed multi-stage redirectors [T1104] verifying IP-geolocation [T1627.001] and browser fingerprints [T1627] to protect credential harvesting infrastructure or provide multifactor authentication (MFA) [T1111] and CAPTCHA relaying capabilities [T1056]. Connecting endpoints failing the location checks were redirected to a benign URL [T1627], such as msn.com. Redirector services used include:

Webhook[.]site
FrgeIO
InfinityFree
Dynu
Mocky
Pipedream
Mockbin[.]org

The actors also used spearphishing to deliver malware (including HEADLACE and MASEPIE) executables [T1204.002] delivered via third-party services and redirectors [T1566.002], scripts in a mix of languages [T1059] (including BAT [T1059.003] and VBScript [T1059.005]) and links to hosted shortcuts [T1204.001].

CVE Usage

Throughout this campaign, GRU unit 26165 weaponized an Outlook NTLM vulnerability (CVE-2023-23397) to collect NTLM hashes and credentials via specially crafted Outlook calendar appointment invitations [T1187]. [4],[5] These actors also used a series of Roundcube CVEs (CVE-2020-12641, CVE-2020-35730, and CVE-2021-44026) to execute arbitrary shell commands [T1059], gain access to victim email accounts, and retrieve sensitive data from email servers [T1114].

Since at least fall 2023, the actors leveraged a WinRAR vulnerability (CVE-2023-38831) allowing for the execution of arbitrary code embedded in an archive as a means of initial access [T1659]. The actors sent emails with malicious attachments [T1566.001] or embedded hyperlinks [T1566.002] that downloaded a malicious archive prepared using this CVE.

Post-Compromise TTPs

After an initial compromise using one of the above techniques, unit 26165 actors conducted contact information reconnaissance to identify additional targets in key positions [T1589.002]. The actors also conducted reconnaissance of the cybersecurity department [T1591], individuals responsible for coordinating transport [T1591.004], and other companies cooperating with the victim entity [T1591.002].

The actors used native commands and open source tools, such as Impacket and PsExec, to move laterally within the environment [TA0008]. Multiple Impacket scripts were used as .exe files, in addition to the python versions, depending on the victim environment. The actors also moved laterally within the network using Remote Desktop Protocol (RDP) [T1021.001] to access additional hosts and attempt to dump Active Directory NTDS.dit domain databases [T1003.003] using native Active Directory Domain Services commands, such as in Figure 2: Example Active Directory Domain Services command:

C:Windowssystem32ntdsutil.exe "activate instance ntds" ifm "create full C:temp[a-z]{3}" quit quit

Figure 2: Example Active Directory Domain Services command

Additionally, GRU unit 26165 actors used the tools Certipy and ADExplorer.exe to exfiltrate information from the Active Directory. The actors installed python [T1059.006] on infected machines to enable the execution of Certipy. Accessed files were archived in .zip files prior to exfiltration [T1560]. The actors attempted to exfiltrate archived data via a previously dropped OpenSSH binary [T1048].

Incident response investigations revealed that the actors would take steps to locate and exfiltrate lists of Office 365 users and set up sustained email collection. The actors used manipulation of mailbox permissions [T1098.002] to establish sustained email collection at compromised logistics entities, as detailed in a Polish Cybercommand blog. [6]

After initial authentication, unit 26165 actors would change accounts’ folder permissions and enroll compromised accounts in MFA mechanisms to increase the trust-level of compromised accounts and enable sustained access [T1556.006]. The actors leveraged python scripts to retrieve plaintext passwords via Group Policy Preferences [T1552.006] using Get-GPPPassword.py and a modified ldap-dump.py to enumerate the Windows environment [T1087.002] and conduct a brute force password spray [T1110.003] via Lightweight Directory Access Protocol (LDAP). The actors would additionally delete event logs through the wevtutil utility [T1070.001].

After gaining initial access to the network, the actors pursued further access to accounts with access to sensitive information on shipments, such as train schedules and shipping manifests. These accounts contained information on aid shipments to Ukraine, including:

sender,
recipient,
train/plane/ship numbers,
point of departure,
destination,
container registration numbers,
travel route, and
cargo contents.

In at least one instance, the actors attempted to use voice phishing [T1566.004] to gain access to privileged accounts by impersonating IT staff.

Malware

Unit 26165’s use of malware in this campaign ranged from gaining initial access to establishing persistence and exfiltrating data. In some cases, the attack chain resulted in multiple pieces of malware being deployed in succession. The actors used dynamic link library (DLL) search order hijacking [T1574.001] to facilitate malware execution. There were a number of known malware variants tied to this campaign against logistics sector victims, including:

HEADLACE [7]
MASEPIE [8]

While other malware variants, such as OCEANMAP and STEELHOOK, [8] were not directly observed targeting logistics or IT entities, their deployment against victims in other sectors in Ukraine and other Western countries suggest that they could be deployed against logistics and IT entities should the need arise.

Persistence

In addition to the abovementioned mailbox permissions abuse, unit 26165 actors also used scheduled tasks [T1053.005], run keys [T1547.001], and placed malicious shortcuts [T1547.009] in the startup folder to establish persistence.

Exfiltration

GRU unit 26165 actors used a variety of methods for data exfiltration that varied based on the victim environment, including both malware and living off the land binaries. PowerShell commands [T1059.001] were often used to prepare data for exfiltration; for example, the actors prepared zip archives [T1560.001] for upload to their own infrastructure.

The actors also used server data exchange protocols and Application Programming Interfaces (APIs) such as Exchange Web Services (EWS) and Internet Message Access Protocol (IMAP) [T1114.002] to exfiltrate data from email servers. In multiple instances, the actors used periodic EWS queries [T1119] to collect new emails sent and received since the last data exfiltration [T1029]. The actors typically used infrastructure in close geographic proximity to the victim. Long gaps between exfiltration, the use of trusted and legitimate protocols, and the use of local infrastructure allowed for long-term collection of sensitive data to go undetected.

Connections to Targeting of IP Cameras

In addition to targeting logistics entities, unit 26165 actors likely used access to private cameras at key locations, such as near border crossings, military installations, and rail stations, to track the movement of materials into Ukraine. The actors also used legitimate municipal services, such as traffic cams.

The actors targeted Real Time Streaming Protocol (RTSP) servers hosting IP cameras primarily located in Ukraine as early as March 2022 in a large-scale campaign, which included attempts to enumerate devices [T1592] and gain access to the cameras’ feeds [T1125]. Actor-controlled servers sent RTSP DESCRIBE requests destined for RTSP servers, primarily hosting IP cameras [T1090.002]. The DESCRIBE requests were crafted to obtain access to IP cameras located on logically distinct networks from that of the routers that received the request. The requests included Base64-encoded credentials for the RTSP server, which included publicly documented default credentials and likely generic attempts to brute force access to the devices [T1110]. An example of an RTSP request is shown in Figure 3.

DESCRIBE rtsp://[IP ADDRESS] RTSP/1.0

CSeq: 1

Authorization: Basic

User-Agent: WebClient

Accept: application/sdp

DESCRIBE rtsp://[IP ADDRESS] RTSP/1.0

CSeq: 2

Authorization: Digest username="admin", realm="[a-f0-9]{12}", algorithm="MD5", nonce="[a-f0-9]{32}", uri="", response="[a-f0-9]{32}"

User-Agent: WebClient

Accept: application/sdp

Figure 3: Example RTSP request

Successful RTSP 200 OK responses contained a snapshot of the IP camera’s image and IP camera metadata such as video codec, resolution, and other properties depending on the IP camera’s configuration.

From a sample available to the authoring agencies of over 10,000 cameras targeted via this effort, the geographic distribution of victims showed a strong focus on cameras in Ukraine and border countries, as shown in Table 1:

Table 1: Geographic distribution of targeted IP cameras
Country	Percentage of Total Attempts
Ukraine	81.0%
Romania	9.9%
Poland	4.0%
Hungary	2.8%
Slovakia	1.7%
Others	0.6%

Mitigation Actions

General Security Mitigations

Architecture and Configuration

Employ appropriate network segmentation [D3-NI] and restrictions to limit access and utilize additional attributes (such as device information, environment, and access path) when making access decisions [D3-AMED].
- Consider Zero Trust principles when designing systems. Base product choices on how those products can solve specific risks identified as part of the end-to-end design. [9]
Ensure that host firewalls and network security appliances (e.g., firewalls) are configured to only allow legitimately needed data flows between devices and servers to prevent lateral movement [D3-ITF]. Alert on attempts to connect laterally between host devices or other unusual data flows.
Use automated tools to audit access logs for security concerns and identify anomalous access requests [D3-RAPA].
For organizations using on-premises authentication and email services, block and alert on NTLM/SMB requests to external infrastructure [D3-OTF].
Utilize endpoint, detection, and response (EDR) and other cybersecurity solutions on all systems, prioritizing high value systems with large amounts of sensitive data such as mail servers and domain controllers [D3-PM] first.
- Perform threat and attack modeling to understand how sensitive systems may be compromised within an organization’s specific architecture and security controls. Use this to develop a monitoring strategy to detect compromise attempts and select appropriate products to enact this strategy.
Collect and monitor Windows logs for certain events, especially for events that indicate that a log was cleared unexpectedly [D3-SFA].
Enable optional security features in Windows to harden endpoints and mitigate initial access techniques [D3-AH]:
- Enable attack surface reduction rules to prevent executable content from email [D3-ABPI].
- Enable attack surface reduction rules to prevent execution of files from globally writeable directories, such as Downloads or %APPDATA% [D3-EAL].
- Unless users are involved in the development of scripts, limit the local execution of scripts (such as batch scripts, VBScript, JScript/JavaScript, and PowerShell [10]) to known scripts [D3-EI], and audit execution attempts.
- Disable Windows Host Scripting functionality and configure PowerShell to run in Constrained mode [D3-ACH].
Where feasible, implement allowlisting for applications and scripts to limit execution to only those needed for authorized activities, blocking all others by default [D3-EAL].
Consider using open source SIGMA rules as a baseline for detecting and alerting on suspicious file execution or command parameters [D3-PSA].
Use services that provide enhanced browsing services and safe link checking [D3-URA]. Significant reductions in successful spearphishing attempts were noted when email providers began offering link checking and automatic file detonation to block malicious content.
Where possible, block logins from public VPNs, including exit nodes in the same country as target systems, or, if they need to be allowed, alert on them for further investigation. Most organizations should not need to allow incoming traffic, especially logins to systems, from VPN services [D3-NAM].
Educate users to only use approved corporate systems for relevant government and military business and avoid the use of personal accounts on cloud email providers to conduct official business. Network administrators should also audit both email and web request logs to detect such activity.

Many organizations may not need to allow outgoing traffic to hosting and API mocking services, which are frequently used by GRU unit 26165. Organizations should consider alerting on or blocking the following services, with exceptions allowlisted for legitimate activity [D3-DNSDL].

*.000[.]pe
*.1cooldns[.]com
*.42web[.]io
*.4cloud[.]click
*.accesscan[.]org
*.bumbleshrimp[.]com
*.camdvr[.]org
*.casacam[.]net
*.ddnsfree[.]com
*.ddnsgeek[.]com
*.ddnsguru[.]com
*.dynuddns[.]com
*.dynuddns[.]net
*.free[.]nf
*.freeddns[.]org
*.frge[.]io
*.glize[.]com
*.great-site[.]net
*.infinityfreeapp[.]com
*.kesug[.]com
*.loseyourip[.]com
*.lovestoblog[.]com
*.mockbin[.]io
*.mockbin[.]org
*.mocky[.]io
*.mybiolink[.]io
*.mysynology[.]net
*.mywire[.]org
*.ngrok[.]io
*.ooguy[.]com
*.pipedream[.]net
*.rf[.]gd
*.urlbae[.]com
*.webhook[.]site
*.webhookapp[.]com
*.webredirect[.]org
*.wuaze[.]com

Heuristic detections for web requests to new subdomains, including of the above providers, may uncover malicious phishing activity [D3-DNRA]. Logging the requests for each sub-domain requested by users on a network, such as in DNS or firewall logs, may enable system administrators to identify new targeting and victims.

Identity and Access Management

Organizations should take measures to ensure strong access controls and mitigate against common credential theft techniques:

Use MFA with strong factors, such as passkeys or PKI smartcards, and require regular re-authentication [D3-MFA]. [11], [12] Strong authentication factors are not guessable using dictionary techniques, so they resist brute force attempts.
Implement other mitigations for privileged accounts: including limiting the number of admin accounts, considering using hardware MFA tokens, and regularly reviewing all privileged user accounts [D3-JFAPA].
Separate privileged accounts by role and alert on misuse of privileged accounts [D3-UAP]. For example, email administrator accounts should be different from domain administrator accounts.
Reduce reliance on passwords; instead, consider using services like single sign-on [D3-TBA].
- For organizations using on-premises authentication and email services, plan to disable NTLM entirely and migrate to more robust authentication processes such as PKI certificate authentication.
Do not store passwords in Group Policy Preferences (GPP). Remove all passwords previously included in GPP and change all passwords on the corresponding accounts [D3-CH]. [13]
Use account throttling or account lockout [D3-ANET]:
- Throttling is preferred to lockout. Throttling progressively increases time delay between successive login attempts.
- Account lockout can leave legitimate users unable to access their accounts and requires access to an account recovery process.
- Account lockout can provide a malicious actor with an easy way to launch a Denial of Service (DoS).
- If using lockout, then allowing 5 to 10 attempts before lockout is recommended.
Use a service to check for compromised passwords before using them [D3-SPP]. For example, “Have I Been Pwned” can be used to check whether a password has been previously compromised without disclosing the potential password.
Change all default credentials [D3-CRO] and disable protocols that use weak authentication (e.g., clear-text passwords or outdated and vulnerable authentication or encryption protocols) or do not support multi-factor authentication [D3-ACH] [D3-ET]. Always configure access controls carefully to ensure that only well-maintained and well-authenticated accounts have access. [13]

IP Camera Mitigations

The following mitigation techniques for IP cameras can be used to defend against this type of malicious activity:

Ensure IP cameras are currently supported. Replace devices that are out of support.
Apply security patches and firmware updates to all IP cameras [D3-SU].
Disable remote access to the IP camera, if unnecessary [D3-ITF].
Ensure cameras are protected by a security appliance, if possible, such as by using a firewall to prevent communication with the camera from IP addresses not on an allowlist [D3-NAM].
If remote access to IP camera feeds is required, ensure authentication is enabled [D3-AA] and use a VPN to connect remotely [D3-ET]. Use MFA for management accounts if supported [D3-MFA].
Disable Universal Plug and Play (UPnP), Peer-to-Peer (P2P), and Anonymous Visit features on IP cameras and routers [D3-NI].
Turn off other ports/services not in use (e.g., FTP, web interface, etc.) [D3-ACH].
If supported, enable authenticated RTSP access only [D3-AA].
Review all authentication activity for remote access to make sure it is valid and expected [D3-UBA]. Investigate any unexpected or unusual activity.
Audit IP camera user accounts to ensure they are an accurate reflection of your organization and that they are being used as expected [D3-UAP].
Configure, tune, and monitor logging—if available—on the IP camera.

Indicators of Compromise (IOCs)

Note: Specific IoCs may no longer be actor controlled, may themselves be compromised infrastructure or email accounts, or may be shared infrastructure such as public VPN or Tor exit nodes. Care should be taken when basing triaging logs or developing detection rules on these indicators. GRU unit 26165 almost certainly uses extensive further infrastructure and TTPs not specifically listed in this report.

Utilities and scripts

Legitimate utilities

Unauthorized or unusual use of the following legitimate utilities can be an indication of a potential compromise:

ntdsutil – A legitimate Windows executable used by threat actors to export contents of Active Directory
wevtutil – A legitimate Windows executable used by threat actors to delete event logs
vssadmin – A legitimate Windows executable possibly used by threat actors to make a copy of the server’s C: drive
ADexplorer – A legitimate window executable to view, edit, and backup Active Directory Certificate Services
OpenSSH – The Windows version of a legitimate open source SSH client
schtasks – A legitimate Windows executable used to create persistence using scheduled tasks
whoami – A legitimate Windows executable used to retrieve the name of the current user
tasklist – A legitimate Windows executable used to retrieve the list of running processes
hostname – A legitimate Windows executable used to retrieve the device name
arp – A legitimate Windows executable used to retrieve the ARP table for mapping the network environment
systeminfo – A legitimate Windows executable used to retrieve a comprehensive summary of device and operating system information
net – A legitimate Windows executable used to retrieve detailed user information
wmic – A legitimate Windows executable used to interact with Windows Management Instrumentation (WMI), such as to retrieve letters assigned to logical partitions on storage drives
cacls – A legitimate Windows executable used to modify permissions on files
icacls – A legitimate Windows executable used to modify permissions to files and handle integrity levels and ownership
ssh – A legitimate Windows executable used to establish network shell connections
reg – A legitimate Windows executable used to add to or modify the system registry

Note: Additional heuristics are needed for effective hunting for these and other living off the land (LOTL) binaries to avoid being overwhelmed by false positives if these legitimate management tools are used regularly. See the joint guide, Identifying and Mitigating Living Off the Land Techniques, for guidance on developing a multifaceted cybersecurity strategy that enables behavior analytics, anomaly detection, and proactive hunting, which are part of a comprehensive approach to mitigating cyber threats that employ LOTL techniques.

Malicious scripts

Certipy – An open source python tool for enumerating and abusing Active Directory Certificate Services
Get-GPPPassword.py – An open source python script for finding insecure passwords stored in Group Policy Preferences
ldap-dump.py – A script for enumerating user accounts and other information in Active Directory
Hikvision backdoor string: “YWRtaW46MTEK”

Suspicious command lines

While the following utilities are legitimate, and using them with the command lines shown may also be legitimate, these command lines are often used during malicious activities and could be an indication of a compromise:

edge.exe “-headless-new -disable-gpu”
ntdsutil.exe “activate instance ntds” ifm “create full C:temp[a-z]{3}” quit quit
ssh -Nf
schtasks /create /xml

Outlook CVE Exploitation IOCs

md-shoeb@alfathdoor[.]com[.]sa
jayam@wizzsolutions[.]com
accounts@regencyservice[.]in
m.salim@tsc-me[.]com
vikram.anand@4ginfosource[.]com
mdelafuente@ukwwfze[.]com
sarah@cosmicgold469[.]co[.]za
franch1.lanka@bplanka[.]com
commerical@vanadrink[.]com
maint@goldenloaduae[.]com
karina@bhpcapital[.]com
tv@coastalareabank[.]com
ashoke.kumar@hbclife[.]in
213[.]32[.]252[.]221
124[.]168[.]91[.]178
194[.]126[.]178[.]8
159[.]196[.]128[.]120

Commonly Used Webmail Providers

portugalmail[.]pt
mail-online[.]dk
email[.]cz
seznam[.]cz

Malicious Archive Filenames Involving CVE-2023-38831

calc.war.zip
news_week_6.zip
Roadmap.zip
SEDE-PV-2023-10-09-1_EN.zip
war.zip
Zeyilname.zip

Brute Forcing IP Addresses

Disclaimer: These IP addresses date June 2024 through August 2024. The authoring agencies recommend organizations investigate or vet these IP addresses prior to taking action, such as blocking.

June 2024	July 2024	August 2024
192[.]162[.]174[.]94	207[.]244[.]71[.]84	31[.]135[.]199[.]145	79[.]184[.]25[.]198	91[.]149[.]253[.]204
103[.]97[.]203[.]29	162[.]210[.]194[.]2	31[.]42[.]4[.]138	79[.]185[.]5[.]142	91[.]149[.]254[.]75
209[.]14[.]71[.]127		46[.]112[.]70[.]252	83[.]10[.]46[.]174	91[.]149[.]255[.]122
109[.]95[.]151[.]207		46[.]248[.]185[.]236	83[.]168[.]66[.]145	91[.]149[.]255[.]19
		64[.]176[.]67[.]117	83[.]168[.]78[.]27	91[.]149[.]255[.]195
		64[.]176[.]69[.]196	83[.]168[.]78[.]31	91[.]221[.]88[.]76
		64[.]176[.]70[.]18	83[.]168[.]78[.]55	93[.]105[.]185[.]139
		64[.]176[.]70[.]238	83[.]23[.]130[.]49	95[.]215[.]76[.]209
		64[.]176[.]71[.]201	83[.]29[.]138[.]115	138[.]199[.]59[.]43
		70[.]34[.]242[.]220	89[.]64[.]70[.]69	147[.]135[.]209[.]245
		70[.]34[.]243[.]226	90[.]156[.]4[.]204	178[.]235[.]191[.]182
		70[.]34[.]244[.]100	91[.]149[.]202[.]215	178[.]37[.]97[.]243
		70[.]34[.]245[.]215	91[.]149[.]203[.]73	185[.]234[.]235[.]69
		70[.]34[.]252[.]168	91[.]149[.]219[.]158	192[.]162[.]174[.]67
		70[.]34[.]252[.]186	91[.]149[.]219[.]23	194[.]187[.]180[.]20
		70[.]34[.]252[.]222	91[.]149[.]223[.]130	212[.]127[.]78[.]170
		70[.]34[.]253[.]13	91[.]149[.]253[.]118	213[.]134[.]184[.]167
		70[.]34[.]253[.]247	91[.]149[.]253[.]198
		70[.]34[.]254[.]245	91[.]149[.]253[.]20

Detections

Customized NTLM listener

rule APT28_NTLM_LISTENER {

meta:

description = "Detects NTLM listeners including APT28's custom one"

strings:

$command_1 = "start-process powershell.exe -WindowStyle hidden"

$command_2 = "New-Object System.Net.HttpListener"

$command_3 = "Prefixes.Add('http://localhost:8080/')"

$command_4 = "-match 'Authorization'"

$command_5 = "GetValues('Authorization')"

$command_6 = "Request.RemoteEndPoint.Address.IPAddressToString"

$command_7 = "@(0x4e,0x54,0x4c,0x4d, 0x53,0x53,0x50,0x00,0x02,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x28,0x00,0x00,0x01,0x82,0x00,0x00,0x11,0x22,0x33,0x44,0x55,0x66,0x77,0x88,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00)"

$command_8 = ".AllKeys"

$variable_1 = "$NTLMAuthentication" nocase

$variable_2 = "$NTLMType2" nocase

$variable_3 = "$listener" nocase

$variable_4 = "$hostip" nocase

$variable_5 = "$request" nocase

$variable_6 = "$ntlmt2" nocase

$variable_7 = "$NTLMType2Response" nocase

$variable_8 = "$buffer" nocase

condition:

5 of ($command_*)

or

all of ($variable_*)

}

HEADLACE shortcut

rule APT28_HEADLACE_SHORTCUT {

meta:

description = "Detects the HEADLACE backdoor shortcut dropper. Rule is meant for threat hunting."

strings:

$type = "[InternetShortcut]" ascii nocase

$url = "file://"

$edge = "msedge.exe"

$icon = "IconFile"

condition:

all of them

}

HEADLACE credential dialogbox phishing

rule APT28_HEADLACE_CREDENTIALDIALOG {

meta:

description = "Detects scripts used by APT28 to lure user into entering credentials"

strings:

$command_1 = "while($true)"

$command_2 = "Get-Credential $(whoami)"

$command_3 = "Add-Content"

$command_4 = ".UserName"

$command_5 = ".GetNetworkCredential().Password"

$command_6 = "GetNetworkCredential().Password.Length -ne 0"

condition:

5 of them

}

HEADLACE core script

rule APT28_HEADLACE_CORE {

meta:

description = "Detects HEADLACE core batch scripts"

strings:

$chcp = "chcp 65001" ascii

$headless = "start "" msedge --headless=new --disable-gpu" ascii

$command_1 = "taskkill /im msedge.exe /f" ascii

$command_2 = "whoami>"%programdata%" ascii

$command_3 = "timeout" ascii

$command_4 = "copy "%programdata%" ascii

$non_generic_del_1 = "del /q /f "%programdata%" ascii

$non_generic_del_3 = "del /q /f "%userprofile%Downloads" ascii

$generic_del = "del /q /f" ascii

condition:

(

$chcp

and

$headless

)

and

(

1 of ($non_generic_del_*)

or

($generic_del)

or

3 of ($command_*)

)

}

MASEPIE

rule APT28_MASEPIE {

meta:

description = "Detects MASEPIE python script"

strings:

$masepie_unique_1 = "os.popen('whoami').read()"

$masepie_unique_2 = "elif message == 'check'"

$masepie_unique_3 = "elif message == 'send_file':"

$masepie_unique_4 = "elif message == 'get_file'"

$masepie_unique_5 = "enc_mes('ok'"

$masepie_unique_6 = "Bad command!'.encode('ascii'"

$masepie_unique_7 = "{user}{SEPARATOR}{k}"

$masepie_unique_8 = "raise Exception("Reconnect"

condition:

3 of ($masepie_unique_*)

}

STEELHOOK

rule APT28_STEELHOOK {

meta:

description = "Detects APT28's STEELHOOK powershell script"

strings:

$s_1 = "$($env:LOCALAPPDATAGoogleChromeUser DataLocal State)"

$s_2 = "$($env:LOCALAPPDATAGoogleChromeUser DataDefaultLogin Data)"

$s_3 = "$($env:LOCALAPPDATAMicrosoftEdgeUser DataLocal State)"

$s_4 = "$($env:LOCALAPPDATAMicrosoftEdgeUser DataDefaultLogin Data)"

$s_5 = "os_crypt.encrypted_key"

$s_6 = "System.Security.Cryptography.DataProtectionScope"

$s_7 = "[system.security.cryptography.protectdata]::Unprotect"

$s_8 = "Invoke-RestMethod"

condition:

all of them

}

PSEXEC

rule GENERIC_PSEXEC {

meta:

description = "Detects SysInternals PSEXEC executable"

strings:

$sysinternals_1 = "SYSINTERNALS SOFTWARE LICENCE TERMS"

$sysinternals_2 = "/accepteula"

$sysinternals_3 = "SoftwareSysinternals"

$network_1 = "%sIPC$"

$network_2 = "%sADMIN$%s"

$network_3 = "DeviceLanmanRedirector%sipc$"

$psexec_1 = "PSEXESVC"

$psexec_2 = "PSEXEC-{}-"

$psexec_3 = "Copying %s to %s..."

$psexec_4 = "gPSINFSVC"

condition:

(

( uint16( 0x0 ) ==0x5a4d )

and

( uint16( uint32( 0x3c )) == 0x4550 )

)

and

filesize < 1024KB

and

(

( any of ($sysinternals_*) and any of ($psexec_*) )

or

( 2 of ($network_*) and 2 of ($psexec_*))

)

}

The cybersecurity industry provides overlapping cyber threat intelligence, IOCs, and mitigation recommendations related to GRU unit 26165 cyber actors. While not all encompassing, the following are the most notable threat group names related under MITRE ATT&CK G0007 and commonly used within the cybersecurity community:

APT28 [14]
Fancy Bear [14]
Forest Blizzard [14]
Blue Delta [15]

Note: Cybersecurity companies have different methods of tracking and attributing cyber actors, and this may not be a 1:1 correlation to the U.S. government’s understanding for all activity related to these groupings.

Further Reference

To search for the presence of malicious email messages targeting CVE-2023-23397, network defenders may consider using the script published by Microsoft: https://aka.ms/CVE-2023-23397ScriptDoc.

For the Impacket TTP, network defenders may consider using the following publicly available Impacket YARA detection rule:
https://github.com/Neo23x0/signature-base/blob/master/yara/gen_impacket_tools.yar

Works Cited

[1] Microsoft. Defending Ukraine: Early Lessons from the Cyber War. 2022. https://blogs.microsoft.com/on-the-issues/2022/06/22/defending-ukraine-early-lessons-from-the-cyber-war/
[2] FBI et al. Russian Cyber Actors Use Compromised Routers to Facilitate Cyber Operations. 2024. https://media.defense.gov/2024/Feb/27/2003400753/-1/-1/0/CSA-Russian-Actors-Use-Routers-Facilitate-Cyber_Operations.PDF
[3] NSA et al. Russian GRU Conducting Global Brute Force Campaign to Compromise Enterprise and Cloud Environments. 2021. https://media.defense.gov/2021/Jul/01/2002753896/-1/-1/0/CSA_GRU_GLOBAL_BRUTE_FORCE_CAMPAIGN_UOO158036-21.PDF
[4] ANSSI. Campagnes d'attaques du mode opératoire APT28 depuis 2021. 2023. https://cert.ssi.gouv.fr/cti/CERTFR-2023-CTI-009/
[5] ANSSI. Targeting and compromise of french entities using the APT28 intrusion set. 2025. https://cert.ssi.gouv.fr/cti/CERTFR-2025-CTI-007/
[6] Polish Cyber Command. Detecting Malicious Activity Against Microsoft Exchange Servers. 2023. https://www.wojsko-polskie.pl/woc/articles/aktualnosci-w/detecting-malicious-activity-against-microsoft-exchange-servers/
[7] IBM. Israel-Hamas Conflict Lures to Deliver Headlace Malware. 2023. https://securityintelligence.com/x-force/itg05-ops-leverage-israel-hamas-conflict-lures-to-deliver-headlace-malware/
[8] CERT-UA. APT28: From Initial Attack to Creating Domain Controller Threats in an Hour. 2023. https://cert.gov.ua/article/6276894
[9] NSA. Embracing a Zero Trust Security Model. 2021. https://media.defense.gov/2021/Feb/25/2002588479/-1/-1/0/CSI_EMBRACING_ZT_SECURITY_MODEL_UOO115131-21.PDF
[10] NSA et al. Keeping PowerShell: Security Measures to Use and Embrace. 2022. https://media.defense.gov/2022/Jun/22/2003021689/-1/-1/0/CSI_KEEPING_POWERSHELL_SECURITY_MEASURES_TO_USE_AND_EMBRACE_20220622.PDF
[11] National Institute of Standards and Technology (NIST). Special Publication 800-63B: Digital Identity Guidelines – Authentication and Lifecycle Management. 2020. https://pages.nist.gov/800-63-3/sp800-63b.html
[12] NSA. Selecting Secure Multi-factor Authentication Solutions. October 16, 2020. https://media.defense.gov/2024/Jul/31/2003515137/-1/-1/0/MULTIFACTOR_AUTHENTICATION_SOLUTIONS_UOO17091520.PDF
[13] NSA and CSA. NSA and CISA Red and Blue Teams Share Top Ten Cybersecurity Misconfigurations. 2023. https://media.defense.gov/2023/Oct/05/2003314578/-1/-1/0/JOINT_CSA_TOP_TEN_MISCONFIGURATIONS_TLP-CLEAR.PDF

[14] Department of Justice. Justice Department Conducts Court-Authorized Disruption of Botnet Controlled by the Russian Federation’s Main Intelligence Directorate of the General Staff (GRU). 2024. https://www.justice.gov/archives/opa/pr/justice-department-conducts-court-authorized-disruption-botnet-controlled-russian
[15] Recorded Future. GRU’s BlueDelta Targets Key Networks in Europe with Multi-Phase Espionage Campaigns. 2024. https://go.recordedfuture.com/hubfs/reports/CTA-RU-2024-0530.pdf

Disclaimer of endorsement

The information and opinions contained in this document are provided "as is" and without any warranties or guarantees. Reference herein to any specific commercial products, process, or service by trade name, trademark, manufacturer, or otherwise, does not constitute or imply its endorsement, recommendation, or favoring by the United States Government, and this guidance shall not be used for advertising or product endorsement purposes.

Purpose

This document was developed in furtherance of the authoring agencies’ cybersecurity missions, including their responsibilities to identify and disseminate threats and to develop and issue cybersecurity specifications and mitigations. This information may be shared broadly to reach all appropriate stakeholders.

Contact

United States organizations

National Security Agency (NSA)
Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI)
- U.S. organizations are encouraged to reporting suspicious or criminal activity related to information in this advisory to CISA via the agency’s Incident Reporting System, its 24/7 Operations Center (report@cisa.gov or 888-282-0870), or your local FBI field office. When available, please include the following information regarding the incident: date, time, and location of the incident; type of activity; number of people affected; type of equipment user for the activity; the name of the submitting company or organization; and a designated point of contact.
Department of Defense Cyber Crime Center (DC3)

United Kingdom organizations

Germany organizations

Czech Republic organizations

Poland organizations

Australian organizations

Visit cyber.gov.au or call 1300 292 371 (1300 CYBER 1) to report cybersecurity incidents and access alerts and advisories.

Canadian organizations

Estonia organizations

French organizations

French organizations are encouraged to report suspicious activity or incident related to information found in this advisory by contacting ANSSI/CERT-FR by email at cert-fr@ssi.gouv.fr or by phone at: 3218 or +33 9 70 83 32 18.

See Table 2 through Table 14 for all the threat actor tactics and techniques referenced in this advisory.

Table 2: Reconnaissance
Tactic/Technique Title	ID	Use
Reconnaissance	TA0043	Conducted reconnaissance on at least one entity involved in the production of ICS components for railway management.
Gather Victim Identity Information: Email Addresses	T1589.002	Conducted contact information reconnaissance to identify additional targets in key positions.
Gather Victim Org Information	T1591	Conducted reconnaissance of the cybersecurity department.
Gather Victim Org Information: Identify Roles	T1591.004	Conducted reconnaissance of individuals responsible for coordinating transport.
Gather Victim Org Information: Business Relationships	T1591.002	Conducted reconnaissance of other companies cooperating with the victim entity.
Gather Victim Host Information	T1592	Attempted to enumerate Real Time Streaming Protocol (RTSP) servers hosting IP cameras.

Table 3: Resource development
Tactic/Technique Title	ID	Use
Compromise Accounts: Email Accounts	T1586.002	Sent phishing emails using compromised accounts.
Compromise Accounts: Cloud Accounts	T1586.003	Sent phishing emails using compromised accounts.

Table 4: Initial Access
Tactic/Technique Title	ID	Use
Trusted Relationship	T1199	Conducted follow-on targeting of additional entities in the transportation sector that had business ties to the primary target, exploiting trust relationships to attempt to gain additional access.
Phishing	T1566	Used spearphishing for credentials and delivering malware to gain initial access to targeted entities.
Phishing: Spearphishing Attachment	T1566.001	Sent emails with malicious attachments.
Phishing: Spearphishing Link	T1566.002	Used spearphishing with included links to fake login pages. Sent emails with embedded hyperlinks that downloaded a malicious archive.
Phishing: Spearphishing Voice	T1566.004	Attempted to use voice phishing to gain access to privileged accounts by impersonating IT staff.
External Remote Services	T1133	Exploited Internet-facing infrastructure, including corporate VPNs, to gain initial access to targeted entities.
Exploit Public-Facing Application	T1190	Exploited public vulnerabilities and SQL injection to gain initial access to targeted entities.
Content Injection	T1659	Leveraged a WinRAR vulnerability allowing for the execution of arbitrary code embedded in an archive.

Table 5: Execution
Tactic/Technique Title	ID	Use
User Execution: Malicious Link	T1204.001	Used malicious links to hosted shortcuts in spearphishing.
User Execution: Malicious File	T1204.002	Delivered malware executables via spearphishing.
Scheduled Task/Job: Scheduled Task	T1053.005	Used scheduled tasks to establish persistence.
Command and Scripting Interpreter	T1059	Delivered scripts in spearphishing. Executed arbitrary shell commands.
Command and Scripting Interpreter: PowerShell	T1059.001	PowerShell commands were often used to prepare data for exfiltration.
Command and Scripting Interpreter: Windows Command Shell	T1059.003	Used BAT script in spearphishing.
Command and Scripting Interpreter: Visual Basic	T1059.005	Used VBScript in spearphishing.
Command and Scripting Interpreter: Python	T1059.006	Installed python on infected machines to enable the execution of Certipy.

Table 6: Persistence
Tactic/Technique Title	ID	Use
Account Manipulation: Additional Email Delegate Permissions	T1098.002	Used manipulation of mailbox permissions to establish sustained email collection.
Modify Authentication Process: Multi-Factor Authentication	T1556.006	Enrolled compromised accounts in MFA mechanisms to increase the trust-level of compromised accounts and enable sustained access.
Hijack Execution Flow: DLL Search Order Hijacking	T1574.001	Used DLL search order hijacking to facilitate malware execution.
Boot or Logon Autostart Execution: Registry Run Keys / Startup Folder	T1547.001	Used run keys to establish persistence.
Boot or Logon Autostart Execution: Shortcut Modification	T1547.009	Placed malicious shortcuts in the startup folder to establish persistence.

Table 7: Defense Evasion
Tactic/Technique Title	ID	Use
Indicator Removal: Clear Windows Event Logs	T1070.001	Deleted event logs through the wevtutil utility.

Table 8: Credential access
Tactic/Technique Title	ID	Use
Brute Force		Sent requests with Base64-encoded credentials for the RTSP server, which included publicly documented default credentials, and likely were generic attempts to brute force access to the devices.
Brute Force: Password Guessing	T1110.001	Used credential guessing to gain initial access to targeted entities.
Brute Force: Password Spraying	T1110.003	Used brute force to gain initial access to targeted entities. Conducted a brute force password spray via LDAP.
Multi-Factor Authentication Interception		Used multi-stage redirectors to provide MFA relaying capabilities in some campaigns.
Input Capture		Used multi-stage redirectors to provide CAPTCHA relaying capabilities in some campaigns.
Forced Authentication		Used an Outlook NTLM vulnerability to collect NTLM hashes and credentials via specially crafted Outlook calendar appointment invitations.
OS Credential Dumping: NTDS	T1003.003	Attempted to dump Active Directory NTDS.dit domain databases.
Unsecured Credentials: Group Policy Preferences	T1552.006	Retrieved plaintext passwords via Group Policy Preferences using Get-GPPPassword.py.

Table 9: Discovery
Tactic/Technique Title	ID	Use
Account Discovery: Domain Account	T1087.002	Used a modified ldap-dump.py to enumerate the Windows environment.

Table 10: Command and Control
Tactic/Technique Title	ID	Use
Hide Infrastructure	T1665	Abused SOHO devices to facilitate covert cyber operations, as well as proxy malicious activity, via devices with geolocation in proximity to the target.
Proxy: External Proxy	T1090.002	Actor-controlled servers sent RTSP DESCRIBE requests destined for RTSP servers.
Proxy: Multi-hop Proxy	T1090.003	Used Tor and commercial VPNs as part of their anonymization infrastructure
Encrypted Channel	T1573	Connected to victim infrastructure using encrypted TLS.
Multi-Stage Channels	T1104	Used multi-stage redirectors for campaigns.

Table 11: Defense evasion (mobile framework)
Tactic/Technique Title	ID	Use
Execution Guardrails		Used multi-stage redirectors to verify browser fingerprints in some campaigns.
Execution Guardrails: Geofencing	T1627.001	Used multi-stage redirectors to verify IP-geolocation in some campaigns.

Table 12: Lateral movement
Tactic/Technique Title	ID	Use
Lateral Movement		Used native commands and open source tools, such as Impacket and PsExec, to move laterally within the environment.
Remote Services: Remote Desktop Protocol	T1021.001	Moved laterally within the network using RDP.

Table 13: Collection
Tactic/Technique Title	ID	Use
Email Collection		Retrieved sensitive data from email servers.
Email Collection: Remote Email Collection	T1114.002	Used server data exchange protocols and APIs such as Exchange Web Services (EWS) and IMAP to exfiltrate data from email servers.
Automated Collection		Used periodic EWS queries to collect new emails.
Video Capture		Attempted to gain access to the cameras’ feeds.
Archive Collected Data		Accessed files were archived in .zip files prior to exfiltration.
Archive Collected Data: Archive via Utility	T1560.001	Prepared zip archives for upload to the actors’ infrastructure.

Table 14: Exfiltration
Tactic/Technique Title	ID	Use
Exfiltration Over Alternative Protocol		Attempted to exfiltrate archived data via a previously dropped OpenSSH binary.
Scheduled Transfer		Used periodic EWS queries to collect new emails sent and received since the last data exfiltration.

Appendix B: CVEs exploited

Table 15: Exploited CVE information
CVE	Vendor/Product	Details
CVE-2023-38831	RARLAB WinRAR	Allows execution of arbitrary code when a user attempts to view a benign file within a ZIP archive.
CVE-2023-23397	Microsoft Outlook	External actors could send specially crafted emails that cause a connection from the victim to an untrusted location of the actor’s control, leaking the Net-NTLMv2 hash of the victim that the actor could then relay to another service to authenticate as the victim.
CVE-2021-44026	Roundcube Webmail	Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to a potential SQL injection via search or search params.
CVE-2020-35730	Roundcube Webmail	An XSS issue was discovered in Roundcube Webmail before 1.2.13, 1.3.x before 1.3.16 and 1.4.x before 1.4.10, where a plaintext email message with JavaScript in a link reference element is mishandled by linkref_addindex in rcube_string_replacer.php.
CVE-2020-12641	Roundcube Webmail	Roundcube Webmail before 1.4.4 allows arbitrary code execution via shell metacharacters in a configuration setting for im_convert_path or im_identify_path in rcube_image.php.

Appendix C: MITRE D3FEND Countermeasures

Table 16: MITRE D3FEND countermeasures
Countermeasure Title	ID	Details
Network Isolation		Employ appropriate network segmentation. Disable Universal Plug and Play (UPnP), Peer-to-Peer (P2P), and Anonymous Visit features on IP cameras and routers.
Access Mediation		Limit access and utilize additional attributes (such as device information, environment, and access path) when making access decisions. Configure access controls carefully to ensure that only well-maintained and well-authenticated accounts have access.
Inbound Traffic Filtering		Implement host firewall rules to block connections from other devices on the network, other than from authorized management devices and servers, to prevent lateral movement.
Resource Access Pattern Analysis		Use automated tools to audit access logs for security concerns and identify anomalous access requests.
Outbound Traffic Filtering		Block NTLM/SMB requests to external infrastructure.
Platform Monitoring		Install EDR/logging/cybersecurity solutions onto high value systems with large amounts of sensitive data such as mail servers and domain controllers.
System File Analysis		Collect and monitor Windows logs for certain events, especially for events that indicate that a log was cleared unexpectedly.
Application Hardening		Enable optional security features in Windows to harden endpoints and mitigate initial access techniques.
Application-based Process Isolation		Enable attack surface reduction rules to prevent executable content from email.
Executable Allowlisting		Enable attack surface reduction rules to prevent execution of files from globally writeable directories, such as Downloads or %APPDATA%.
Execution Isolation		Unless users are involved in the development of scripts, limit the execution of scripts (such as batch, JavaScript, and PowerShell) to known scripts.
Application Configuration Hardening		Disable Windows Host Scripting functionality and configure PowerShell to run in Constrained mode. Disable protocols that use weak authentication (e.g., clear-text passwords, or outdated and vulnerable authentication or encryption protocols) or do not support multi-factor authentication. Turn off other ports/services not in use (e.g., FTP, web interface, etc.).
Process Spawn Analysis		Use open source SIGMA rules as a baseline for detecting and alerting on suspicious file execution or command parameters.
URL Reputation Analysis		Use services that provide enhanced browsing services and safe link checking.
Network Access Mediation		Do not allow incoming traffic, especially logins to systems, from public VPN services. Where possible, logins from public VPNs, including exit nodes in the same country as target systems, should be blocked or, if allowed, alerted on for further investigation. Ensure cameras and other Internet of Things devices are protected by a security appliance, if possible.
DNS Denylisting	D3-DNSDL	Do not allow outgoing traffic to hosting and API mocking services frequently used by malicious actors.
Domain Name Reputation Analysis		Heuristic detections for web requests to new subdomains may uncover malicious phishing activity. Logging the requests for each sub-domain requested by users on a network, such as in DNS or firewall logs, may enable system administrators to identify new targeting and victims.
Multi-factor Authentication		Use MFA with strong factors and require regular re-authentication, especially for management accounts.
Job Function Access Pattern Analysis	D3-JFAPA	Implement other mitigations for privileged accounts: including limiting the number of admin accounts, considering using hardware MFA tokens, and regularly reviewing all privileged user accounts.
User Account Permissions		Separate privileged accounts by role and alert on misuse of privileged accounts. Audit user accounts on all devices to ensure they are an accurate reflection of your organization and that they are being used as expected.
Token-based Authentication		Reduce reliance on passwords; instead, consider using services like single sign-on.
Credential Hardening		Do not store passwords in Group Policy Preferences (GPP). Remove all passwords previously included in GPP and change all passwords on the corresponding accounts.
Authentication Event Threshholding		Use account throttling or account lockout. Throttling progressively increases time delay between successive login attempts. If using account lockout, allow between 5 to 10 attempts before lockout.
Strong Password Policy		Use a service to check for compromised passwords before using them.
Credential Rotation		Change all default credentials.
Encrypted Tunnels		Disable protocols that use weak authentication (e.g., clear-text passwords, or outdated and vulnerable authentication or encryption protocols). Use a VPN for remote connections to devices.
Software Update		Apply security patches and firmware updates to all devices. Ensure devices are currently supported. Replace devices that are end-of-life.
Agent Authentication		Ensure authentication is enabled for remote access to devices. If supported on IP cameras, enable authenticated RTSP access only.
User Behavior Analysis		Review all authentication activity for remote access to make sure it is valid and expected. Investigate any unexpected or unusual activity.

MIL OSI USA News -

May 22, 2025

MIL-OSI USA: Russian GRU Cyber Actors Targeting Western Logistics Entities and Tech Companies

News In Brief – Source: US Computer Emergency Readiness Team

Today, CISA, the National Security Agency, the Federal Bureau of Investigation, and other U.S. and international partners released a joint Cybersecurity Advisory, Russian GRU Targeting Western Logistics Entities and Technology Companies.

This advisory details a Russian state-sponsored cyber espionage-oriented campaign targeting technology companies and logistics entities, including those involved in the coordination, transport, and delivery of foreign assistance to Ukraine.

Russian General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center, military unit 26165 cyber actors are using a mix of previously disclosed tactics, techniques, and procedures (TTPs) and are likely connected to these actors’ widescale targeting of IP cameras in Ukraine and bordering NATO nations.

Executives and network defenders at logistics entities and technology companies should recognize the elevated threat of until 26165 targeting, increase monitoring and threat hunting for known TTPs and indicators of compromise, and posture network defenses with a presumption of targeting. For more information on Russian state-sponsored threat actor activity, see CISA’s Russia Cyber Threat Overview and Advisories page.

MIL OSI USA News –

May 22, 2025
MIL-OSI Europe: Agenda – Thursday, 22 May 2025 – Brussels

Source: European Parliament

16 Deliberations of the Committee on Petitions in 2023
Gheorghe Falcă (A10-0063/2025)

– Amendments Wednesday, 14 May 2025, 13:00

11 Amending Regulation (EU) 2023/956 as regards simplifying and strengthening the carbon border adjustment mechanism
Antonio Decaro (A10-0085/2025)

– Amendments; rejection Monday, 19 May 2025, 13:00

8 Modification of customs duties applicable to imports of certain goods originating in or exported from the Russian Federation and the Republic of Belarus
Inese Vaidere (A10-0087/2025)

– Amendments; rejection Monday, 19 May 2025, 13:00

27 Granting equivalence to Moldova and Ukraine for field inspections and seed production
Veronika Vrecionová (A10-0043/2025)

– Amendments; rejection Wednesday, 14 May 2025, 13:00

28 Amendments to the Capital Requirements Regulation as regards securities financing transactions under the net stable funding ratio

– Amendments; rejection Wednesday, 14 May 2025, 13:00

Texts put to the vote on Thursday Tuesday, 20 May 2025, 16:00

MIL OSI Europe News –

May 22, 2025
MIL-OSI Europe: Missions – AFET ad-hoc delegation to Uruguay and Argentina – 26-05-2025 – Committee on Foreign Affairs

Source: European Parliament

AFET ad-hoc delegation to Uruguay and Argentina © Image used under license from Adobe Stock

A delegation of eight Members of the Committee on Foreign Affairs (AFET), led by Chair David McAllister, will travel to Uruguay and Argentina from 26 to 29 May. Members will engage in high-level discussions regarding the EU-Mercosur Partnership Agreement which was concluded last December in Montevideo, Uruguay. The findings from this visit will contribute to the preparatory work for the consent procedure on the political and cooperation aspects of the Agreement, for which AFET is responsible.

More broadly, this mission will allow to exchange views on bilateral, regional and multilateral cooperation, as well as geopolitical issues such as Russia’s war of aggression against Ukraine, the situation in the Middle East, and China’s expanding influence in Latin America.

MIL OSI Europe News –

May 22, 2025
MIL-OSI United Nations: Experts of the Committee on the Rights of the Child Commend Romania on Deinstitutionalisation Process, Raise Questions on Corporal Punishment and Segregation in Education

Source: United Nations – Geneva

The Committee on the Rights of the Child today concluded its review of the combined sixth and seventh periodic reports of Romania, with Committee Experts commending the State on the deinstitutionalisation process of alternative care centres, while raising questions on the prevalence of corporal punishment and measures taken to combat segregation in education.

A Committee Expert said she was happy to hear about the programme for the deinstitutionalisation of alternative care centres; this was something Romania should be proud of, as well as all the foster arrangements being made, especially for children with disabilities.

Juliana Scerri Ferrante, Committee Expert and Country Taskforce Member, said there seemed to be a lack of parental education programmes around corporal punishment. How could the views of the child be respected if violence was accepted as a disciplinary measure? Could the Romanian Government take clear steps to train staff and promote child education? Philip Jaffe, Committee Vice-Chair and Country Taskforce Member, also noted that corporal punishment appeared to remain quite widespread despite being banned in 2004. What efforts were being made to lower the prevalence and change attitudes among parents and adults?

Mr. Jaffe asked what was being done to combat school segregation based on disability, special education needs, and family economic status? What improvements were being made to increase the improvement of vocational training for older children who may be leaving the school system? Were there any programmes which specifically targeted economically disadvantaged children?

The delegation said Romanian legislation completely prohibited violence against children, regardless of the environment. However, despite the legislation, which was fully aligned with United Nations Conventions, the State needed to fight against mentalities and traditions and to practically change the minds of parents and caregivers, who believed corporal punishment would discipline children better. Awareness-raising campaigns were being conducted for parents, and mechanisms including hotlines had been developed to support children, including the helpline 119. Authorities were obligated to launch investigations immediately concerning any allegations of violence against children.

The delegation said the Ministry of Education had taken steps to assist children with special educational needs, with the creation of frameworks offering them different kinds of support, based on the type of disability. Adaptive measures had been taken for Roma children, including stimulating their participation in early education and in summer kindergartens, supporting education in their current language, and translating schoolbooks in their mother tongue, among others. An increasing number of contracts between schools and the business sector had been recorded, including around 6,000 contracts in the school year 2023/2024.

Introducing the report, Helena Omna-Raicu, President of the National Authority for the Protection of Child Rights and Adoption of Romania and head of the delegation, said Romania’s path in recent years had been shaped by profound changes and emerging pressures, including the war in Ukraine and the arrival of thousands of children and families fleeing conflict. As a neighbouring country, Romania had mobilised rapidly to provide emergency care, protection, psychosocial support, and schooling to children regardless of their nationality.

Ms. Omna-Raicu said Romania had made significant progress in certain areas, including in the deinstitutionalisation process. Of the 167 residential placement centres operating in 2017, 149 had already been closed by the end of March 2025 and over 6,000 children were now benefiting from family-type alternative care. The remaining 18 placement centres would be closed soon.

In closing remarks, Rinchen Chophel, Committee Expert and Country Taskforce Coordinator, reiterated the Committee’s appreciation for the Government of Romania’s support to Ukrainian refugees, particularly children. Significant progress had been made from the last reporting period to the current one, with many looking forward beyond the dialogue.

In her closing remarks, Ms. Omna-Raicu, expressed deep gratitude for the dialogue. The Committee’s concerns regarding urban disparities were noted. Romania would treat the Committee’s recommendations as an opportunity for deeper transformation.

The delegation of Romania was comprised of representatives from the National Authority for the Protection of Child Rights and Adoption; the Ministry of Education and Research; the Ministry of Justice; the Ministry of Health; the Ministry of Labour, Family, Youth and Social Security; the Ministry of Foreign Affairs; the General Inspectorate of the Romanian Police; the General Inspectorate for Immigration; the National Administration of Penitentiaries; the Prosecutor’s Office; the National Health Insurance Authority; and the Permanent Mission of Romania to the United Nations Office at Geneva.

Summaries of the public meetings of the Committee can be found here, while webcasts of the public meetings can be found here. The programme of work of the Committee’s ninety-ninth session and other documents related to the session can be found here.

The Committee will next meet in public at 3 p.m. on Wednesday, 21 May to begin its consideration of the combined fifth and sixth periodic reports of Qatar (CRC/C/QAT/5-6).

Report

The Committee has before it the combined sixth and seventh periodic reports of Romania (CRC/C/ROU/6-7).

Presentation of Report

HELENA OMNA-RAICU, President of the National Authority for the Protection of Child Rights and Adoption of Romania and head of the delegation, said Romania’s path in recent years had been shaped by profound changes and emerging pressures, including the war in Ukraine and the arrival of thousands of children and families fleeing conflict. As a neighbouring country, Romania had mobilised rapidly to provide emergency care, protection, psychosocial support, and schooling to children regardless of their nationality. The State was proud to have established the first Blue Dot in the region at the border crossing with Ukraine and launched the use of the Child Protection Information Management System Primero in only a couple of months after the onset of the refugee crisis, ensuring registration and case management for almost 40,000 refugee children.

Several new national strategies had been developed for 2021-2027 which aimed to address child poverty and wellbeing, including the national strategy for the protection and promotion of children’s rights “protected children, safe Romania” 2023-2027, and the national strategy on social inclusion and poverty reduction 2022-2027, among others. Romania had also adopted and begun the implementation of the child guarantee national action plan 2023-2030, which aimed to reduce the number of children at risk of poverty or social exclusion by at least 500,000 by 2030. Romania had seen a measurable decline in the proportion of children at risk of poverty and social exclusion from 41.5 per cent in 2022 to 33.8 per cent in 2024.

In April 2024, law 100/2024 was approved which included specific amendments to several laws relevant for social assistance. The new emergency ordinance no. 96/2024, approved in June 2024 regarding the provision of humanitarian support and assistance by the Romanian State to foreign citizens or stateless persons in special situations coming from the area of the armed conflict in Ukraine, established the legal framework providing refugees with access to a wide range of key national statutory services. Another significant legislative change was enacted by amending law 272/2004 in December 2024, which now mandated the participation of children in public decision-making processes.

There had also been several significant programmes launched, including modernising the unique national number 119 for reporting cases of abuse, neglect, exploitation and any other form of violence against children; the development of community services for children and families to prevent separation and support the family reintegration of children from the special protection system; and the development of 200 integrated community centres and 150 daycare centres for children, among others. Despite these advances, challenges remained, including disparities between rural and urban areas.

However, Romania had made significant progress in certain areas, including in the deinstitutionalisation process. Of the 167 residential placement centres operating in 2017, 149 had already been closed by the end of March 2025 and over 6,000 children were now benefiting from family-type alternative care. The remaining 18 placement centres would be closed soon. The use of European Union structural funds had also supported the training of over 11,000 foster carers. A new programme had also been introduced, aimed to scale-up integrated community-services in 2,000 marginalised rural communities, combining social assistance, health, education, and other types of social support. Over 800 million euros of European Social Funds were planned for enhancing access to social services for the most vulnerable, including children and their families.

The State had also expanded support for children at risk of early school leaving by using the early warning mechanism in education, of which around 50,000 participants from 6,950 institutions had completed the training programme. Targeted policies had been developed that supported the reintegration of children who dropped out during the pandemic, and more resources were reaching schools in deprived communities. In health, the role of community nurses and Roma health mediators had grown, and work continued to improve access to services for vulnerable groups.

Pilot projects on mental health for children had laid the groundwork for more systemic change, with mental health services for children and adolescents being expanded. However, challenges remained in ensuring equitable access to quality services in rural and marginalised areas, addressing shortages of specialised personnel, and improving early identification and intervention for children with developmental delays or disabilities.

Romania was committed to reducing the number of children affected by poverty and social exclusion by at least 500,000. The State would also pursue the complete closure of old-type residential centres, with every child in alternative care placed in family-based or community settings. Romania was committed to translating the pledges made during the first-ever global ministerial conference on ending violence against children held at the end of 2024 in Bogota, Columbia, into realities for children.

In education, the State aimed to increase the early childhood education enrolment rate by at least 22 per cent for children aged zero to three and at least 95 per cent for children aged four to six. There would be a focus on improving mental health services for children and linking schools, families, and health providers more effectively, aiming to reduce preventable mortality by 20 per cent compared to 2021 levels for children of all ages. Finally, Romania would ensure that children had a role in shaping systems through participatory budgeting, monitoring, and children and youth-led policy platforms. Romania remained committed to fully implementing the Convention and to contributing to the global effort to advance child rights everywhere.

Questions by Committee Experts

RINCHEN CHOPHEL, Committee Expert and Country Taskforce Coordinator, said Romania had achieved a lot since the last report, which the Committee was happy about. Romania’s assistance to the Ukrainian refugees and children should be noted. There had been significant legislative achievements, particularly the amendments to law 272. What measures were in place to ensure effective implementation of the law? The national strategy on social inclusion and poverty reduction 2022-2027, and the child guarantee national action plan 2023-2030 were very welcome developments. How had these impacted on measures to promote and protect children? Had an assessment been undertaken to evaluate the impact of the national strategy.

While welcoming increased allocations to certain sectors, the Coordinator asked what measures were in place to develop a child-friendly budgeting process? What was the current status of the complaints mechanism in the country for reporting all forms of abuse and violence for children? What had been done to inform children of their right to file a complaint? Had professionals working with children been trained on receiving complaints concerning children and the Convention?

The establishment of the child Ombudsman in 2018 was a crucial step in the right direction, and the Government should be congratulated for that. What was the current status of the institution? How did it connect with children? The Committee noted the State party’s awareness raising activities on the Convention with appreciation, including the translation of the Committee’s general comments into Romanian. How did these efforts extend to rural children?

JULIANA SCERRI FERRANTE, Committee Expert and Country Taskforce Member, asked if the national strategy for school de-segregation been adopted? If not, then when would this occur? What measures had been taken to address hate speech? Did the permanent committee set up in every education unit offer a complaints mechanism to children? If not, how could children complain in schools?

What had been done to decrease discrimination against the Roma population? What efforts had been made to promote the inclusion of Roma in mainstream schooling? How was discrimination against children with disabilities tackled in education? There was concern that Romanian law did not define valid reasons on which minor marriages could be authorised and this was left to the discretion of the authorities. What training was provided to apply the best interests of the child? What approaches had been taken to reduce the preventable mortality of children under five years old? What was the position of the Romanian Government on the proposed amendment to law 272 regarding lesbian, gay, bisexual, transgender and intersex children?

There seemed to be a lack of parental education programmes around corporal punishment. How could the views of the child be respected if violence was accepted as a disciplinary measure? Could the Romanian Government take clear steps to train staff and promote child education? How were child labour laws enforced? How would the Romanian Government establish a child participation mechanism? Were refugee and asylum-seeking children involved in decisions which affected them? Were children provided information on their rights?

What measures were being taken to strengthen the capacity of the social welfare services? How were children with disabilities prioritised in reform measures? What was being done to combat the illicit transfer of children abroad? Had bilateral agreements been conducted in this regard? Was the Romanian Government carrying out measures to understand the impact of prison on children? How were they supported when their parents were incarcerated? What support was available for young people leaving institutional care?

SOPHIE KILADZE, Committee Chair and Country Taskforce Member, said the adoption of law 105/22 providing for automatic birth registration should be considered as positive. Could more information be provided about how the law worked in practice? Were there any plans to introduce a statelessness determination procedure? Was data on statelessness which concerned children disaggregated? What measures were in place to protect children from excessive screen use? How did Romania deal with artificial intelligence as a European Union member? Romania had one of the lowest levels of digital skills in the European Union; what measures were being undertaken to promote digital literacy among children, as well as parents?

PHILIP JAFFE, Committee Vice-Chair and Country Taskforce Member, said it was wonderful that strong pledges had been made at the global ministerial conference on ending violence against children in Bogota. How was Romania implementing its mission as a pathfinding global alliance country? It seemed Romanian children were in need of protection against high levels of physical and sexual violence. One of the pledges made in Bogota was to conduct a prevalence study on sexual abuse; had the State moved forward with this study? Were there dedicated teams drawing up the comprehensive framework and strategy which had been promised? One pledge had been to enhance children’s participation regarding issues of violence. What efforts had the Government made to ensure that there was a clear public understanding that all forms of violence against children needed to be reported?

Corporal punishment appeared to remain quite widespread despite being banned in 2004. What efforts were made to lower the prevalence and change attitudes among parents and adults? It was encouraging that Romania had been one of 40 countries to recently join a statement of the Human Rights Council, expressing children’s right to protection from corporal punishment. How was bullying and cyber bullying being addressed at all levels of legislative policy? Could more information about the child helplines be provided?

Was it true that around seven to eight per cent of girls in Romania were married before the age of 18, with that percentage rising to around 20 per cent in the Roma community? What was being done in response to this? Was it true that charges had been dropped against a 17-year-old boy who entered into a non-formal marriage with an 11-year-old girl? What policy was in practice in the health sector regarding surgical interventions and intersex children? What were the guidelines to protect their bodily integrity until these children were capable of providing consent?

Responses by the Delegation

The delegation said the law on child protection now included clear provisions which made it compulsory for public administrative bodies to involve children in consultations regarding issues which concerned them. The national strategy on children’s rights was recently adopted and another national action plan was elaborated; these plans were complimentary. This was a comprehensive package which would help the Government to better implement all necessary measures. An assessment of the national strategy had been undertaken. The State was now piloting a system which would indicate how to establish a model of financing where children would be considered as a different group that would benefit from a different budget.

The national programme for schooling in Romania ensured children received food support at schools to increase the enrolment rate and participation. School supplies were also provided for all school grades. Two hundred euros were provided for the purchase of technology, and remedial lessons were provided to students coming from disadvantaged communities. Recently, the scholarship system had been extended to encompass more disadvantaged groups.

Funds allocated to primary medical care had registered a continuous annual increase. Just last year, the fund allocated to primary care increased by 24 per cent. The national observatory was a big achievement for Romania and aimed to identify the children most at risk of being separated from their families, based on indicators. Training was being conducted on the use of the observatory to ensure the data provided was reliable.

The hearing of minors in justice proceedings took place in special rooms, and a psychologist was always required to be present. The new national strategy for the development of the judicial system provided for another 10 hearing rooms across the country. There were specially designated prosecutors to handle cases involving minors. The child Ombudsman was fully operational and cooperated with all institutions. It had a functioning complaints mechanism. If an incident was notified to the Ombudsman, an investigation started, which concluded with a set of recommendations sent to the institution responsible to correct the situation.

Civil society representatives were part of the consultative groups established at the national level. A methodology had been issued and piloted regarding identifying and banning segregation within the educational sector. The measures focused on ensuring an inclusive education. Any kind of discrimination on criteria such as ethnicity, religion or sex was completely forbidden within the educational system. Specific places in high schools were allocated for Roma students and students with disabilities. To ensure access to high quality education, educational services had been developed starting from early education to prevent early dropout and absenteeism.

A set of programmes had been introduced, including a monthly allowance for children up to the age of 18, as well as parental leave. There was also a minimum income support which supported families with children. Emergency ordinance no.96 was developed specifically for children from Ukraine and their families.

There was a dedicated intergovernmental group which addressed the subject of forced marriage, with the aim of drafting legislative projects in this regard. Concerning infant mortality and the number of deaths under one year of age, a regionalised system of care had been introduced to ensure each neonate was born in a medical unit which could provide the services necessary for their care, thereby reducing infant mortality. An important national programme was in place which contained around 15 interventions, established in partnership with the United Nations Children’s Fund. Another programme provided 900 neonatal incubators around the country.

A significant number of services had been established to help families in vulnerable situations. A special programme was launched last year on the minimum inclusion income, which focused on how to assist parents within the labour market. The State was aware of a lack of social assistance in rural areas, which was where the most vulnerable communities lived. Interventions were directed, including food packages, and local administrative capacities would be developed.

A programme had been developed which aimed to establish hearing rooms for children in courts, and 29 hearing rooms were completed in April 2024. The rooms were used by the Prosecutors and police officers when they had victims who were minors. The rooms were child-friendly and specially designed with toys. The child did not see the other people participating in the hearing. A new strategy adopted in 2025 provided for the need for an additional 10 hearing rooms in the near future.

All social services were functioning based on a set of minimum quality standards, which were verified by the national agency for social inspection. With the United Nations Children’s Fund, Romania was piloting a project which would identify and train foster families to care specifically for children with disabilities. A child entering the special protection system was prioritised to be reintegrated in a family environment. Adoption was considered the best solution in this regard, and this could only be decided by a court. Priority was offered to domestic adoption, but international adoption could be considered after one year.

Amendments had been made to allow special spaces for visits in prison with children. Such spaces were now available in all prison facilities within the Romanian penitentiary system. There were cooperation protocols in place with the United Nations Children’s Fund and Save the Children which supported parents to develop their parental skills and improve their relationship with their children. The State was aware of the need to develop programmes which addressed the needs of children and adults and improved the relationship within the family.

The Ministry of Education aimed to develop digital competencies among students and parents. During the pandemic, all students were provided with laptops and digital devices to keep up with the educational process. In a new initiative launched in partnership with Microsoft, the Ministry of Education had announced the development of a project concerning artificial intelligence for increasing the school performance of students. A project was also being implemented aimed at improving the digital skills of civil servants.

Romania had a dedicated national child help line. It was toll-free and operational 24/7. Those operating the calls were specialised counsellors who could refer the cases to the relevant authorities. Another helpline just referred cases to social services. The 119 helpline was a recent development, operational from any place in Romania and accessible to children and adults. After the first year, it had been well received and was being regularly used to inform on any situation concerning a child.

Rape of a minor and sexual assault against a minor had been introduced as acts within the Criminal Code. Rape committed by an adult against a minor under the age of 18 was punished by a prison sentence of between seven to 12 years.

Questions by Committee Experts

PHILIP JAFFE, Committee Vice-Chair and Country Taskforce Member, said one in 20 people in Romania held a disability certificate, with around 80,000 being children. What were the difficulties faced by certain groups of children to receive this certificate, including rural children? Were there any awareness-raising campaigns for rural minorities and poor families regarding their entitlement to services? Could more information be provided about Romania’s strategy for persons with disabilities? How were the number and expertise of professionals being scaled up? To what degree had the State embraced a human-rights approach to disability, as opposed to a medical model of disability? How many children were still left in institutions? When would such institutions all be closed?

There were two recent laws on pre-university education and higher education; could more information be provided about the implementation of these laws? What was the level of gross domestic product dedicated to education in Romania? Was there a direct pipeline to hear about the concerns of children within the education system and were these concerns taken seriously? What was being done to combat school segregation based on disability, special education needs, and family economic status? Figures suggested that 40 per cent of children with disabilities had limited access to education. What steps were being made to improve education for children under the age of three? What improvements were being made to increase the improvement of vocational training for older children who may be leaving the school system? Were there any programmes which specifically targeted economically disadvantaged children? What was the mission of the Ministry of Youth?

SOPHIE KILADZE, Committee Chair and Country Taskforce Member, asked if sufficient resources were dedicated to the capacity building of medical personnel? Did all children have access to health care, including health insurance? How were vaccinations promoted in the country? How was breast feeding promoted? Child obesity was an issue of concern; how was this combatted? Was there a hot meals programme?

Mental health was a very important issue. Was data on mental health being disaggregated, including on suicide? Was there a comprehensive strategy and action plan regarding the issue of mental health? Were quality mental health services available in rural and remote areas? According to alarming information, the country had the highest number of adolescent mothers across the European Union. What steps would the State undertake to prevent adolescent pregnancies and subsequent abortions? Would Romania make reproductive education part of the curriculum?

What measures were in place to address drugs or substance abuse? Were there treatments available for children? Romania had made substantial efforts for Ukrainian children and other groups of refugees. How would the State integrate these children long-term? Were there delays in the enrolment of refugee children and their families into the social services system? Would amendments be considered in the asylum law to end the detention of families at the legislative level? Did unaccompanied migrant children have access to services, including psychosocial support and disability services? Were there any barriers which could hinder access to education?

What measures were being undertaken to end child labour, including begging? What was being done to assist children in street situations? How were perpetrators investigated and brought to justice? Were there quality services for child victims of trafficking in place? Was the system of child justice established across the country? Were adequate financial resources allocated to it? Was free legal aid available to children in conflict with the law? Was the detention of children used only as a last resort? If yes, did it comply with international standards?

RINCHEN CHOPHEL, Committee Expert and Country Taskforce Coordinator, said one in five children were affected by severe material and social deprivation, which was concerning. What was the reality on the ground? The minimum social assistance package had been introduced; could more information be provided on it? Romania was increasingly vulnerable to droughts, heatwaves, floods and landslides, and it was also grappling with water pollution. How had the national strategies pertaining to climate change helped to address the challenges of the environment and climate change in the country? What measures were being adopted to take into account children’s needs and views in the development of specific policies, including disaster-preparedness plans? Were child rights impact assessments carried out when dealing with the business sector?

A Committee Expert asked what the national coverage of vaccinations was in the country? Romania had an epidemic of measles; how did the population react to vaccinations? How was confidence being built in vaccines? Were people familiar with the law on rape? What happened once the 30-day limit for registering births had elapsed?

Responses by the Delegation

Romanian legislation completely prohibited violence against children, regardless of the environment. However, despite the legislation, which was fully aligned with United Nations Conventions, the State needed to fight against mentalities and traditions and to practically change the minds of parents and caregivers, who believed corporal punishment would discipline children better. Awareness-raising campaigns were being conducted for parents, and mechanisms including hotlines had been developed to support children, including the helpline 119.

Authorities were obligated to launch investigations immediately concerning any allegations of violence against children. Romania was committed to continuing these efforts and to changing social norms and mentalities. The numbers of cases of violence against children was increasing, which meant people were becoming more aware of the issue and reporting it.

Since 2016, the methodology applied in Romania clearly distinguished between the concept of disability and special education needs. In Romania, the deinstitutionalisation process was one of the most important commitments of the Government, and the process was now concluding. Currently, out of the 167 residential centres operating in 2017, 149 had already been closed, and more than 6,000 children were benefiting from alternative care. The legal framework stated that no placement centre could operate without the approved closure plan. The deinstitutionalisation process also involved finding better alternative and family-based care for children. Only 18 placement centres remained in the process of being closed, and by 2026 no such centre would be operating in Romania. The State was still aiming to find family-style solutions for children with disabilities, and a project was being developed with the United Nations Children’s Fund to this end.

If a birth was declared after the 30-day deadline but less than one year after the birth, the birth certificate could be issued based on approval from the mayor. If the birth declaration was made more than one year after the birth, the certificate needed to be approved by the mayor and other administrative bodies.

More than 2.8 million students were enrolled in the 2023/2024 school year in Romania. For high school, there had been a significant decrease in dropouts from 2.5 per cent in 2017 to 0.8 per cent in 2024. Around 4.5 per cent of the budget was allocated to education. The Ministry of Education had taken steps to assist children with special educational needs, with the creation of frameworks offering them different kinds of support, based on the type of disability. For students with temporary special needs, the law of education presented special measures, including the implementation of schooling hospitals, or schooling at home for those who were required to be in hospital or at home for medical reasons.

Adaptive measures had been taken for Roma children, including stimulating their participation in early education and in summer kindergartens, supporting education in their current language, and translating schoolbooks in their mother tongue, among others. More than 66,000 teachers had been trained in digital and multimedia use. An increasing number of contracts between schools and the business sector had been recorded, around 6,000 contracts in the school year 2023/2024. Most teachers had been trained to create open educational resources. Significant funds had been allocated to modernising rest room facilities in schools.

Any student could submit complaints of discrimination via an established framework. Students benefitted from representation in the school system through several platforms. The national strategy for sustainable development issued the methodology of the “green week programme”, which contributed to preschoolers and students’ competence in understanding basic concepts of climate change, to initiate individual and protective action to protect the environment. Teachers were obliged to obtain 90 transferrable professional credits every five years, through attending courses offered by Romanian training houses.

In recent years, infant mortality had remained relatively stable in Romania. From 2023 to 2024, the number of doctors treating children increased by five per cent. Regarding children’s access to medical services, all children were insured in Romania and benefitted from basic medical services across all sectors of health care. The national health insurance fund also reimbursed certain services. The Ministry of Health had launched a vaccination campaign in partnership with the Red Cross, to raise awareness of parents; this had been accompanied by a “catch-up” vaccination schedule, resulting in 1,500 children being vaccinated. A protocol had been signed with the Orthodox Church to establish an active partnership to create a framework for anyone facing a possible cancer diagnosis, offering support.

World Breastfeeding Week was celebrated in August each year, as breastfeeding remained one of the most effective ways to provide children with the best start in life. Breast feeding recommendations had been developed with partners, including the World Health Organization, and were relayed to medical practitioners at the local level. Around 200 integrated community centres would be restructured, elevated and equipped. A television broadcast had been created to promote the importance of breastfeeding in the first six months of a child’s life.

Information and education campaigns had been carried out for children, parents and teachers about the benefits of a healthy diet and the consequences of unhealthy eating. Around 1,000 people had benefited from the campaign. Substance abuse could be detected by family doctors and psychological services could be recommended. The national health insurance house implemented the national mental health programme, providing treatment for persons with substance abuses, and ensuring specific treatment for patients with depressive disorders.

Questions by Committee Experts

RINCHEN CHOPHEL, Committee Expert and Country Taskforce Coordinator, said the Government had approved a social assistance programme in 2011 which targeted all communes, but was underfinanced; could more information be provided? The Environment Week presented was an excellent initiative; how was it being utilised?

JULIANA SCERRI FERRANTE, Committee Expert and Country Taskforce Member, asked if there were any supervision orders, where children remained with their family but were supervised? Were there age assessment procedures during the asylum procedure? What rights did children applying for asylum have? Could they appeal any decisions?

PHILIP JAFFE, Committee Vice-Chair and Country Taskforce Member, said according to research by the United Nations Children’s Fund, Romanian girls felt much lonelier than Romanian boys. Was there a reason for this gap?

SOPHIE KILADZE, Committee Chair and Country Taskforce Member, asked for clarification on case management coordination?

A Committee Expert noted the prevalence of women among the large delegation and asked if women generally had an important and high-profile position in Romania, or if this only occurred when discussing children? Had there been any programmes to prevent violence? Had the concept of gender been fully institutionalised? Were teachers trained in detecting signs of violence? What was the prevalence of child marriage in the country? What about figures for marriages which were not officially recorded? Had there been any programmes to prevent the phenomenon or sanctions?

Was there any mapping of the at-risk populations in the country of female genital mutilation? Was female genital mutilation prohibited in law? What was the most updated action on sexual exploitation? Was there any cross-border cooperation between Romania and neighbouring countries? Did Ukrainian children born in Romania have access to Romanian citizenship? Did rape victims have access to emergency contraception?

Another Expert asked about vaccinations from children aged zero to 12; was there distrust in the population when it came to vaccines? It seemed that tuberculosis was a public health issue. What was being done in the field of treatment? Were there children whose births had not been declared, particularly among refugees, Roma and migrants?

A Committee Expert asked about the new concept introduced by the Parliament on parental alienation. How had this concept been consulted on, particularly with children? How would the best interests of the child be ensured? What specific measures were being taken to reduce school dropout and improve access to quality education for Roma children? What mechanisms were in place to monitor and support Roma children who were at risk of dropping out?

Another Committee Expert said she was happy to hear about the programme for the deinstitutionalisation of alternative care centres; this was something Romania should be proud of, as well as all the foster arrangements being made, especially for children with disabilities. What was the State doing to support the families of children with disabilities, particularly those with severe disabilities?

Responses by the Delegation

The delegation said emergency contraception was available to those who had experienced sexual assault and could be obtained without a prescription. Adolescent pregnancies were a major concern for the Romanian public health system. Contraceptives and medical devices were provided free of charge through family centres and through gynaecological departments, where abortions were performed upon request. Romania was one of the first European countries to offer non-discriminatory HIV/AIDS treatment.

Refugees were granted a monthly allowance, one-month’s accommodation, and access to education for minors. Legislation in the field of asylum provided for beneficiaries to apply for family reunification when family members were not in Romania. Identity documents needed to be provided to prove family links. Family reunification of unaccompanied minors was carried out with the best interest of the child in mind. Minors from immigrant backgrounds benefitted from the same rights as minors who were Romanian citizens. Romanian language courses provided teaching support, textbooks and workbooks developed on linguistic levels according to the European Union framework. Priority for asylum applications was given to unaccompanied minors.

Medical forensic expertise was used when an asylum applicant could not prove their age and there were serious doubts about their ethnicity. The declared age of the asylum applicant was accepted if their refusal to undergo the medical expertise was based on compelling reasons. The assessment was performed with full respect for the minor’s dignity and in as least invasive way as possible.

Investigations in child and human trafficking were undertaken by specialists with supervision from specialised prosecutors. Through law 229/2024, the Romanian Parliament aimed to discourage sex tourism and the pimping of minors. More than 1,200 criminal cases had been identified regarding child trafficking. The General Inspectorate of Romanian Police organised regular sessions for border police and

non-governmental organizations, with the purpose of identifying victims. More than 125 trainings had been carried out to over 4,000 workers who may encounter trafficking victims through their work. The National Agency against Trafficking in Persons and the Directorate for Investigating Organised Crime had implemented a national action plan in the fight against human trafficking to improve the awareness of at-risk groups.

In 2024, prosecutors from the Directorate for Investigating Organised Crime took part in 35 seminars regarding identifying child victims, compensation for victims, international cooperation, and online sexual exploitation of children, among other topics. A public awareness campaign had been launched relating to sexual acts between adults and minors. The message stated that a sexual act committed against a minor of 16 years or under constituted rape, if the age gap was more than five years, and punishments applied.

According to Romanian legislation, minors benefited from free legal aid, whether they committed a crime, or if they were victims of a crime. The Romanian penal system limited sanctions in regard to minors, and measures for deprivation of liberty were only given as a last resort and could only be ordered by a court.

The integrated social services project aimed to develop the academic knowledge of professionals working in the social assistance field, and to develop concrete measures for vulnerable groups of people.

During “green week”, schools organised activities around several topics relating to the environment. These were uploaded on a specialised platform dedicated to education on climate change and varied from one educational cycle to another. The Ministry of Education had developed a programme, the mechanism of early-living alert, which focused on early education for Roma children.

In Romania, social services were obligated to identify children in a risk situation. Children could remain within families and be monitored by social services until the risks were removed. The parental alienation provision was introduced in all cases relating to violence and neglect. It was recommended that this provision be removed, as these measures should only be applied by the courts. There were many trainings offered to judges on methods relating to children’s rights. Social workers were also trained to provide necessary assistance to visiting parents. Social services could only assist; they could not intervene and solve disputes between parents.

Closing Remarks

RINCHEN CHOPHEL, Committee Expert and Country Taskforce Coordinator, reiterated the Committee’s appreciation for the Government of Romania’s support to Ukrainian refugees, particularly children. The State was encouraged to continue to undertake these activities which were important for solidarity for children. Significant progress had been made from the last reporting period to the current one, with many looking forward beyond the dialogue. This was an indication of the Government’s commitment towards children. As the country moved forward, it was important to put emphasis on implementation and ensure vulnerable children did not miss out.

HELENA OMNA-RAICU, President of the National Authority for the Protection of Child Rights and Adoption of Romania and head of the delegation, expressed deep gratitude for the dialogue. The delegation welcomed the Committee’s emphasis on equality, accountability and sustainability, and would underpin the next stage of the State’s deinstitutionalisation journey. The Committee’s concerns regarding urban disparities were noted. It was recognised that rights delayed were rights denied, and the State was committed to accelerating affirmative action. Romania would treat the Committee’s recommendations as an opportunity for deeper transformation.

SOPHIE KILADZE, Committee Chair, thanked the delegation for the fruitful dialogue and commended its members for their clear and comprehensive answers. Ms. Kiladze extended her best regards to the children of Romania.

___________

Produced by the United Nations Information Service in Geneva for use of the media;
not an official record. English and French versions of our releases are different as they are the product of two separate coverage teams that work independently.

CRC25.013E

MIL OSI United Nations News –

May 22, 2025
MIL-OSI USA: Graham-Blumenthal Hard-Hitting Russia Sanctions Bill Has Over 80 Cosponsors

US Senate News:

Source: United States Senator for South Carolina Lindsey Graham
WASHINGTON – U.S. Senators Lindsey Graham (R-South Carolina) and Richard Blumenthal (D-Connecticut) today made this joint statement after their legislation to impose primary and secondary sanctions against Russia and actors supporting Russia’s aggression in Ukraine reached 81 cosponsors in the U.S. Senate.
These sanctions would be imposed if Russia refuses to engage in good faith negotiations for a lasting peace with Ukraine or initiates another effort, including military invasion, that undermines the sovereignty of Ukraine after peace is negotiated. The legislation also imposes a 500 percent tariff on imported goods from countries that buy Russian oil, gas, uranium and other products.
“As Secretary Rubio indicated yesterday to the Senate Appropriations Subcommittee on State and Foreign Operations, Russia has agreed to provide its term sheet for a ceasefire in the next few days. Its contents will speak volumes as to whether or not Russia is serious about peace. We suspect it will be more of the same.
“If it is more of the same, Russia can expect decisive action from the United States Senate. To that end, we are beyond pleased that we now have 81 cosponsors for legislation to sanction Russia for its barbaric invasion of Ukraine. Our legislation will isolate Russia – putting it on a trade island by imposing stiff tariffs on other countries that support these atrocities. One of the main priorities of our legislation is to hold China accountable for propping up Putin’s war machine by buying cheap Russian oil from the shadow fleet. Without China’s economic support, Putin’s war machine would come to a grinding halt.
“While we yearn for peace, it is increasingly clear to us – and a supermajority of the Senate – that Putin is playing games. The United States Senate stands ready to act if these games continue.”
Background on the Sanctioning Russia Act of 2025 is available HERE.
Bill text is available HERE.

MIL OSI USA News –

May 22, 2025
MIL-OSI Global: How the UK-EU deal turns the page on Brexit – and what happens next

Source: The Conversation – UK – By Magdalena Frennhoff Larsén, Associate Professor in Politics and International Relations, University of Westminster

At their first bilateral summit since Brexit, UK and EU leaders set out a range of areas they will seek to forge closer ties. European Council President António Costa, European Commission President Ursula von der Leyen and British Prime Minister Keir Starmer hailed the agreement as a historic landmark deal that opens a new chapter in the EU-UK relationship.

But it is only the beginning of – potentially long – negotiations to thrash out the details of closer cooperation in areas like trade, youth mobility and energy.

As the two parties sit down at the negotiating table, they will, for the first time since Brexit, agree on how to make trade and cooperation easier. For example, one anticipated agreement will align UK food safety and animal health standards with those of the EU, thereby removing the need for most border checks and ease the flow of agriculture and food products between the two parties. And the expected youth mobility scheme will allow young people to travel, work and study in the EU and the UK for a limited period of time.

Want more politics coverage from academic experts? Every week, we bring you informed analysis of developments in government and fact check the claims being made.

Sign up for our weekly politics newsletter, delivered every Friday.

The looming negotiations will be relatively narrow in scope. The Withdrawal Agreement and the Trade and Cooperation Agreement still provide the basis for the EU-UK relationship. The UK is not compromising on its red lines of not joining the single market, the customs union or allowing free movement of people.

The negotiations will consequently not fundamentally alter the current relationship. While the impact of the agreements may be significant for specific sectors, the overall economic impact is expected to be relatively modest.

This is not to say that the upcoming negotiations will be easy or void of controversies. Over the next months, negotiators will have to agree on quotas, time limits, exceptions and financial contributions. Compromises and trade-offs will have to be found.

There will be domestic resistance on both sides. Concerns have already emerged that France might oppose the participation of British defence companies in EU defence procurement programmes.

And in the UK, critics argue that the decision to dynamically align UK rules and standards with those of the EU in certain sectors will make the country a rule-taker once again.

But the answer to the question on many people’s minds: “Will this bring us back to all those years of difficult and protracted Brexit negotiations?” is no – this time around, things are different.

In comparison with the Brexit negotiations, these negotiations should be far easier and swifter. They are less consequential and backed by strong political will from both sides.

Recent polling indicates that both Britons and EU citizens favour a closer relationship between the UK and the EU.

The agreement reached at the summit is seen as the first concrete manifestation of Starmer’s long sought-after reset of the relationship.

Moving on

The Brexit negotiations focused on establishing less cooperation compared with when the UK was a member of the EU. It was a question of addressing increasing barriers to trade and cooperation – something many perceived as a lose-lose situation. The upcoming negotiations, on the other hand, are seen to lead towards a win-win reset of relations. The parties enter the negotiations with a mindset of finding solutions that increase trade and facilitate cooperation.

The UK is now negotiating as an independent, sovereign country. During the Brexit negotiations the UK was an EU member (or a closely aligned former member in the case of the negotiations of the Trade and Cooperation Agreement).

It was thus important for the EU to make the benefits of membership clear and to discourage other members from leaving. As a result, it drove a hard bargain and the UK had limited influence on the negotiations.

However, unlike the UK – where Brexit has never fully disappeared from the political debate – the EU moved on quickly after Brexit. In Brussels, many now consider the UK an independent but like-minded strategic partner.

This is seen not least in the area of security, where the two parties agreed on a security and defence partnership. They set out a framework for closer cooperation in areas of joint interest, such as sanctions, information sharing and cybersecurity, and allowing them to better respond to shared global challenges and uncertainties.

Zooming out, the geopolitical picture has changed dramatically since the Brexit negotiations. With the war in Ukraine and the resulting instability in Europe, combined with the shifting priorities of US foreign policy, there is now an even greater need for EU-UK cooperation.

Magdalena Frennhoff Larsén does not work for, consult, own shares in or receive funding from any company or organisation that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.

– ref. How the UK-EU deal turns the page on Brexit – and what happens next – https://theconversation.com/how-the-uk-eu-deal-turns-the-page-on-brexit-and-what-happens-next-257158

MIL OSI – Global Reports –

May 22, 2025
MIL-OSI Security: NATO Secretary General meets with Dutch Prime Minister

Source: NATO

On Wednesday (21 May 2025), NATO Secretary General Mark Rutte welcomed the Prime Minister of the Netherlands, Dick Schoof to NATO Headquarters. The leaders held productive discussions on boosting defence spending, support for Ukraine and the upcoming NATO Summit in The Hague.

Mr Rutte thanked the Netherlands for its steadfast contributions to the Alliance’s collective defence, playing “a pivotal role in strengthening the Alliance” on the ground, in the sky and at sea. He also thanked the Prime Minister for the excellent cooperation in organising the upcoming NATO Summit in The Hague.

The Secretary General welcomed efforts to invest in modernised land forces and cutting-edge capabilities, including allocating over €1 billion to expand the Dutch defence industry. At the same time, he urged all Allies to invest even more, including in the defence industry and in defence-related areas such as infrastructure and resilience. “2% will not be nearly enough to meet the capability targets that Allies will soon agree,” Mr Rutte stated.

On Ukraine, Mr Rutte thanked the Netherlands for its impressive offer of 3.5 billion euros in support for Ukraine in 2026, including €100 million for NATO’s Comprehensive Assistance Package. “Your contributions clearly underscore your long-term commitment to Kyiv’s sovereignty and security. This is a priority we all share” he emphasised.

MIL Security OSI –

May 22, 2025
MIL-OSI Europe: Press release – Slovenian President Pirc Musar calls for European courage and solidarity

Source: European Parliament 3

Speaking to plenary on Wednesday, Slovenian President Nataša Pirc Musar highlighted challenges facing the EU, including the ongoing conflicts in Ukraine and the Middle East.

Welcoming President Pirc Musar at a formal sitting, European Parliament President Roberta Metsola said: “Slovenia has helped to shape our Union, proving again and again that we work best when we work together. That is why it is so important that Slovenia and Europe remain united in our approach to the challenges ahead. Why our values matter. And why we will stand up for them.”

Pirc Musar recalled the positive experience of Slovenia’s reforms and integration into the EU in 2004 and underscored her country’s support for future merit-based EU enlargement, in particular to the Western Balkans, Ukraine and Moldova. She stressed the need to enhance the efficiency, and financial and institutional capacities of the EU as a political community to welcome new members.

On security and defence, President Pirc Musar called for greater strategic autonomy and increased societal resilience in the face of multiple crises. She stressed the EU’s responsibility to uphold the multilateral world order and the founding principles of the United Nations Charter.

Regarding the situation in the Middle East, Pirc Musar called for more EU involvement and an end to hostilities in the West Bank and Gaza.

Pirc Musar also underlined the importance of strengthening Europe’s global competitiveness to sustain the European social model. She advocated for continued investment in social justice, education, culture and high living standards for all EU citizens.

You can watch her address again here.

MIL OSI Europe News –

May 22, 2025
MIL-OSI United Kingdom: UK reaffirms support for Ukraine, tightens sanctions on Russia, and urges ceasefire: UK statement to the OSCE
Source: United Kingdom – Executive Government & Departments

Speech

UK reaffirms support for Ukraine, tightens sanctions on Russia, and urges ceasefire: UK statement to the OSCE

UK Military Advisor, Lt Col Joby Rimmer, says that despite claiming commitment to peace, Russia has escalated its military aggression by refusing to engage in peace talks, launching record-breaking drone attacks on Ukrainian civilians, and continuing to violate international law.
Thank you, Madame Chair. When Russia initiated its war of aggression on Ukraine on 24 February 2022, there was no doubt about the illegality of this undertaking. The full-scale invasion contravened all the underpinning documents of this organisation to which we are all signatories and violates international law. The responsibility for this illegal military invasion absolutely sits with Russia. However, Russia continues to blame others for prolonging the conflict that they started and continues to accuse others of seeking to ‘gain military superiority’ in a conflict that they initiated.

The UK’s continued and unwavering support to Ukraine is not about achieving military superiority but about defending a sovereign nation under attack. The UK, along with our allies, has consistently emphasised that military aid is in support of Ukraine’s self-defence and aimed at helping Ukraine uphold its territorial integrity in accordance with international law. Prime Minister Keir Starmer recently reiterated that the UK’s goal is peace, not escalation.

In contrast, the Russian Federation insist that they remain committed to a negotiated solution, but their actions say otherwise. While President Zelenskyy travelled to Istanbul on 15th May to attend peace talks, supported by the USA and hosted by Türkiye, in good faith, President Putin refused to the same. On the same day President Putin dodged the possibility for constructive negotiations, his Armed Forces launched 112 drones at Ukrainian cities, killing and injuring civilians. On 17th May, the UN Human Rights Monitoring Mission confirmed that a Russian drone hit a bus evacuating civilians in Ukraine’s Sumy region, killing nine non-combatants. On 18th May, Russia launched 273 one-way attack (OWA) drones against multiple targets in Kyiv, Dnipropetrovsk and Donetsk oblasts. This is reportedly the largest wave of uncrewed aerial systems Russia has launched into Ukraine – surpassing the 267 drones launched on 23rd February 2025.

This is not evidence of a genuine commitment to peaceful resolution. This is fundamentally military escalation and an increase in the indiscriminate targeting of civilians. As a result, the UK is further increasing sanctions on Russia as President Putin further intensifies these strikes on Ukrainian civilians. Yesterday we announced the sanctioning of 100 targets across Russian energy, and financial services sectors, the Russian military industrial complex and its third country suppliers, and malign actors involved in democratic interference and Russia’s information war on Ukraine.

At the opening session of the FSC on 14th May, The Russian delegation spoke of the ‘need to increase the effectiveness of the FSC’. We couldn’t agree more. The UK supports the opportunity to pursue the politico-military advantages of the FSC, to encourage enhanced implementation of arms control, and of confidence- and security-building measures. But this is impossible whilst Russia continues to violate the principles of the Helsinki Final Act, and broader international law. The UK also agrees with another comment from Russia’s opening address last week that ‘the FSC is not a place for hate speech and incitement to confrontation’. And we would encourage Russia to refrain from disrespectful language in the forum, particularly towards Ukraine, and of spreading disinformation about the intentions of the UK and our allies. We look forward to a constructive trimester.

The UK will continue to play a leading role in accelerating work on Ukraine’s future security, and we strongly urge Russia to commit to an immediate, complete and unconditional 30-day ceasefire to buy the space and conditions for further negotiations. Europe is ready if President Putin chooses the path of peace. Thank you, Madame Chair.

Updates to this page

Published 21 May 2025

Invasion of Ukraine

UK visa support for Ukrainian nationals

Move to the UK if you’re coming from Ukraine

Homes for Ukraine: record your interest

Find out about the UK’s response
MIL OSI United Kingdom –
May 22, 2025
MIL-OSI Europe: European Union – Foreign Affairs Council meeting of May 20 (21 May 2025)

Source: France-Diplomatie – Ministry of Foreign Affairs and International Development

France took part in the EU’s Foreign Affairs Council meeting in Brussels on May 20. This meeting focused on the situation in Ukraine and the Middle East.

With regard to Ukraine, France welcomed the adoption of an ambitious sanctions package against Russia – the 17th – which must now be further strengthened, as that country is still refusing to negotiate a peace agreement. France is determined to continue current efforts to give Ukraine solid security guarantees.

France reiterated its strong condemnation of the expansion of Israeli military operations in Gaza and its blockade against humanitarian aid, which violates the principles of international law. France stressed its strong concern over Israel’s settlement policy and underscored the need for an agreement by Member States on sanctions against violent settlers and entities that promote settlement activity. It also called on the EU to take concrete measures, including the reexamination of the association agreement between the EU and Israel, and commended the High Representative’s announcement in this regard at the end of the meeting. France reaffirmed its commitment to the two-State solution and noted its efforts to ensure its implementation at the conference it will co-chair with Saudi Arabia this June in New York.

As for Syria, France supported the decision to lift economic sanctions against the country. This historic decision is the concrete expression of the commitments France made to the transition authorities with a view to supporting Syria’s economic recovery and transition process. France also emphasized that the easing of sanctions should go hand in hand with solid guarantees on transparency, the proper use of international funds and respect for our political conditions. The EU will have to continue ensuring that priority challenges are taken into account, especially the fight against terrorism. At France’s initiative, the EU member States also pledged to adopt sanctions against the perpetrators of human rights violations committed in Syria since the fall of Bashar al-Assad.

MIL OSI Europe News –

May 22, 2025
MIL-OSI USA: Grassley, Klobuchar Lead Bipartisan Resolution Calling for Return of Kidnapped Ukrainian Children

US Senate News:

Source: United States Senator for Minnesota Amy Klobuchar

WASHINGTON – Senators Amy Klobuchar (D-MN) and Chuck Grassley (R-IA) led a bipartisan group of senators in introducing a resolution calling for the return of abducted Ukrainian children before finalizing any peace agreement to end Russia’s brutal invasion of Ukraine.

The resolution condemns Russia’s abduction and forcible transfer of Ukrainian children and notes Russia’s invasion has increasingly exposed children to human trafficking and exploitation, child labor, sexual violence, hunger, injury, trauma and death.

“The mass kidnapping of Ukrainian children by Russia is an atrocity,” said Klobuchar. “We cannot accept a world where children are abducted during wartime and used as a form of hostage-taking for negotiations. These children must be returned unconditionally before any peace deal is finalized.”

“Putin’s inhumane and unprovoked attack on Ukraine started the largest war in Europe since World War II. He has kidnapped thousands of children to brainwash and Russify them in an attempt to destroy their cultural identity and heritage. The United States ought to demand these children are returned before inking a deal to end the war in Ukraine,” Grassley said.

Additional cosponsors of the resolution include Senators Joni Ernst (R-IA), Dick Durbin (D-IL), and John Fetterman (D-PA), Roger Wicker (R-MS) and Rick Scott (R-FL). You can find the full text of the resolution here.

This resolution follows a bipartisan letter sent in March, led by Senators Klobuchar, Grassley and Durbin, calling for the State Department to continue supporting efforts to investigate Russia’s abduction and deportation of Ukrainian children.

To date, Ukrainian authorities have received at least 19,546 confirmed reports of unlawful deportations and forced transfers of Ukrainian children to Russia, Belarus or Russian-occupied Ukrainian territory. The abductions aim to erase the children’s Ukrainian names, language and identity. As of April 16, Ukraine and its partners have only managed to return 1,274 abducted children.

The State Department’s 2024 Trafficking in Persons Report found Russia recruits or uses child soldiers, has a state-sponsored policy or pattern of human trafficking and is among the worst hubs for human trafficking in the world.

MIL OSI USA News –

May 22, 2025
MIL-OSI Russia: Work on a memorandum on a future peace treaty between Russia and Ukraine is proceeding dynamically – press secretary of the Russian president

Translation. Region: Russian Federal

Source: People’s Republic of China in Russian – People’s Republic of China in Russian –

Source: People’s Republic of China – State Council News

Moscow, May 21 /Xinhua/ — Work on a memorandum on a future peace treaty between Russia and Ukraine is proceeding dynamically, and no one is interested in delaying the process, Russian presidential press secretary Dmitry Peskov said at a briefing on Wednesday.

“Nobody is interested in delaying the process; everyone is working dynamically,” TASS quotes him as saying.

The Kremlin representative emphasized that most of this work is being conducted in a discrete mode and should not be “open to the public for obvious reasons.” D. Peskov promised to inform about the progress of the document’s preparation.

Russian President Vladimir Putin previously stated that Moscow is ready to work with Kiev on a memorandum on a future peace treaty, which could also include issues of a ceasefire and principles for resolving the conflict. On May 19, he held a telephone conversation with US President Donald Trump, during which they discussed the resumption of direct negotiations between Russia and Ukraine. –0–

MIL OSI Russia News –

May 22, 2025
MIL-OSI Security: NATO Secretary General commends Czechia’s commitment to a stronger, fairer and more lethal Alliance

Source: NATO

NATO Secretary General Mark Rutte welcomed Czech President Petr Pavel to NATO Headquarters on Wednesday (21 May 2025) to discuss preparations for the upcoming NATO Summit in The Hague.

The Secretary General praised Czechia as a strong and reliable Ally, highlighting its defence investment and support to Ukraine. “You spend more than 2% of GDP on defence, and I welcome the commitment you’ve already made to increase defence spending to 3% in the coming years,” said Mr Rutte.

Czechia plays an important role in NATO’s deterrence and defence, contributing to Forward Land Forces in Slovakia, Latvia and Lithuania. This year, Czechia will also deploy combat aircraft to Iceland in support of NATO’s air policing mission.

The Secretary General commended Czechia’s substantial support to Ukraine, including over 1.3 billion euros in military assistance. He welcomed the success of the Czech-led ammunition initiative, which has helped deliver over 3 million rounds of large-calibre ammunition to Ukraine, including 1.5 million in 2024 alone. Mr Rutte also underlined Czechia’s growing role in NATO’s long-term support to Ukraine, including contributions to NATO’s Security Assistance and Training command (NSATU) in Wiesbaden and the deployment of 20 personnel to NSATU’s Logistics Enabling Nodes this July.

Looking ahead to the NATO Summit in The Hague, Secretary General Rutte stressed the importance of strengthening NATO’s deterrence and defence even further, increasing defence spending, and building a stronger and more innovative transatlantic defence industry. “We will need to do much more, and this will remain our focus as we prepare for The Hague Summit,” he said. “We have a lot of work to do. And I know I can count on Czechia’s continued commitment and leadership.”

MIL Security OSI –

May 22, 2025

MIL-OSI Security: Russian GRU Targeting Western Logistics Entities and Technology Companies

Source: US Department of Homeland Security

Executive Summary

The following authors and co-sealers are releasing this CSA:

United States National Security Agency (NSA)
United States Federal Bureau of Investigation (FBI)
United Kingdom National Cyber Security Centre (NCSC-UK)
Germany Federal Intelligence Service (BND) Bundesnachrichtendienst
Germany Federal Office for Information Security (BSI) Bundesamt für Sicherheit in der Informationstechnik
Germany Federal Office for the Protection of the Constitution (BfV) Bundesamt für Verfassungsschutz
Czech Republic Military Intelligence (VZ) Vojenské zpravodajství
Czech Republic National Cyber and Information Security Agency (NÚKIB) Národní úřad pro kybernetickou a informační bezpečnost
Czech Republic Security Information Service (BIS) Bezpečnostní informační služba
Poland Internal Security Agency (ABW) Agencja Bezpieczeństwa Wewnętrznego
Poland Military Counterintelligence Service (SKW) Służba Kontrwywiadu Wojskowego
United States Cybersecurity and Infrastructure Security Agency (CISA)
United States Department of Defense Cyber Crime Center (DC3)
United States Cyber Command (USCYBERCOM)
Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC)
Canadian Centre for Cyber Security (CCCS)
Danish Defence Intelligence Service (DDIS) Forsvarets Efterretningstjeneste
Estonian Foreign Intelligence Service (EFIS) Välisluureamet
Estonian National Cyber Security Centre (NCSC-EE) Küberturvalisuse keskus
French Cybersecurity Agency (ANSSI) Agence nationale de la sécurité des systèmes d’information
Netherlands Defence Intelligence and Security Service (MIVD) Militaire Inlichtingen- en Veiligheidsdienst

Download the PDF version of this report:

Russian GRU Targeting Western Logistics Entities and Technology Companies (PDF, 1,081KB)

For a downloadable list of IOCs, visit:

Introduction

Description of Targets

Defense Industry
Transportation and Transportation Hubs (ports, airports, etc.)
Maritime
Air Traffic Management
IT Services

The countries with targeted entities include the following, as illustrated in Figure 1:

Bulgaria
Czech Republic
France
Germany
Greece
Italy
Moldova
Netherlands
Poland
Romania
Slovakia
Ukraine
United States

Figure 1: Countries with Targeted Entities

Initial Access TTPs

To gain initial access to targeted entities, unit 26165 actors used several techniques to gain initial access to targeted entities, including (but not limited to):

Credential Guessing/Brute Force

Spearphishing

Webhook[.]site
FrgeIO
InfinityFree
Dynu
Mocky
Pipedream
Mockbin[.]org

CVE Usage

Post-Compromise TTPs

C:Windowssystem32ntdsutil.exe "activate instance ntds" ifm "create full C:temp[a-z]{3}" quit quit

Figure 2: Example Active Directory Domain Services command

sender,
recipient,
train/plane/ship numbers,
point of departure,
destination,
container registration numbers,
travel route, and
cargo contents.

In at least one instance, the actors attempted to use voice phishing [T1566.004] to gain access to privileged accounts by impersonating IT staff.

Malware

HEADLACE [7]
MASEPIE [8]

Persistence

Exfiltration

Connections to Targeting of IP Cameras

DESCRIBE rtsp://[IP ADDRESS] RTSP/1.0

CSeq: 1

Authorization: Basic

User-Agent: WebClient

Accept: application/sdp

DESCRIBE rtsp://[IP ADDRESS] RTSP/1.0

CSeq: 2

Authorization: Digest username="admin", realm="[a-f0-9]{12}", algorithm="MD5", nonce="[a-f0-9]{32}", uri="", response="[a-f0-9]{32}"

User-Agent: WebClient

Accept: application/sdp

Figure 3: Example RTSP request

Table 1: Geographic distribution of targeted IP cameras
Country	Percentage of Total Attempts
Ukraine	81.0%
Romania	9.9%
Poland	4.0%
Hungary	2.8%
Slovakia	1.7%
Others	0.6%

Mitigation Actions

General Security Mitigations

Architecture and Configuration

Employ appropriate network segmentation [D3-NI] and restrictions to limit access and utilize additional attributes (such as device information, environment, and access path) when making access decisions [D3-AMED].
- Consider Zero Trust principles when designing systems. Base product choices on how those products can solve specific risks identified as part of the end-to-end design. [9]
Ensure that host firewalls and network security appliances (e.g., firewalls) are configured to only allow legitimately needed data flows between devices and servers to prevent lateral movement [D3-ITF]. Alert on attempts to connect laterally between host devices or other unusual data flows.
Use automated tools to audit access logs for security concerns and identify anomalous access requests [D3-RAPA].
For organizations using on-premises authentication and email services, block and alert on NTLM/SMB requests to external infrastructure [D3-OTF].
Utilize endpoint, detection, and response (EDR) and other cybersecurity solutions on all systems, prioritizing high value systems with large amounts of sensitive data such as mail servers and domain controllers [D3-PM] first.
- Perform threat and attack modeling to understand how sensitive systems may be compromised within an organization’s specific architecture and security controls. Use this to develop a monitoring strategy to detect compromise attempts and select appropriate products to enact this strategy.
Collect and monitor Windows logs for certain events, especially for events that indicate that a log was cleared unexpectedly [D3-SFA].
Enable optional security features in Windows to harden endpoints and mitigate initial access techniques [D3-AH]:
- Enable attack surface reduction rules to prevent executable content from email [D3-ABPI].
- Enable attack surface reduction rules to prevent execution of files from globally writeable directories, such as Downloads or %APPDATA% [D3-EAL].
- Unless users are involved in the development of scripts, limit the local execution of scripts (such as batch scripts, VBScript, JScript/JavaScript, and PowerShell [10]) to known scripts [D3-EI], and audit execution attempts.
- Disable Windows Host Scripting functionality and configure PowerShell to run in Constrained mode [D3-ACH].
Where feasible, implement allowlisting for applications and scripts to limit execution to only those needed for authorized activities, blocking all others by default [D3-EAL].
Consider using open source SIGMA rules as a baseline for detecting and alerting on suspicious file execution or command parameters [D3-PSA].
Use services that provide enhanced browsing services and safe link checking [D3-URA]. Significant reductions in successful spearphishing attempts were noted when email providers began offering link checking and automatic file detonation to block malicious content.
Where possible, block logins from public VPNs, including exit nodes in the same country as target systems, or, if they need to be allowed, alert on them for further investigation. Most organizations should not need to allow incoming traffic, especially logins to systems, from VPN services [D3-NAM].
Educate users to only use approved corporate systems for relevant government and military business and avoid the use of personal accounts on cloud email providers to conduct official business. Network administrators should also audit both email and web request logs to detect such activity.

*.000[.]pe
*.1cooldns[.]com
*.42web[.]io
*.4cloud[.]click
*.accesscan[.]org
*.bumbleshrimp[.]com
*.camdvr[.]org
*.casacam[.]net
*.ddnsfree[.]com
*.ddnsgeek[.]com
*.ddnsguru[.]com
*.dynuddns[.]com
*.dynuddns[.]net
*.free[.]nf
*.freeddns[.]org
*.frge[.]io
*.glize[.]com
*.great-site[.]net
*.infinityfreeapp[.]com
*.kesug[.]com
*.loseyourip[.]com
*.lovestoblog[.]com
*.mockbin[.]io
*.mockbin[.]org
*.mocky[.]io
*.mybiolink[.]io
*.mysynology[.]net
*.mywire[.]org
*.ngrok[.]io
*.ooguy[.]com
*.pipedream[.]net
*.rf[.]gd
*.urlbae[.]com
*.webhook[.]site
*.webhookapp[.]com
*.webredirect[.]org
*.wuaze[.]com

Identity and Access Management

Organizations should take measures to ensure strong access controls and mitigate against common credential theft techniques:

Use MFA with strong factors, such as passkeys or PKI smartcards, and require regular re-authentication [D3-MFA]. [11], [12] Strong authentication factors are not guessable using dictionary techniques, so they resist brute force attempts.
Implement other mitigations for privileged accounts: including limiting the number of admin accounts, considering using hardware MFA tokens, and regularly reviewing all privileged user accounts [D3-JFAPA].
Separate privileged accounts by role and alert on misuse of privileged accounts [D3-UAP]. For example, email administrator accounts should be different from domain administrator accounts.
Reduce reliance on passwords; instead, consider using services like single sign-on [D3-TBA].
- For organizations using on-premises authentication and email services, plan to disable NTLM entirely and migrate to more robust authentication processes such as PKI certificate authentication.
Do not store passwords in Group Policy Preferences (GPP). Remove all passwords previously included in GPP and change all passwords on the corresponding accounts [D3-CH]. [13]
Use account throttling or account lockout [D3-ANET]:
- Throttling is preferred to lockout. Throttling progressively increases time delay between successive login attempts.
- Account lockout can leave legitimate users unable to access their accounts and requires access to an account recovery process.
- Account lockout can provide a malicious actor with an easy way to launch a Denial of Service (DoS).
- If using lockout, then allowing 5 to 10 attempts before lockout is recommended.
Use a service to check for compromised passwords before using them [D3-SPP]. For example, “Have I Been Pwned” can be used to check whether a password has been previously compromised without disclosing the potential password.
Change all default credentials [D3-CRO] and disable protocols that use weak authentication (e.g., clear-text passwords or outdated and vulnerable authentication or encryption protocols) or do not support multi-factor authentication [D3-ACH] [D3-ET]. Always configure access controls carefully to ensure that only well-maintained and well-authenticated accounts have access. [13]

IP Camera Mitigations

The following mitigation techniques for IP cameras can be used to defend against this type of malicious activity:

Ensure IP cameras are currently supported. Replace devices that are out of support.
Apply security patches and firmware updates to all IP cameras [D3-SU].
Disable remote access to the IP camera, if unnecessary [D3-ITF].
Ensure cameras are protected by a security appliance, if possible, such as by using a firewall to prevent communication with the camera from IP addresses not on an allowlist [D3-NAM].
If remote access to IP camera feeds is required, ensure authentication is enabled [D3-AA] and use a VPN to connect remotely [D3-ET]. Use MFA for management accounts if supported [D3-MFA].
Disable Universal Plug and Play (UPnP), Peer-to-Peer (P2P), and Anonymous Visit features on IP cameras and routers [D3-NI].
Turn off other ports/services not in use (e.g., FTP, web interface, etc.) [D3-ACH].
If supported, enable authenticated RTSP access only [D3-AA].
Review all authentication activity for remote access to make sure it is valid and expected [D3-UBA]. Investigate any unexpected or unusual activity.
Audit IP camera user accounts to ensure they are an accurate reflection of your organization and that they are being used as expected [D3-UAP].
Configure, tune, and monitor logging—if available—on the IP camera.

Indicators of Compromise (IOCs)

Utilities and scripts

Legitimate utilities

Unauthorized or unusual use of the following legitimate utilities can be an indication of a potential compromise:

ntdsutil – A legitimate Windows executable used by threat actors to export contents of Active Directory
wevtutil – A legitimate Windows executable used by threat actors to delete event logs
vssadmin – A legitimate Windows executable possibly used by threat actors to make a copy of the server’s C: drive
ADexplorer – A legitimate window executable to view, edit, and backup Active Directory Certificate Services
OpenSSH – The Windows version of a legitimate open source SSH client
schtasks – A legitimate Windows executable used to create persistence using scheduled tasks
whoami – A legitimate Windows executable used to retrieve the name of the current user
tasklist – A legitimate Windows executable used to retrieve the list of running processes
hostname – A legitimate Windows executable used to retrieve the device name
arp – A legitimate Windows executable used to retrieve the ARP table for mapping the network environment
systeminfo – A legitimate Windows executable used to retrieve a comprehensive summary of device and operating system information
net – A legitimate Windows executable used to retrieve detailed user information
wmic – A legitimate Windows executable used to interact with Windows Management Instrumentation (WMI), such as to retrieve letters assigned to logical partitions on storage drives
cacls – A legitimate Windows executable used to modify permissions on files
icacls – A legitimate Windows executable used to modify permissions to files and handle integrity levels and ownership
ssh – A legitimate Windows executable used to establish network shell connections
reg – A legitimate Windows executable used to add to or modify the system registry

Malicious scripts

Certipy – An open source python tool for enumerating and abusing Active Directory Certificate Services
Get-GPPPassword.py – An open source python script for finding insecure passwords stored in Group Policy Preferences
ldap-dump.py – A script for enumerating user accounts and other information in Active Directory
Hikvision backdoor string: “YWRtaW46MTEK”

Suspicious command lines

edge.exe “-headless-new -disable-gpu”
ntdsutil.exe “activate instance ntds” ifm “create full C:temp[a-z]{3}” quit quit
ssh -Nf
schtasks /create /xml

Outlook CVE Exploitation IOCs

md-shoeb@alfathdoor[.]com[.]sa
jayam@wizzsolutions[.]com
accounts@regencyservice[.]in
m.salim@tsc-me[.]com
vikram.anand@4ginfosource[.]com
mdelafuente@ukwwfze[.]com
sarah@cosmicgold469[.]co[.]za
franch1.lanka@bplanka[.]com
commerical@vanadrink[.]com
maint@goldenloaduae[.]com
karina@bhpcapital[.]com
tv@coastalareabank[.]com
ashoke.kumar@hbclife[.]in
213[.]32[.]252[.]221
124[.]168[.]91[.]178
194[.]126[.]178[.]8
159[.]196[.]128[.]120

Commonly Used Webmail Providers

portugalmail[.]pt
mail-online[.]dk
email[.]cz
seznam[.]cz

Malicious Archive Filenames Involving CVE-2023-38831

calc.war.zip
news_week_6.zip
Roadmap.zip
SEDE-PV-2023-10-09-1_EN.zip
war.zip
Zeyilname.zip

Brute Forcing IP Addresses

Disclaimer: These IP addresses date June 2024 through August 2024. The authoring agencies recommend organizations investigate or vet these IP addresses prior to taking action, such as blocking.

June 2024	July 2024	August 2024
192[.]162[.]174[.]94	207[.]244[.]71[.]84	31[.]135[.]199[.]145	79[.]184[.]25[.]198	91[.]149[.]253[.]204
103[.]97[.]203[.]29	162[.]210[.]194[.]2	31[.]42[.]4[.]138	79[.]185[.]5[.]142	91[.]149[.]254[.]75
209[.]14[.]71[.]127		46[.]112[.]70[.]252	83[.]10[.]46[.]174	91[.]149[.]255[.]122
109[.]95[.]151[.]207		46[.]248[.]185[.]236	83[.]168[.]66[.]145	91[.]149[.]255[.]19
		64[.]176[.]67[.]117	83[.]168[.]78[.]27	91[.]149[.]255[.]195
		64[.]176[.]69[.]196	83[.]168[.]78[.]31	91[.]221[.]88[.]76
		64[.]176[.]70[.]18	83[.]168[.]78[.]55	93[.]105[.]185[.]139
		64[.]176[.]70[.]238	83[.]23[.]130[.]49	95[.]215[.]76[.]209
		64[.]176[.]71[.]201	83[.]29[.]138[.]115	138[.]199[.]59[.]43
		70[.]34[.]242[.]220	89[.]64[.]70[.]69	147[.]135[.]209[.]245
		70[.]34[.]243[.]226	90[.]156[.]4[.]204	178[.]235[.]191[.]182
		70[.]34[.]244[.]100	91[.]149[.]202[.]215	178[.]37[.]97[.]243
		70[.]34[.]245[.]215	91[.]149[.]203[.]73	185[.]234[.]235[.]69
		70[.]34[.]252[.]168	91[.]149[.]219[.]158	192[.]162[.]174[.]67
		70[.]34[.]252[.]186	91[.]149[.]219[.]23	194[.]187[.]180[.]20
		70[.]34[.]252[.]222	91[.]149[.]223[.]130	212[.]127[.]78[.]170
		70[.]34[.]253[.]13	91[.]149[.]253[.]118	213[.]134[.]184[.]167
		70[.]34[.]253[.]247	91[.]149[.]253[.]198
		70[.]34[.]254[.]245	91[.]149[.]253[.]20

Detections

Customized NTLM listener

rule APT28_NTLM_LISTENER {

meta:

description = "Detects NTLM listeners including APT28's custom one"

strings:

$command_1 = "start-process powershell.exe -WindowStyle hidden"

$command_2 = "New-Object System.Net.HttpListener"

$command_3 = "Prefixes.Add('http://localhost:8080/')"

$command_4 = "-match 'Authorization'"

$command_5 = "GetValues('Authorization')"

$command_6 = "Request.RemoteEndPoint.Address.IPAddressToString"

$command_8 = ".AllKeys"

$variable_1 = "$NTLMAuthentication" nocase

$variable_2 = "$NTLMType2" nocase

$variable_3 = "$listener" nocase

$variable_4 = "$hostip" nocase

$variable_5 = "$request" nocase

$variable_6 = "$ntlmt2" nocase

$variable_7 = "$NTLMType2Response" nocase

$variable_8 = "$buffer" nocase

condition:

5 of ($command_*)

or

all of ($variable_*)

}

HEADLACE shortcut

rule APT28_HEADLACE_SHORTCUT {

meta:

description = "Detects the HEADLACE backdoor shortcut dropper. Rule is meant for threat hunting."

strings:

$type = "[InternetShortcut]" ascii nocase

$url = "file://"

$edge = "msedge.exe"

$icon = "IconFile"

condition:

all of them

}

HEADLACE credential dialogbox phishing

rule APT28_HEADLACE_CREDENTIALDIALOG {

meta:

description = "Detects scripts used by APT28 to lure user into entering credentials"

strings:

$command_1 = "while($true)"

$command_2 = "Get-Credential $(whoami)"

$command_3 = "Add-Content"

$command_4 = ".UserName"

$command_5 = ".GetNetworkCredential().Password"

$command_6 = "GetNetworkCredential().Password.Length -ne 0"

condition:

5 of them

}

HEADLACE core script

rule APT28_HEADLACE_CORE {

meta:

description = "Detects HEADLACE core batch scripts"

strings:

$chcp = "chcp 65001" ascii

$headless = "start "" msedge --headless=new --disable-gpu" ascii

$command_1 = "taskkill /im msedge.exe /f" ascii

$command_2 = "whoami>"%programdata%" ascii

$command_3 = "timeout" ascii

$command_4 = "copy "%programdata%" ascii

$non_generic_del_1 = "del /q /f "%programdata%" ascii

$non_generic_del_3 = "del /q /f "%userprofile%Downloads" ascii

$generic_del = "del /q /f" ascii

condition:

(

$chcp

and

$headless

)

and

(

1 of ($non_generic_del_*)

or

($generic_del)

or

3 of ($command_*)

)

}

MASEPIE

rule APT28_MASEPIE {

meta:

description = "Detects MASEPIE python script"

strings:

$masepie_unique_1 = "os.popen('whoami').read()"

$masepie_unique_2 = "elif message == 'check'"

$masepie_unique_3 = "elif message == 'send_file':"

$masepie_unique_4 = "elif message == 'get_file'"

$masepie_unique_5 = "enc_mes('ok'"

$masepie_unique_6 = "Bad command!'.encode('ascii'"

$masepie_unique_7 = "{user}{SEPARATOR}{k}"

$masepie_unique_8 = "raise Exception("Reconnect"

condition:

3 of ($masepie_unique_*)

}

STEELHOOK

rule APT28_STEELHOOK {

meta:

description = "Detects APT28's STEELHOOK powershell script"

strings:

$s_1 = "$($env:LOCALAPPDATAGoogleChromeUser DataLocal State)"

$s_2 = "$($env:LOCALAPPDATAGoogleChromeUser DataDefaultLogin Data)"

$s_3 = "$($env:LOCALAPPDATAMicrosoftEdgeUser DataLocal State)"

$s_4 = "$($env:LOCALAPPDATAMicrosoftEdgeUser DataDefaultLogin Data)"

$s_5 = "os_crypt.encrypted_key"

$s_6 = "System.Security.Cryptography.DataProtectionScope"

$s_7 = "[system.security.cryptography.protectdata]::Unprotect"

$s_8 = "Invoke-RestMethod"

condition:

all of them

}

PSEXEC

rule GENERIC_PSEXEC {

meta:

description = "Detects SysInternals PSEXEC executable"

strings:

$sysinternals_1 = "SYSINTERNALS SOFTWARE LICENCE TERMS"

$sysinternals_2 = "/accepteula"

$sysinternals_3 = "SoftwareSysinternals"

$network_1 = "%sIPC$"

$network_2 = "%sADMIN$%s"

$network_3 = "DeviceLanmanRedirector%sipc$"

$psexec_1 = "PSEXESVC"

$psexec_2 = "PSEXEC-{}-"

$psexec_3 = "Copying %s to %s..."

$psexec_4 = "gPSINFSVC"

condition:

(

( uint16( 0x0 ) ==0x5a4d )

and

( uint16( uint32( 0x3c )) == 0x4550 )

)

and

filesize < 1024KB

and

(

( any of ($sysinternals_*) and any of ($psexec_*) )

or

( 2 of ($network_*) and 2 of ($psexec_*))

)

}

APT28 [14]
Fancy Bear [14]
Forest Blizzard [14]
Blue Delta [15]

Further Reference

To search for the presence of malicious email messages targeting CVE-2023-23397, network defenders may consider using the script published by Microsoft: https://aka.ms/CVE-2023-23397ScriptDoc.

Works Cited

Disclaimer of endorsement

Purpose

Contact

United States organizations

National Security Agency (NSA)
Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI)
- U.S. organizations are encouraged to reporting suspicious or criminal activity related to information in this advisory to CISA via the agency’s Incident Reporting System, its 24/7 Operations Center (report@cisa.gov or 888-282-0870), or your local FBI field office. When available, please include the following information regarding the incident: date, time, and location of the incident; type of activity; number of people affected; type of equipment user for the activity; the name of the submitting company or organization; and a designated point of contact.
Department of Defense Cyber Crime Center (DC3)

United Kingdom organizations

Germany organizations

Czech Republic organizations

Poland organizations

Australian organizations

Visit cyber.gov.au or call 1300 292 371 (1300 CYBER 1) to report cybersecurity incidents and access alerts and advisories.

Canadian organizations

Estonia organizations

French organizations

French organizations are encouraged to report suspicious activity or incident related to information found in this advisory by contacting ANSSI/CERT-FR by email at cert-fr@ssi.gouv.fr or by phone at: 3218 or +33 9 70 83 32 18.

See Table 2 through Table 14 for all the threat actor tactics and techniques referenced in this advisory.

Table 2: Reconnaissance
Tactic/Technique Title	ID	Use
Reconnaissance	TA0043	Conducted reconnaissance on at least one entity involved in the production of ICS components for railway management.
Gather Victim Identity Information: Email Addresses	T1589.002	Conducted contact information reconnaissance to identify additional targets in key positions.
Gather Victim Org Information	T1591	Conducted reconnaissance of the cybersecurity department.
Gather Victim Org Information: Identify Roles	T1591.004	Conducted reconnaissance of individuals responsible for coordinating transport.
Gather Victim Org Information: Business Relationships	T1591.002	Conducted reconnaissance of other companies cooperating with the victim entity.
Gather Victim Host Information	T1592	Attempted to enumerate Real Time Streaming Protocol (RTSP) servers hosting IP cameras.

Table 3: Resource development
Tactic/Technique Title	ID	Use
Compromise Accounts: Email Accounts	T1586.002	Sent phishing emails using compromised accounts.
Compromise Accounts: Cloud Accounts	T1586.003	Sent phishing emails using compromised accounts.

Table 4: Initial Access
Tactic/Technique Title	ID	Use
Trusted Relationship	T1199	Conducted follow-on targeting of additional entities in the transportation sector that had business ties to the primary target, exploiting trust relationships to attempt to gain additional access.
Phishing	T1566	Used spearphishing for credentials and delivering malware to gain initial access to targeted entities.
Phishing: Spearphishing Attachment	T1566.001	Sent emails with malicious attachments.
Phishing: Spearphishing Link	T1566.002	Used spearphishing with included links to fake login pages. Sent emails with embedded hyperlinks that downloaded a malicious archive.
Phishing: Spearphishing Voice	T1566.004	Attempted to use voice phishing to gain access to privileged accounts by impersonating IT staff.
External Remote Services	T1133	Exploited Internet-facing infrastructure, including corporate VPNs, to gain initial access to targeted entities.
Exploit Public-Facing Application	T1190	Exploited public vulnerabilities and SQL injection to gain initial access to targeted entities.
Content Injection	T1659	Leveraged a WinRAR vulnerability allowing for the execution of arbitrary code embedded in an archive.

Table 5: Execution
Tactic/Technique Title	ID	Use
User Execution: Malicious Link	T1204.001	Used malicious links to hosted shortcuts in spearphishing.
User Execution: Malicious File	T1204.002	Delivered malware executables via spearphishing.
Scheduled Task/Job: Scheduled Task	T1053.005	Used scheduled tasks to establish persistence.
Command and Scripting Interpreter	T1059	Delivered scripts in spearphishing. Executed arbitrary shell commands.
Command and Scripting Interpreter: PowerShell	T1059.001	PowerShell commands were often used to prepare data for exfiltration.
Command and Scripting Interpreter: Windows Command Shell	T1059.003	Used BAT script in spearphishing.
Command and Scripting Interpreter: Visual Basic	T1059.005	Used VBScript in spearphishing.
Command and Scripting Interpreter: Python	T1059.006	Installed python on infected machines to enable the execution of Certipy.

Table 6: Persistence
Tactic/Technique Title	ID	Use
Account Manipulation: Additional Email Delegate Permissions	T1098.002	Used manipulation of mailbox permissions to establish sustained email collection.
Modify Authentication Process: Multi-Factor Authentication	T1556.006	Enrolled compromised accounts in MFA mechanisms to increase the trust-level of compromised accounts and enable sustained access.
Hijack Execution Flow: DLL Search Order Hijacking	T1574.001	Used DLL search order hijacking to facilitate malware execution.
Boot or Logon Autostart Execution: Registry Run Keys / Startup Folder	T1547.001	Used run keys to establish persistence.
Boot or Logon Autostart Execution: Shortcut Modification	T1547.009	Placed malicious shortcuts in the startup folder to establish persistence.

Table 7: Defense Evasion
Tactic/Technique Title	ID	Use
Indicator Removal: Clear Windows Event Logs	T1070.001	Deleted event logs through the wevtutil utility.

Table 8: Credential access
Tactic/Technique Title	ID	Use
Brute Force		Sent requests with Base64-encoded credentials for the RTSP server, which included publicly documented default credentials, and likely were generic attempts to brute force access to the devices.
Brute Force: Password Guessing	T1110.001	Used credential guessing to gain initial access to targeted entities.
Brute Force: Password Spraying	T1110.003	Used brute force to gain initial access to targeted entities. Conducted a brute force password spray via LDAP.
Multi-Factor Authentication Interception		Used multi-stage redirectors to provide MFA relaying capabilities in some campaigns.
Input Capture		Used multi-stage redirectors to provide CAPTCHA relaying capabilities in some campaigns.
Forced Authentication		Used an Outlook NTLM vulnerability to collect NTLM hashes and credentials via specially crafted Outlook calendar appointment invitations.
OS Credential Dumping: NTDS	T1003.003	Attempted to dump Active Directory NTDS.dit domain databases.
Unsecured Credentials: Group Policy Preferences	T1552.006	Retrieved plaintext passwords via Group Policy Preferences using Get-GPPPassword.py.

Table 9: Discovery
Tactic/Technique Title	ID	Use
Account Discovery: Domain Account	T1087.002	Used a modified ldap-dump.py to enumerate the Windows environment.

Table 10: Command and Control
Tactic/Technique Title	ID	Use
Hide Infrastructure	T1665	Abused SOHO devices to facilitate covert cyber operations, as well as proxy malicious activity, via devices with geolocation in proximity to the target.
Proxy: External Proxy	T1090.002	Actor-controlled servers sent RTSP DESCRIBE requests destined for RTSP servers.
Proxy: Multi-hop Proxy	T1090.003	Used Tor and commercial VPNs as part of their anonymization infrastructure
Encrypted Channel	T1573	Connected to victim infrastructure using encrypted TLS.
Multi-Stage Channels	T1104	Used multi-stage redirectors for campaigns.

Table 11: Defense evasion (mobile framework)
Tactic/Technique Title	ID	Use
Execution Guardrails		Used multi-stage redirectors to verify browser fingerprints in some campaigns.
Execution Guardrails: Geofencing	T1627.001	Used multi-stage redirectors to verify IP-geolocation in some campaigns.

Table 12: Lateral movement
Tactic/Technique Title	ID	Use
Lateral Movement		Used native commands and open source tools, such as Impacket and PsExec, to move laterally within the environment.
Remote Services: Remote Desktop Protocol	T1021.001	Moved laterally within the network using RDP.

Table 13: Collection
Tactic/Technique Title	ID	Use
Email Collection		Retrieved sensitive data from email servers.
Email Collection: Remote Email Collection	T1114.002	Used server data exchange protocols and APIs such as Exchange Web Services (EWS) and IMAP to exfiltrate data from email servers.
Automated Collection		Used periodic EWS queries to collect new emails.
Video Capture		Attempted to gain access to the cameras’ feeds.
Archive Collected Data		Accessed files were archived in .zip files prior to exfiltration.
Archive Collected Data: Archive via Utility	T1560.001	Prepared zip archives for upload to the actors’ infrastructure.

Table 14: Exfiltration
Tactic/Technique Title	ID	Use
Exfiltration Over Alternative Protocol		Attempted to exfiltrate archived data via a previously dropped OpenSSH binary.
Scheduled Transfer		Used periodic EWS queries to collect new emails sent and received since the last data exfiltration.

Appendix B: CVEs exploited

Table 15: Exploited CVE information
CVE	Vendor/Product	Details
CVE-2023-38831	RARLAB WinRAR	Allows execution of arbitrary code when a user attempts to view a benign file within a ZIP archive.
CVE-2023-23397	Microsoft Outlook	External actors could send specially crafted emails that cause a connection from the victim to an untrusted location of the actor’s control, leaking the Net-NTLMv2 hash of the victim that the actor could then relay to another service to authenticate as the victim.
CVE-2021-44026	Roundcube Webmail	Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to a potential SQL injection via search or search params.
CVE-2020-35730	Roundcube Webmail	An XSS issue was discovered in Roundcube Webmail before 1.2.13, 1.3.x before 1.3.16 and 1.4.x before 1.4.10, where a plaintext email message with JavaScript in a link reference element is mishandled by linkref_addindex in rcube_string_replacer.php.
CVE-2020-12641	Roundcube Webmail	Roundcube Webmail before 1.4.4 allows arbitrary code execution via shell metacharacters in a configuration setting for im_convert_path or im_identify_path in rcube_image.php.

Appendix C: MITRE D3FEND Countermeasures

Table 16: MITRE D3FEND countermeasures
Countermeasure Title	ID	Details
Network Isolation		Employ appropriate network segmentation. Disable Universal Plug and Play (UPnP), Peer-to-Peer (P2P), and Anonymous Visit features on IP cameras and routers.
Access Mediation		Limit access and utilize additional attributes (such as device information, environment, and access path) when making access decisions. Configure access controls carefully to ensure that only well-maintained and well-authenticated accounts have access.
Inbound Traffic Filtering		Implement host firewall rules to block connections from other devices on the network, other than from authorized management devices and servers, to prevent lateral movement.
Resource Access Pattern Analysis		Use automated tools to audit access logs for security concerns and identify anomalous access requests.
Outbound Traffic Filtering		Block NTLM/SMB requests to external infrastructure.
Platform Monitoring		Install EDR/logging/cybersecurity solutions onto high value systems with large amounts of sensitive data such as mail servers and domain controllers.
System File Analysis		Collect and monitor Windows logs for certain events, especially for events that indicate that a log was cleared unexpectedly.
Application Hardening		Enable optional security features in Windows to harden endpoints and mitigate initial access techniques.
Application-based Process Isolation		Enable attack surface reduction rules to prevent executable content from email.
Executable Allowlisting		Enable attack surface reduction rules to prevent execution of files from globally writeable directories, such as Downloads or %APPDATA%.
Execution Isolation		Unless users are involved in the development of scripts, limit the execution of scripts (such as batch, JavaScript, and PowerShell) to known scripts.
Application Configuration Hardening		Disable Windows Host Scripting functionality and configure PowerShell to run in Constrained mode. Disable protocols that use weak authentication (e.g., clear-text passwords, or outdated and vulnerable authentication or encryption protocols) or do not support multi-factor authentication. Turn off other ports/services not in use (e.g., FTP, web interface, etc.).
Process Spawn Analysis		Use open source SIGMA rules as a baseline for detecting and alerting on suspicious file execution or command parameters.
URL Reputation Analysis		Use services that provide enhanced browsing services and safe link checking.
Network Access Mediation		Do not allow incoming traffic, especially logins to systems, from public VPN services. Where possible, logins from public VPNs, including exit nodes in the same country as target systems, should be blocked or, if allowed, alerted on for further investigation. Ensure cameras and other Internet of Things devices are protected by a security appliance, if possible.
DNS Denylisting	D3-DNSDL	Do not allow outgoing traffic to hosting and API mocking services frequently used by malicious actors.
Domain Name Reputation Analysis		Heuristic detections for web requests to new subdomains may uncover malicious phishing activity. Logging the requests for each sub-domain requested by users on a network, such as in DNS or firewall logs, may enable system administrators to identify new targeting and victims.
Multi-factor Authentication		Use MFA with strong factors and require regular re-authentication, especially for management accounts.
Job Function Access Pattern Analysis	D3-JFAPA	Implement other mitigations for privileged accounts: including limiting the number of admin accounts, considering using hardware MFA tokens, and regularly reviewing all privileged user accounts.
User Account Permissions		Separate privileged accounts by role and alert on misuse of privileged accounts. Audit user accounts on all devices to ensure they are an accurate reflection of your organization and that they are being used as expected.
Token-based Authentication		Reduce reliance on passwords; instead, consider using services like single sign-on.
Credential Hardening		Do not store passwords in Group Policy Preferences (GPP). Remove all passwords previously included in GPP and change all passwords on the corresponding accounts.
Authentication Event Threshholding		Use account throttling or account lockout. Throttling progressively increases time delay between successive login attempts. If using account lockout, allow between 5 to 10 attempts before lockout.
Strong Password Policy		Use a service to check for compromised passwords before using them.
Credential Rotation		Change all default credentials.
Encrypted Tunnels		Disable protocols that use weak authentication (e.g., clear-text passwords, or outdated and vulnerable authentication or encryption protocols). Use a VPN for remote connections to devices.
Software Update		Apply security patches and firmware updates to all devices. Ensure devices are currently supported. Replace devices that are end-of-life.
Agent Authentication		Ensure authentication is enabled for remote access to devices. If supported on IP cameras, enable authenticated RTSP access only.
User Behavior Analysis		Review all authentication activity for remote access to make sure it is valid and expected. Investigate any unexpected or unusual activity.

MIL Security OSI -

May 22, 2025

MIL-OSI USA: ICYMI: On CNN’s The Arena this Evening, Shaheen Reiterates that Putin is Playing Trump in Ukraine Negotiations, Slams Congressional Republicans’ Proposal to Slash Medicaid to Give Billionaires a Tax Break

US Senate News:

Source: United States Senator for New Hampshire Jeanne Shaheen

Published: 05.21.2025

(Washington, DC) – U.S. Senator Jeanne Shaheen (D-NH), Ranking Member of the U.S. Senate Foreign Relations Committee, joined CNN’s The Arena this evening to discuss her questioning of U.S. Secretary of State Marco Rubio earlier in the day and her belief that Russian President Vladimir Putin is playing President Trump. She also sharply criticized Congressional Republicans’ budget proposal that would gut Medicaid and food assistance benefits to finance tax breaks for billionaires and special interest groups. The interview followed Secretary Rubio’s first testimony to the Senate Foreign Relations Committee since his confirmation hearing in January. Click HERE to watch Senator Shaheen’s interview.
Key Quotes from Senator Shaheen:
When asked if she feels Secretary Rubio and President Trump are being played by Putin, Shaheen said: “I do, absolutely. And I said that to Secretary Rubio and we heard it again, what the outcome of this phone call between President Trump and Vladimir Putin yesterday was that now Putin is going to bring in a sheet that outlines what they want to see, to end the war in Ukraine, to get them to the table. Well, he’s just playing for time because he thinks the longer he can delay that, we’re going to get disinterested, that we’re going to not want to continue to support Ukraine in this fight. But what he doesn’t understand is that the President and this administration says the biggest threat to America is China, and China and President Xi are watching what the outcome of this war in Ukraine is. And if we are not tough in Ukraine, if we are not tough on Putin, that he knows that we’re not going to be tough on him when he goes after Taiwan. And so that’s a real problem.”
On Republicans’ budget proposal, Shaheen said: “Well, it’s clear that the Republicans in the House care more about what Donald Trump thinks than they care about what their constituents think. Because constituents in most of this country don’t want to see massive cuts to the Medicaid program, health care that so many Americans rely on, whether it’s for nursing home care or for people with disabilities, people who get their health insurance through the Medicaid program.”
On Republicans threatening cuts to program like Medicaid and SNAP, Shaheen said: “And what they’re actually trying to do with those worker requirements and other changes is to reduce the number of people on Medicaid so they can save money and what they want to do, what they want to do with the money that they’re saving by cutting Medicaid, by cutting food benefits from the Snap program, is to provide a huge tax cut to the wealthiest Americans. 70% of the benefits from the tax cuts are going to go to the wealthiest 1% in this country.”

MIL OSI USA News –

May 22, 2025
MIL-OSI United Kingdom: ‘Shine your light’: responding to challenges facing the charity sector

Source: United Kingdom – Executive Government & Departments

Speech

‘Shine your light’: responding to challenges facing the charity sector

Charity Commission Chief Executive David Holdsworth delivers keynote speech at Charity Times’ Annual Conference 2025.

Thank you Srabani and good morning everyone / bore da pawb.

It’s a privilege to be speaking to at this conference for the first time as the Commission’s CEO, after rejoining the organisation last summer.

I probably don’t need to explain to this audience why I returned to work with the charity sector.

Current operating environment and challenges

The Charity Commission stands at a unique vantage point, where the perspectives of charities, government, the public and donors meet.

From this position, we see three trends.

First, an incredibly challenging economic environment for the sector.

Like other sectors, charities face inflationary pressures and rising operational costs.

But charities are also dealing with increased demands for their services.

The cumulative impact of these trends on charities is, in some cases, extremely challenging.

Second, charities, like other organisations, are contending with rapid technological and social change.

Some tech innovations, notably in the space of AI, offer tools that can help charities do more with less and increase their impact.

But looking ahead, these technologies potentially challenge the very role of organisations and institutions in the traditional sense.

Notably when coupled with changing attitudes, especially among younger people, whose allegiances are increasingly to causes, not ‘bricks and mortar’ or brands and institutions and where technology platforms offer alternatives of direct giving to those in need.

Thirdly – global conflicts, geo political shifts and instability. The shocking invasion of Ukraine and conflicts in the middle east have seen demands on and need of charity increase significantly. Whilst at the same time the once seemingly immovable, solid post war geo political system is shifting, creating uncertainty and instability. This makes responding to increased global need more difficult and challenging to navigate.

Impact and Potential

Despite those challenges the sector has never been more important – and let’s be clear what charities achieve for society is astonishing, both in terms of scale and impact.

Based on Annual Returns submitted to the Commission for 2023’s accounts, the sector had an annual income of over £96 billion – up around 7% on the previous year.

We registered just over 5,000 new charities last year, having assessed a record 9,840 applications – a 9% increase on the previous year.

And there are around 700,000 trustees who collectively steward the sector though good times and bad, and whose work often goes unrecognised and uncelebrated – though we at the Commission are all too aware of their service and contribution.

But numbers alone don’t tell of the human impact of charity. Of the positive difference charities make in transforming or enriching communities, our environment, our wildlife, heritage, culture as well as saving and improving countless individual lives.

It is that impact that charities, their amazing trustees, volunteers and employees have – that we must not lose sight of – nor let the challenges shroud.

There are so many examples to tell.

Like the Felix Project which had a landmark year, providing 38 million meals through its network of 1,264 community organisations and schools by growing its network of collaborations. Building on that success it has launched its Multibank, which has seen 1.46 million non-food essential items distributed to try and ensure no Londoner in need goes without.

Welsh Women’s Aid and its partners helped 739 survivors access refuge-based support. That is life-saving intervention happening every day, across the country – offering not just physical shelter but a sense of home and safety when people need it most.

That the osprey – that magnificent bird of prey – which was once driven to near extinction in the UK – is now thriving, with over 250 nesting pairs living in Britain today, is thanks to charities.

And it is thanks to charity that, on average, two lives are saved at sea every single day by RNLI volunteers.

Also I know from my last CEO role at the Animal and Plant Health Agency, thanks to animal welfare charities’ campaigning work over decades, the UK now has one of the most advanced legal frameworks protecting animal health and welfare.

These a just a few examples of what has been made possible by the charity sector.

Potential and Opportunity

So whilst I don’t underestimate for one moment the challenges charities face – and which I have seen first hand on my many visits – I would urge you not to let those challenges dim nor shroud the huge impact you are having, everyday.

I also firmly believe that as Albert Einstein once said:

in the middle of difficulty lies opportunity.

Arguably, the bigger the challenge, the greater the opportunity. Ideas previously rejected as too radical; innovation that once felt too big; conversations which felt too challenging can suddenly feel possible – and necessary.

Take for example, the city I call home, Liverpool. Which is incidentally also the Commission’s main home, where most of our staff are based.

I grew up in Liverpool in the 1980s. It was a time when the city felt like it had lost its way, with ever increasing challenges and ever dwindling opportunity and resources.

Today my home city is transformed. And that transformation happened through collaboration – a combination of philanthropic investments, national and local government investment, alongside renewed community action notably in the arts, culture and tourism which acted as catalysts for wider renewal.

Each individual project mattered, but what made for game-changing transformation was the cumulative impact of collaborative and complementary efforts from a number of actors. And that is true across the sector today.

Take for example, Fareshare. Working collaboratively, supporting other charities in their network, they’ve helped distribute 92% more food over the last year, and made their budgets go 78% further.

This resulted in them distributing a whopping 135 million meals, reaching nearly 1 million people.

If you’ll allow me to return once more to my hometown.

In late 2024, Zoe’s Place, a hospice in Liverpool which provides care to children, faced an uncertain future. The community of Liverpool, supported by business leaders and politicians, as well as a fellow charity the Institute of our Lady of Mercy, fellow hospice Claire’s Place and regional media collectively rallied to save Zoe’s Place, with the Commission playing a key facilitating role.

Now, ownership has been transferred to the newly registered Liverpool Zoe’s Place. The charity’s trustees have also finalised plans to build the charity’s new home, securing the continuation of the former charity’s legacy.

The hospice had been helping families through the unimaginable since 1995 – to see that vital service disappear would have been gutting for the community, and a huge blow to the families who rely on the organisation’s support.

Instead, by reawakening their community’s passion and pride in the service, the charity will now continue to provide that support for years to come.

In addition to this kind of public appeal, forging new corporate partnerships is another option being explored by many charities. Indeed, the Charities Aid Foundation estimates that UK businesses contribute around £4 billion to the sector.

Take one example – a mere stone’s throw from here: national homelessness charity, Shelter.

The organisation has partnered with clothing brand, Lucy and Yak. Last year they held a successful pop-up shop in Kings Cross, and now, they’ve launched donation boxes in several Lucy and Yak shops across the country encouraging customers to donate clothing.

Shelter has responded to competition facing charity shops with the rise of preloved selling platforms in an agile and innovative way. Through this partnership, they’ve added a funding stream to their ‘bow’ and potentially reached new supporters.

But I appreciate that public appeals and new corporate partnerships won’t work for everyone.

As a result of the Covid pandemic, many charities needed to re-evaluate their financial resilience and ability to weather further storms – many had dipped into their reserves, while others had little to fall back on.

With the same desire to ensure services do not come to an end, some charities with similar goals turned to mergers – combining resources to create something more sustainable.

For example, Community Integrated Care, one of the largest social care providers in the UK, merged with Inspire, a social care provider based in Scotland, in 2023. The charities saw how funding shortfalls, economic pressures and workforce shortages were impacting social care more broadly and chose to secure their future together rather than struggle through apart. And it paid off.

Community Integrated Care’s income increased by £22 million in the year after the merger, and the charities reported publicly that the merger was a good strategic fit. These charities found strength in unity while continuing to provide that sense of belonging their beneficiaries depend on.

Mergers are not the answer for all – and I don’t underestimate the work that can be involved in navigating a successful transition. But where you decide a merger is the best way forward, the Commission is on hand.

Conclusion: strength in collaboration

I’ve touched upon a few examples today to evidence my underlying confidence in this sector’s collective power. Just as no home is built by a single pair of hands, no lasting social change comes from isolated efforts.

Our dear late Queen, Elizabeth II, once said:

On our own, we cannot end wars or wipe out injustice, but the cumulative impact of thousands of small acts of goodness can be bigger than we imagine.

In the year of the 80th anniversary of Victory in Europe and Victory in Japan we should remember those words and that out of darkness can come something brighter and better than before.

From the darkness of tyranny, fascism and unfathomable loss came a renewed determination for peace, democracy and equality. That which charities had long fought for then came forward in the form of the NHS, welfare state, expansion of access to higher education, and workers’ rights.

While the challenges facing society may be less existential, I believe this sector can again play a transformational role across communities, across government, local and national, with businesses and philanthropists to once again tackle our biggest issues with joint purpose.

There is no greater charity sector in the world than here and my message is clear.

Keep shining a light, charities.

Shine a light on your charitable purpose.

Shine a light of hope, and of refuge to those in need.

Shine a light on your innovation and impact.

And always remember that you not only stand on the shoulders of giants, but you too are now building that better brighter future for the next generation.

Thank you. I look forward to hearing your thoughts, and taking your questions.

Updates to this page

Published 21 May 2025

MIL OSI United Kingdom –

May 22, 2025
MIL-OSI United Kingdom: ‘Shine a light’: responding to challenges facing the charity sector

Source: United Kingdom – Government Statements

Speech

‘Shine a light’: responding to challenges facing the charity sector

Charity Commission Chief Executive David Holdsworth delivers keynote speech at Charity Times’ Annual Conference 2025.

Thank you Srabani and good morning everyone / bore da pawb.

It’s a privilege to be speaking to at this conference for the first time as the Commission’s CEO, after rejoining the organisation last summer.

I probably don’t need to explain to this audience why I returned to work with the charity sector.

Current operating environment and challenges

The Charity Commission stands at a unique vantage point, where the perspectives of charities, government, the public and donors meet.

From this position, we see three trends.

First, an incredibly challenging economic environment for the sector.

Like other sectors, charities face inflationary pressures and rising operational costs.

But charities are also dealing with increased demands for their services.

The cumulative impact of these trends on charities is, in some cases, extremely challenging.

Second, charities, like other organisations, are contending with rapid technological and social change.

Some tech innovations, notably in the space of AI, offer tools that can help charities do more with less and increase their impact.

But looking ahead, these technologies potentially challenge the very role of organisations and institutions in the traditional sense.

Notably when coupled with changing attitudes, especially among younger people, whose allegiances are increasingly to causes, not ‘bricks and mortar’ or brands and institutions and where technology platforms offer alternatives of direct giving to those in need.

Thirdly – global conflicts, geo political shifts and instability. The shocking invasion of Ukraine and conflicts in the middle east have seen demands on and need of charity increase significantly. Whilst at the same time the once seemingly immovable, solid post war geo political system is shifting, creating uncertainty and instability. This makes responding to increased global need more difficult and challenging to navigate.

Impact and Potential

Despite those challenges the sector has never been more important – and let’s be clear what charities achieve for society is astonishing, both in terms of scale and impact.

Based on Annual Returns submitted to the Commission for 2023’s accounts, the sector had an annual income of over £96 billion – up around 7% on the previous year.

We registered just over 5,000 new charities last year, having assessed a record 9,840 applications – a 9% increase on the previous year.

And there are around 700,000 trustees who collectively steward the sector though good times and bad, and whose work often goes unrecognised and uncelebrated – though we at the Commission are all too aware of their service and contribution.

But numbers alone don’t tell of the human impact of charity. Of the positive difference charities make in transforming or enriching communities, our environment, our wildlife, heritage, culture as well as saving and improving countless individual lives.

It is that impact that charities, their amazing trustees, volunteers and employees have – that we must not lose sight of – nor let the challenges shroud.

There are so many examples to tell.

Like the Felix Project which had a landmark year, providing 38 million meals through its network of 1,264 community organisations and schools by growing its network of collaborations. Building on that success it has launched its Multibank, which has seen 1.46 million non-food essential items distributed to try and ensure no Londoner in need goes without.

Welsh Women’s Aid and its partners helped 739 survivors access refuge-based support. That is life-saving intervention happening every day, across the country – offering not just physical shelter but a sense of home and safety when people need it most.

That the osprey – that magnificent bird of prey – which was once driven to near extinction in the UK – is now thriving, with over 250 nesting pairs living in Britain today, is thanks to charities.

And it is thanks to charity that, on average, two lives are saved at sea every single day by RNLI volunteers.

Also I know from my last CEO role at the Animal and Plant Health Agency, thanks to animal welfare charities’ campaigning work over decades, the UK now has one of the most advanced legal frameworks protecting animal health and welfare.

These a just a few examples of what has been made possible by the charity sector.

Potential and Opportunity

So whilst I don’t underestimate for one moment the challenges charities face – and which I have seen first hand on my many visits – I would urge you not to let those challenges dim nor shroud the huge impact you are having, everyday.

I also firmly believe that as Albert Einstein once said:

in the middle of difficulty lies opportunity.

Arguably, the bigger the challenge, the greater the opportunity. Ideas previously rejected as too radical; innovation that once felt too big; conversations which felt too challenging can suddenly feel possible – and necessary.

Take for example, the city I call home, Liverpool. Which is incidentally also the Commission’s main home, where most of our staff are based.

I grew up in Liverpool in the 1980s. It was a time when the city felt like it had lost its way, with ever increasing challenges and ever dwindling opportunity and resources.

Today my home city is transformed. And that transformation happened through collaboration – a combination of philanthropic investments, national and local government investment, alongside renewed community action notably in the arts, culture and tourism which acted as catalysts for wider renewal.

Each individual project mattered, but what made for game-changing transformation was the cumulative impact of collaborative and complementary efforts from a number of actors. And that is true across the sector today.

Take for example, Fareshare. Working collaboratively, supporting other charities in their network, they’ve helped distribute 92% more food over the last year, and made their budgets go 78% further.

This resulted in them distributing a whopping 135 million meals, reaching nearly 1 million people.

If you’ll allow me to return once more to my hometown.

In late 2024, Zoe’s Place, a hospice in Liverpool which provides care to children, faced an uncertain future. The community of Liverpool, supported by business leaders and politicians, as well as a fellow charity the Institute of our Lady of Mercy, fellow hospice Claire’s Place and regional media collectively rallied to save Zoe’s Place, with the Commission playing a key facilitating role.

Now, ownership has been transferred to the newly registered Liverpool Zoe’s Place. The charity’s trustees have also finalised plans to build the charity’s new home, securing the continuation of the former charity’s legacy.

The hospice had been helping families through the unimaginable since 1995 – to see that vital service disappear would have been gutting for the community, and a huge blow to the families who rely on the organisation’s support.

Instead, by reawakening their community’s passion and pride in the service, the charity will now continue to provide that support for years to come.

In addition to this kind of public appeal, forging new corporate partnerships is another option being explored by many charities. Indeed, the Charities Aid Foundation estimates that UK businesses contribute around £4 billion to the sector.

Take one example – a mere stone’s throw from here: national homelessness charity, Shelter.

The organisation has partnered with clothing brand, Lucy and Yak. Last year they held a successful pop-up shop in Kings Cross, and now, they’ve launched donation boxes in several Lucy and Yak shops across the country encouraging customers to donate clothing.

Shelter has responded to competition facing charity shops with the rise of preloved selling platforms in an agile and innovative way. Through this partnership, they’ve added a funding stream to their ‘bow’ and potentially reached new supporters.

But I appreciate that public appeals and new corporate partnerships won’t work for everyone.

As a result of the Covid pandemic, many charities needed to re-evaluate their financial resilience and ability to weather further storms – many had dipped into their reserves, while others had little to fall back on.

With the same desire to ensure services do not come to an end, some charities with similar goals turned to mergers – combining resources to create something more sustainable.

For example, Community Integrated Care, one of the largest social care providers in the UK, merged with Inspire, a social care provider based in Scotland, in 2023. The charities saw how funding shortfalls, economic pressures and workforce shortages were impacting social care more broadly and chose to secure their future together rather than struggle through apart. And it paid off.

Community Integrated Care’s income increased by £22 million in the year after the merger, and the charities reported publicly that the merger was a good strategic fit. These charities found strength in unity while continuing to provide that sense of belonging their beneficiaries depend on.

Mergers are not the answer for all – and I don’t underestimate the work that can be involved in navigating a successful transition. But where you decide a merger is the best way forward, the Commission is on hand.

Conclusion: strength in collaboration

I’ve touched upon a few examples today to evidence my underlying confidence in this sector’s collective power. Just as no home is built by a single pair of hands, no lasting social change comes from isolated efforts.

Our dear late Queen, Elizabeth II, once said:

On our own, we cannot end wars or wipe out injustice, but the cumulative impact of thousands of small acts of goodness can be bigger than we imagine.

In the year of the 80th anniversary of Victory in Europe and Victory in Japan we should remember those words and that out of darkness can come something brighter and better than before.

From the darkness of tyranny, fascism and unfathomable loss came a renewed determination for peace, democracy and equality. That which charities had long fought for then came forward in the form of the NHS, welfare state, expansion of access to higher education, and workers’ rights.

While the challenges facing society may be less existential, I believe this sector can again play a transformational role across communities, across government, local and national, with businesses and philanthropists to once again tackle our biggest issues with joint purpose.

There is no greater charity sector in the world than here and my message is clear.

Keep shining a light, charities.

Shine a light on your charitable purpose.

Shine a light of hope, and of refuge to those in need.

Shine a light on your innovation and impact.

And always remember that you not only stand on the shoulders of giants, but you too are now building that better brighter future for the next generation.

Thank you. I look forward to hearing your thoughts, and taking your questions.

Updates to this page

Published 21 May 2025

MIL OSI United Kingdom –

May 22, 2025
MIL-OSI: GraniteShares launches new YieldBoost ETFs on NVIDIA (NVYY) and Bitcoin (XBTY)
Source: GlobeNewswire (MIL-OSI)

NEW YORK, May 21, 2025 (GLOBE NEWSWIRE) — GraniteShares, an ETF issuer specializing in high conviction ETFs, announced that it is launching two ETFs to add to its existing YieldBOOST lineup – the GraniteShares YieldBOOST NVDA ETF (NVYY) and the GraniteShares YieldBOOST Bitcoin ETF (XBTY).

The GraniteShares YieldBOOST NVDA ETF (NVYY) is designed to generate income from options¹ strategies linked to 2x Long NVDA Daily ETF. To generate income, NVYY sells put options² on leveraged ETFs linked to 2x Long NVDA Daily ETF.

The GraniteShares YieldBOOST Bitcoin ETF (XBTY) is designed to generate income from options¹ strategies linked to 2x Long Bitcoin Daily ETF. To generate income, XBTY sells put options² on leveraged ETFs linked to 2x Long Bitcoin Daily ETF.

FUND NAME TICKER CUSIP

GraniteShares YieldBOOST NVDA ETF NVYY 38747R637

GraniteShares YieldBOOST Bitcoin ETF XBTY 38747R421

“We are excited to launch the newest additions to our YieldBOOST options income suite,” said Will Rhind, Founder and CEO of GraniteShares. “The GraniteShares YieldBOOST NVDA ETF (NVYY) and the GraniteShares YieldBOOST Bitcoin ETF (XBTY) will seek to generate income from selling put options on their respective underlying leveraged ETFs.”

Other existing YieldBOOST ETFs include the GraniteShares YieldBOOST SPY ETF (YSPY), the GraniteShares YieldBOOST QQQ ETF (TQQY) and the GraniteShares YieldBOOST TSLA ETF (TSYY).

For more information, please visit: www.graniteshares.com.

About GraniteShares:

GraniteShares is an entrepreneurial ETF provider focused on high-conviction investment solutions. The firm offers a range of ETFs spanning leveraged, inverse, and high-yield strategies, empowering investors with differentiated tools for portfolio construction. Founded in 2016, GraniteShares has grown rapidly by delivering cutting-edge solutions tailored to modern market needs. For more information, visit www.graniteshares.com.

Source: GraniteShares

¹An option is a contract that gives the holder the right, but not the obligation to buy or sell a specific asset at a predetermined price on or before a specified date. Options are a type of derivative, meaning their value is derived from the underlying asset.

²A put option is a contract that gives the buyer the right, but not the obligation, to sell an underlying asset at a specified price by or on a specific date.

RISK FACTORS & IMPORTANT INFORMATION

Please see the funds’ prospectus for more details – https://graniteshares.com/media/u5odudej/graniteshares-etf-trust-prospectus-yb.pdf.

Investors should consider the investment objectives, risks, charges and expenses carefully before investing. For a prospectus or summary prospectus with this and other information about the Funds, please call (844) 476 8747 or visit www.graniteshares.com. Read the prospectus or summary prospectus carefully before investing.

The investment program of the Funds is speculative, entails substantial risks and include asset classes and investment techniques not employed by more traditional mutual funds.

PRINCIPAL RISKS OF INVESTING IN THE FUND

The principal risks of investing in the Fund are summarized below. As with any investment, there is a risk that you could lose all or a portion of your investment in the Fund. Each risk summarized below is considered a “principal risk” of investing in the Fund, regardless of the order in which it appears. Some or all of these risks may adversely affect the Fund’s net asset value per share (“NAV”), trading price, yield, total return and/or ability to meet its investment objectives. For more information about the risks of investing in the Fund, see the section in the Fund’s Prospectus titled “Additional Information About the Fund — Principal Risks of Investing in the Fund.”

The Underlying NVDA ETF Risk. The Fund invests in options contracts that are based on the value of the Underlying NVDA ETF shares. This subjects the Fund to certain of the same risks as if it owned shares of the Underlying NVDA ETF, even though it may not. By virtue of the Fund’s investments in options contracts that are based on the value of the Underlying NVDA ETF shares, the Fund may also be subject to the following risks:

Effects of Compounding and Market Volatility Risk. The Underlying NVDA ETF shares’ performance for periods greater than a trading day will be the result of each day’s returns compounded over the period, which is likely to differ from 200% of the Underlying Stock’s performance, before fees and expenses. Compounding has a significant impact on funds that are leveraged and that rebalance daily. The impact of compounding becomes more pronounced as volatility and holding periods increase and will impact each shareholder differently depending on the period of time an investment in the Underlying NVDA ETF is held and the volatility of the Underlying Stock during the shareholder’s holding period of an investment in the Underlying NVDA ETF.

Leverage Risk. The Underlying NVDA ETF obtains investment exposure in excess of its net assets by utilizing leverage and may lose more money in market conditions that are adverse to its investment objective than a fund that does not utilize leverage. An investment in the Underlying NVDA ETF is exposed to the risk that a decline in the daily performance of the Underlying Stock will be magnified. This means that an investment in the Underlying NVDA ETF will be reduced by an amount equal to 2% for every 1% daily decline in the Underlying Stock, not including the costs of financing leverage and other operating expenses, which would further reduce its value. The Underlying NVDA ETF could lose an amount greater than its net assets in the event of an Underlying Stock decline of more than 50%.

Derivatives Risk. Derivatives are financial instruments that derive value from the underlying reference asset or assets, such as stocks, bonds, or funds (including ETFs), interest rates or indexes. Investing in derivatives may be considered aggressive and may expose the Underlying NVDA ETF to greater risks, and may result in larger losses or smaller gains, than investing directly in the reference assets underlying those derivatives, which may prevent the Underlying NVDA ETF from achieving its investment objective.

Counterparty Risk. If a counterparty is unwilling or unable to make timely payments to meet its contractual obligations or fails to return holdings that are subject to the agreement with the counterparty resulting in the Underlying NVDA ETF losing money or not being able to meet its daily leveraged investment objective.

Industry Concentration Risk. The performance of the Underlying Stock, and consequently the Underlying NVDA ETF’s performance, is subject to the risks of the semiconductor industry. The Underlying Stock is subject to many risks that can negatively impact its revenue and viability including, but are not limited to price volatility risk, management risk, inflation risk, global economic risk, growth risk, supply and demand risk, operations risk, regulatory risk, environmental risk, terrorism risk and the risk of natural disasters. The Underlying Stock performance may be affected by NVIDIA Corporation’s ability to identify new products, technologies or services, global competition and business conditions, its dependence on third-party product manufacturers, product defect issues, cybersecurity breaches, and customer concentration. The Underlying Stock may also be affected by risks that affect the broader technology industry, including: government regulation; dramatic and often unpredictable changes in growth rates and competition for qualified personnel; heavy dependence on patent and intellectual property rights, the loss or impairment of which may adversely affect profitability; and a small number of companies representing a large portion of the technology sector as a whole. The Fund’s daily returns may be affected by many factors but will depend on the performance and volatility of the Underlying Stock.

Indirect Investments in the Underlying NVDA ETF. Investors in the Fund will not have rights to receive dividends or other distributions or any other rights with respect to the Underlying NVDA ETF but will be subject to declines in the performance of the Underlying NVDA ETF. Although the Fund invests in the Underlying NVDA ETF only indirectly, the Fund’s investments are subject to loss as a result of these risks.

Derivatives Risk. Derivatives are financial instruments that derive value from the underlying reference asset or assets, such as stocks, bonds, or funds, interest rates or indexes. The Fund’s investments in derivatives may pose risks in addition to, and greater than, those associated with directly investing in securities or other ordinary investments, including risk related to the market, imperfect correlation with underlying investments, higher price volatility, lack of availability, counterparty risk, liquidity, valuation and legal restrictions. The use of derivatives is a highly specialized activity that involves investment techniques and risks different from those associated with ordinary portfolio securities transactions. The use of derivatives may result in larger losses or smaller gains than directly investing in securities. When the Fund uses derivatives, there may be an imperfect correlation between the value of the Underlying NVDA ETF and the derivative, which may prevent the Fund from achieving its investment objectives. Because derivatives often require only a limited initial investment, the use of derivatives may expose the Fund to losses in excess of those amounts initially invested. In addition, the Fund’s investments in derivatives are subject to the following risks:
- Options Contracts. The use of options contracts involves investment strategies and risks different from those associated with ordinary portfolio securities transactions. The prices of options are volatile and are influenced by, among other things, actual and anticipated changes in the value of the underlying instrument, including the anticipated volatility, which are affected by fiscal and monetary policies and by national and international political, changes in the actual or implied volatility or the reference asset, the time remaining until the expiration of the option contract and economic events. For the Fund, in particular, the value of the options contracts in which it invests is substantially influenced by the value of the Underlying NVDA ETF. Selling put options exposes the Fund to the risk of potential loss if the market value of the Underlying NVDA ETF falls below the strike price before the option expires. The Fund may experience substantial downside from specific option positions and certain option positions held by the Fund may expire worthless. As an option approaches its expiration date, its value typically increasingly moves with the value of the underlying instrument. However, prior to such date, the value of an option generally does not increase or decrease at the same rate at the underlying instrument. There may at times be an imperfect correlation between the movement in values of options contracts and the underlying instrument, and there may at times not be a liquid secondary market for certain options contracts. The value of the options held by the Fund will be determined based on market quotations or other recognized pricing methods. Additionally, the Fund’s practice of “rolling” may cause the Fund to experience losses if the expiring contracts do not generate proceeds enough to cover the costs of entering into new options contracts. Rolling refers to the practice of closing out one options position and opening another with a different expiration date and/or a different strike price. Further, if an option is exercised, the seller (writer) of a put option is obligated to purchase the underlying asset at the strike price, which can result in significant financial and regulatory obligations for the Fund if the market value of the asset has fallen substantially. Furthermore, when the Fund seeks to trade out of puts, especially near expiration, there is an added risk that the Fund may be required to allocate resources unexpectedly to fulfill these obligations. This potential exposure to physical settlement can significantly impact the Fund’s liquidity and market exposure, particularly in volatile market conditions.
- Swap Risk: Swaps are subject to tracking risk because they may not be perfect substitutes for the instruments they are intended to hedge or replace. Over the counter swaps are subject to counterparty default. Leverage inherent in derivatives will tend to magnify the Fund’s losses. The swap agreements may reference standardized exchange-traded, FLEX, European Style or American Style put options contracts that are based on the values of the price returns of the Underlying ETF. that generate specific risks.
Affiliated Fund Risk. In managing the Fund, the Adviser has the ability to select the Underlying NVDA ETF and substitute the Underlying NVDA ETF with other ETFs that it believes will achieve the Fund’s objective. The Adviser may be subject to potential conflicts of interest in selecting the Underlying NVDA ETF and substituting the Underlying NVDA ETF with other ETFs because the fees paid to the Adviser by some Underlying NVDA ETF may be higher than the fees charged by other Underlying NVDA ETF.

Counterparty Risk. The Fund is subject to counterparty risk by virtue of its investments in options contracts. Transactions in some types of derivatives, including options, are required to be centrally cleared (“cleared derivatives”). In a transaction involving cleared derivatives, the Fund’s counterparty is a clearing house rather than a bank or broker. Since the Fund is not a member of clearing houses and only members of a clearing house (“clearing members”) can participate directly in the clearing house, the Fund will hold cleared derivatives through accounts at clearing members. In cleared derivatives positions, the Fund will make payments (including margin payments) to and receive payments from a clearing house through their accounts at clearing members. Customer funds held at a clearing organization in connection with any options contracts are held in a commingled omnibus account and are not identified to the name of the clearing member’s individual customers. As a result, assets deposited by the Fund with any clearing member as margin for options may, in certain circumstances, be used to satisfy losses of other clients of the Fund’s clearing member. In addition, although clearing members guarantee performance of their clients’ obligations to the clearing house, there is a risk that the assets of the Fund might not be fully protected in the event of the clearing member’s bankruptcy, as the Fund would be limited to recovering only a pro rata share of all available funds segregated on behalf of the clearing member’s customers for the relevant account class. The Fund is also subject to the risk that a limited number of clearing members are willing to transact on the Fund’s behalf, which heightens the risks associated with a clearing member’s default. If a clearing member defaults the Fund could lose some or all of the benefits of a transaction entered into by the Fund with the clearing member. If the Fund cannot find a clearing member to transact with on the Fund’s behalf, the Fund may be unable to effectively implement its investment strategy. In addition, a counterparty (the other party to a transaction or an agreement or the party with whom the Fund executes transactions) to a transaction (including repurchase transaction) with the Fund may be unable or unwilling to make timely principal, interest or settlement payments, or otherwise honor its obligations.

Price Participation Risk. The Fund employs an investment strategy that includes the sale of in-the-money put options contracts, which limits the degree to which the Fund will participate in increases in value experienced by the Underlying NVDA ETF over the Call Period. This means that if the Underlying NVDA ETF experiences an increase in value above the strike price of the sold put options during a Call Period, the Fund will likely not experience that increase to the same extent and may significantly underperform the Underlying NVDA ETF over the Call Period. Additionally, because the Fund is limited in the degree to which it will participate in increases in value experienced by the Underlying NVDA ETF over each Call Period, but has full exposure to any decreases in value experienced by the Underlying NVDA ETF over the Call Period, the NAV of the Fund may decrease over any given time period. The Fund’s NAV is dependent on the value of each options portfolio, which is based principally upon the performance of the Underlying NVDA ETF. The degree of participation in the Underlying NVDA ETF gains the Fund will experience will depend on prevailing market conditions, especially market volatility, at the time the Fund enters into the sold put options contracts and will vary from Call Period to Call Period. The value of the options contracts is affected by changes in the value and dividend rates of the Underlying NVDA ETF, changes in interest rates, changes in the actual or perceived volatility of the Underlying NVDA ETF and the remaining time to the options’ expiration, as well as trading conditions in the options market. As the price of the Underlying NVDA ETF share changes and time moves towards the expiration of each Call Period, the value of the options contracts, and therefore the Fund’s NAV, will change. However, it is not expected for the Fund’s NAV to directly correlate on a day-to-day basis with the returns of the Underlying NVDA ETF share price. The amount of time remaining until the options contract’s expiration date affects the impact of the potential options contract income on the Fund’s NAV, which may not be in full effect until the expiration date of the Fund’s options contracts. Therefore, while changes in the price of the Underlying NVDA ETF share will result in changes to the Fund’s NAV, the Fund generally anticipates that the rate of change in the Fund’s NAV will be different than that experienced by the Underlying NVDA ETF share price.

Distribution Risk. As part of the Fund’s investment objective, the Fund seeks to provide current monthly income. There is no assurance that the Fund will make a distribution in any given month. If the Fund makes distributions, the amounts of such distributions will likely vary greatly from one distribution to the next. Additionally, the monthly distributions, if any, may consist of returns of capital, which would decrease the Fund’s NAV and trading price over time. As a result, an investor may suffer significant losses to their investment.

NAV Erosion Risk Due to Distributions. When the Fund makes a distribution, the Fund’s NAV will typically drop by the amount of the distribution on the related ex-dividend date. The repeated payment of distributions by the Fund, if any, may significantly erode the Fund’s NAV and trading price over time. As a result, an investor may suffer significant losses to their investment.

Put Writing Strategy Risk. The path dependency (i.e., the continued use) of the Fund’s put writing strategy will impact the extent that the Fund participates in the positive price returns of the Underlying NVDA ETF and, in turn, the Fund’s returns, both during the term of the sold put options and over longer time periods. 187 If, for example, the Fund were to sell 10% in-the-money put options having a one-month term, the Fund’s participation in the positive price returns of the Underlying NVDA ETF will be capped at 10% for that month. However, over a longer period (e.g., a three-month period), the Fund should not be expected to participate fully in the first 30% (i.e., 3 months x 10%) of the positive price returns of the Underlying NVDA ETF, or the Fund may even lose money, even if the Underlying NVDA ETF share price has appreciated by at least that much over such period, if during any particular month or months over that period the Underlying NVDA ETF had a return less than 10%. This example illustrates that both the Fund’s participation in the positive price returns of the Underlying NVDA ETF and its returns will depend not only on the price of the Underlying NVDA ETF but also on the path that the Underlying NVDA ETF takes over time.

If, for example, the Fund were to sell 5% out-of-the-money put options having a one-week term, the Fund’s downward protection against the negative price returns of the Underlying NVDA ETF will be capped at 5% for that week. However, over a longer period (e.g., a four-week period), the Fund should not be expected to be protected fully in the first 25% (i.e., 4 weeks x 5%) of the negative price returns of the Underlying NVDA ETF, and the Fund may lose money, even if the Underlying NVDA ETF share price has appreciated over such period, if during any particular week or weeks over that period the Underlying NVDA ETF share price had decreases by more than 5%. This example illustrates that both the Fund’s protection against the negative price returns of the Underlying NVDA ETF and its returns will depend not only on the price of the Underlying NVDA ETF but also on the path that the Underlying NVDA ETF takes over time.

Under both cases the Fund may be fully exposed to the downward movements of the Underlying NVDA ETF, offset only by the premiums received from selling put contracts. The Fund does not seek to offer any downside protection, except for the fact that the premiums from the sold options may offset some or all of the Underlying NVDA ETF’s decline.

Option Market Liquidity Risk. The trading activity in the option market of the Underlying NVDA ETF may be limited and the option contracts may trade at levels significantly different from their economic value. The lack of liquidity may negatively affect the ability of the Fund to achieve its investment objective. This risk may increase if the portfolio turnover is elevated, for instance because of frequent changes in the number of Shares outstanding, and if the net asset value of the Underlying NVDA ETF is modest. For the 12-month period ending September 30, 2024, the net asset value of the Underlying NVDA ETF ranged from $0.6m to $5,986m.

Concentration Risk. To the extent that the Underlying NVDA ETF concentrates its investments in a particular industry, the Fund will be subject to the risks associated with that industry.

ETF Risks.

Authorized Participants, Market Makers, and Liquidity Providers Concentration Risk. The Fund has a limited number of financial institutions that are authorized to purchase and redeem Shares directly from the Fund (known as “Authorized Participants” or “APs”). In addition, there may be a limited number of market makers and/or liquidity providers in the marketplace. To the extent either of the following events occur, Shares may trade at a material discount to NAV and possibly face delisting: (i) APs exit the business or otherwise become unable to process creation and/or redemption orders and no other APs step forward to perform these services; or (ii) market makers and/or liquidity providers exit the business or significantly reduce their business activities and no other entities step forward to perform their functions.

Cash Redemption Risk. The Fund currently expects to affect a significant portion of its creations and redemptions for cash, rather than in-kind securities. Paying redemption proceeds in cash rather than through in-kind delivery of portfolio securities may require the Fund to dispose of or sell portfolio securities or other assets at an inopportune time to obtain the cash needed to meet redemption orders. This may cause the Fund to sell a security and recognize a capital gain or loss that might not have been incurred if it had made a redemption in-kind. As a result, the Fund may pay out higher or lower annual capital gains distributions than ETFs that redeem in-kind. The use of cash creations and redemptions may also cause the Fund’s Shares to trade in the market at greater bid-ask spreads or greater premiums or discounts to the Fund’s NAV. Furthermore, the Fund may not be able to execute cash transactions for creation and redemption purposes at the same price used to determine the Fund’s NAV. To the extent that the maximum additional charge for creation or redemption transactions is insufficient to cover the execution shortfall, the Fund’s performance could be negatively impacted.

Costs of Buying or Selling Shares. Due to the costs of buying or selling Shares, including brokerage commissions imposed by brokers and bid-ask spreads, frequent trading of Shares may significantly reduce investment results and an investment in Shares may not be advisable for investors who anticipate regularly making small investments.

Shares May Trade at Prices Other Than NAV. As with all ETFs, Shares may be bought and sold in the secondary market at market prices. Although it is expected that the market price of Shares will approximate the Fund’s NAV, there may be times when the market price of Shares is more than the NAV intra-day (premium) or less than the NAV intra-day (discount) due to supply and demand of Shares or during periods of market volatility. This risk is heightened in times of market volatility, periods of steep market declines, and periods when there is limited trading activity for Shares in the secondary market, in which case such premiums or discounts may be significant.

Trading. Although Shares are listed on a national securities exchange, such as The Nasdaq Stock Market, LLC (the “Exchange”), and may be traded on U.S. exchanges other than the Exchange, there can be no assurance that an active trading market for the Shares will develop or be maintained or that the Shares will trade with any volume, or at all, on any stock exchange. This risk may be greater for the Fund as it seeks to have exposure to a single underlying stock as opposed to a more diverse portfolio like a traditional pooled investment. In stressed market conditions, the liquidity of Shares may begin to mirror the liquidity of the Fund’s underlying portfolio holdings, which can be significantly less liquid than Shares. Shares trade on the Exchange at a market price that may be below, at or above the Fund’s NAV. Trading in Shares on the Exchange may be halted due to market conditions or for reasons that, in the view of the Exchange, make trading in Shares inadvisable. In addition, trading in Shares on the Exchange is subject to trading halts caused by extraordinary market volatility pursuant to the Exchange “circuit breaker” rules. There can be no assurance that the requirements of the Exchange necessary to maintain the listing of the Fund will continue to be met or will remain unchanged. In the event of an unscheduled market close for options contracts that reference a single stock, such as the Underlying NVDA ETF’s securities being halted or a market wide closure, settlement prices will be determined by the procedures of the listing exchange of the options contracts. As a result, the Fund could be adversely affected and be unable to implement its investment strategies in the event of an unscheduled closing.

High Portfolio Turnover Risk. The Fund may actively and frequently trade all or a significant portion of the Fund’s holdings. A high portfolio turnover rate increases transaction costs, which may increase the Fund’s expenses. Frequent trading may also cause adverse tax consequences for investors in the Fund due to an increase in short-term capital gains.

Inflation Risk. Inflation risk is the risk that the value of assets or income from investments will be less in the future as inflation decreases the value of money. As inflation increases, the present value of the Fund’s assets and distributions, if any, may decline.

Liquidity Risk. Some securities held by the Fund, including options contracts, may be difficult to sell or be illiquid, particularly during times of market turmoil. This risk is greater for the Fund as it will hold options contracts on a single security, and not a broader range of options contracts. Markets for securities or financial instruments could be disrupted by a number of events, including, but not limited to, an economic crisis, natural disasters, epidemics/pandemics, new legislation or regulatory changes inside or outside the United States. Illiquid securities may be difficult to value, especially in changing or volatile markets. If the Fund is forced to sell an illiquid security at an unfavorable time or price, the Fund may be adversely impacted. Certain market conditions or restrictions, such as market rules related to short sales, may prevent the Fund from limiting losses, realizing gains or achieving a high correlation with the Underlying NVDA ETF. There is no assurance that a security that is deemed liquid when purchased will continue to be liquid. Market illiquidity may cause losses for the Fund.

Management Risk. The Fund is subject to management risk because it is an actively managed portfolio. In managing the Fund’s investment portfolio, the portfolio managers will apply investment techniques and risk analyses that may not produce the desired result. There can be no guarantee that the Fund will meet its investment objective.

Money Market Instrument Risk. The Fund may use a variety of money market instruments for cash management purposes, including money market funds, depositary accounts and repurchase agreements. Repurchase agreements are contracts in which a seller of securities agrees to buy the securities back at a specified time and price. Repurchase agreements may be subject to market and credit risk related to the collateral securing the repurchase agreement. Money market instruments, including money market funds, may lose money through fees or other means.

New Fund Risk. The Fund is a recently organized management investment company with no operating history. As a result, prospective investors do not have a track record or history on which to base their investment decisions.

Non-Diversification Risk. Because the Fund is “non-diversified,” it may invest a greater percentage of its assets in the securities of a single issuer or a smaller number of issuers than if it was a diversified fund. As a result, a decline in the value of an investment in a single issuer or a smaller number of issuers could cause the Fund’s overall value to decline to a greater degree than if the Fund held a more diversified portfolio.

Operational Risk. The Fund is subject to risks arising from various operational factors, including, but not limited to, human error, processing and communication errors, errors of the Fund’s service providers, counterparties or other third-parties, failed or inadequate processes and technology or systems failures. The Fund relies on third-parties for a range of services, including custody. Any delay or failure relating to engaging or maintaining such service providers may affect the Fund’s ability to meet its investment objective. Although the Fund, Adviser, and Sub-Adviser seek to reduce these operational risks through controls and procedures, there is no way to completely protect against such risks.

Recent Market Events Risk. U.S. and international markets have experienced significant periods of volatility in recent years and months due to a number of economic, political and global macro factors including the impact of COVID-19 as a global pandemic, which has resulted in a public health crisis, disruptions to business operations and supply chains, stress on the global healthcare system, growth concerns in the U.S. and overseas, staffing shortages and the inability to meet consumer demand, and widespread concern and uncertainty. The global recovery from COVID-19 is proceeding at slower than expected rates due to the emergence of variant strains and may last for an extended period of time. Continuing uncertainties regarding interest rates, rising inflation, political events, rising government debt in the U.S. and trade tensions also contribute to market volatility. Conflict, loss of life and disaster connected to ongoing armed conflict between Ukraine and Russia in Europe and Israel and Hamas in the Middle East could have severe adverse effects on the region, including significant adverse effects on the regional or global economies and the markets for certain securities. The U.S. and the European Union have imposed sanctions on certain Russian individuals and companies, including certain financial institutions, and have limited certain exports and imports to and from Russia. The war has contributed to recent market volatility and may continue to do so.

Single Issuer Risk. Issuer-specific attributes may cause an investment in the Fund to be more volatile than a traditional pooled investment vehicle which diversifies risk or the market generally. The value of the Fund, which focuses on an individual security (the Underlying NVDA ETF), may be more volatile than a traditional pooled investment or the market as a whole and may perform differently from the value of a traditional pooled investment or the market as a whole.

Tax Risk. The Fund intends to elect and to qualify each year to be treated as a RIC under Subchapter M of the Code. As a RIC, the Fund will not be subject to U.S. federal income tax on the portion of its net investment income and net capital gain that it distributes to Shareholders, provided that it satisfies certain requirements of the Code. If the Fund does not qualify as a RIC for any taxable year and certain relief provisions are not available, the Fund’s taxable income will be subject to tax at the Fund level and to a further tax at the shareholder level when such income is distributed. To comply with the asset diversification test applicable to a RIC, the Fund will attempt to ensure that the value of the derivatives it holds is never 25% of the total value of Fund assets at the close of any quarter. If the Fund’s investments in the derivatives were to exceed 25% of the Fund’s total assets at the end of a tax quarter, the Fund, generally, has a grace period to cure such lack of compliance. If the Fund fails to timely cure, it may no longer be eligible to be treated as a RIC. In addition, distributions received by the Fund from the Underlying NVDA ETF may generate “bad income” that could prevent the Fund from meeting the “Income Requirement” of Subchapter M of the Code, which may cause the Fund to fail to qualify as a RIC.

Investing in U.S. Equities Risk. Investing in U.S. issuers subjects the Fund to legal, regulatory, political, currency, security, and economic risks that are specific to the U.S. Certain changes in the U.S., such as a weakening of the U.S. economy or a decline in its financial markets, may have an adverse effect on U.S. issuers.

U.S. Government and U.S. Agency Obligations Risk. The Fund may invest in securities issued by the U.S. government or its agencies or instrumentalities. U.S. Government obligations include securities issued or guaranteed as to principal and interest by the U.S. Government, its agencies or instrumentalities, such as the U.S. Treasury. Payment of principal and interest on U.S. Government obligations may be backed by the full faith and credit of the United States or may be backed solely by the issuing or guaranteeing agency or instrumentality itself. In the latter case, the investor must look principally to the agency or instrumentality issuing or guaranteeing the obligation for ultimate repayment, which agency or instrumentality may be privately owned. There can be no assurance that the U.S. Government would provide financial support to its agencies or instrumentalities (including government-sponsored enterprises) where it is not obligated to do so.

Fixed Income Securities Risk. The market value of Fixed Income Securities will change in response to interest rate changes and other factors, such as changes in the effective maturities and credit ratings of fixed income investments. During periods of falling interest rates, the values of outstanding Fixed Income Securities and related financial instruments generally rise. Conversely, during periods of rising interest rates, the values of such securities and related financial instruments generally decline. Fixed Income Securities are also subject to credit risk.

Investments in Fixed Income Securities may also involve the following risks, depending on the instrument involved:
- Asset-Backed/Mortgage-Backed Securities Risk – The market value and yield of asset-backed and mortgage-backed securities can vary due to market interest rate fluctuations and early prepayments of underlying instruments.
- Credit Risk – An investment in the Fund also involves the risk that the issuer of a Fixed Income Security that the Fund holds will fail to make timely payments of interest or principal or go bankrupt, or that the value of the securities will decline because of a market perception that the issuer may not make payments on time, thus potentially reducing the Fund’s return.
- Event Risk – Event risk is the risk that corporate issuers may undergo restructurings, such as mergers, leveraged buyouts, takeovers, or similar events financed by increased debt. As a result of the added debt, the credit quality and market value of a company’s bonds and/or other debt securities may decline significantly.
- Extension Risk – Payment on the loans underlying Fixed Income Securities held by the Fund may be made more slowly when interest rates are rising.
- Interest Rate Risk – Generally, the value of Fixed Income Securities will change inversely with changes in interest rates. As interest rates rise, the market value of Fixed Income Securities tends to decrease. Conversely, as interest rates fall, the market value of Fixed Income Securities tends to increase. This risk will be greater for long-term securities than for short-term securities. In recent periods, governmental financial regulators, including the U.S. Federal Reserve, have taken steps to maintain historically low interest rates. Very low or negative interest rates may magnify interest rate risk. Changes in government intervention may have adverse effects on investments, volatility, and illiquidity in debt markets.
- Prepayment Risk – When interest rates are declining, issuers of Fixed Income Securities held by the Fund may prepay principal earlier than scheduled.
The Fund is distributed by ALPS Distributors, Inc, which is not affiliated with GraniteShares or any of its affiliates ©2024 GraniteShares Inc. All rights reserved. GraniteShares, GraniteShares Trusts, and the GraniteShares logo are registered and unregistered trademarks of GraniteShares Inc., in the United States and elsewhere. All other marks are the property of their respective owners.

Media Contact:
GraniteShares Inc.
Attn: Media Relations
222 Broadway, 21st Floor
New York, NY 10038
844-476-8747
info@graniteshares.com

The MIL Network –
May 22, 2025
MIL-OSI Europe: AFRICA/DR CONGO – “We hope the Pope will make an appeal for peace in the Democratic Republic of Congo”

Source: Agenzia Fides – MIL OSI

Wednesday, 21 May 2025 wars

Kinshasa (Agenzia Fides) – “We hope the Pope will make an appeal for peace in the Democratic Republic of Congo,” write the members of ACMEJ (Association Against Evil and for the Integration of Youth) of Katogota, in the province of South Kivu, in the east of the country.Recalling that “in his first Sunday blessing from St. Peter’s Basilica, the new Pope Leo XIV made a solemn appeal for peace in Ukraine and for an immediate ceasefire in Gaza,” the members of the ACMEJ ask the Holy Father not to forget the tragedy of their homeland, one of the forgotten conflicts that continue to bloody the world. Since the M23 guerrillas, supported by Rwandan soldiers, have conquered vast areas of North and South Kivu—including the regional capitals of Goma and Bukavu—the civilian population has been living in tragic conditions.According to ACMEJ, the village of Katogota, already the scene of a massacre on May 14, 2000, in which 375 civilians died, has once again been “destroyed, looted, wounded, and bombed by the M23 and its Rwandan allies.” “The attackers have illegally occupied the premises of the local Catholic Church of Saint Berger—church, school, and prayer hall—as well as the multipurpose hall of the Katogota community, setting up their camp there and transforming the religious and educational spaces into military accommodation,” the statement sent to Fides said.”The villagers ask Pope Leo XIV to make a new solemn appeal for peace in the eastern Democratic Republic of the Congo, starting with an immediate and effective ceasefire and the creation of a buffer zone in the villages of Katogota and Kamanyola, under the control of military forces sent by the United Nations Security Council or the African Union.” According to the ACMEJ, this measure would allow refugees and displaced persons from Katogota to return to their homes more safely, pending a final peace agreement,” the human rights organization stated.The villages of Katogota and Kamanyola are currently on the front line separating the M23 from forces loyal to the Kinshasa government (see Fides, 4/3/2025). The situation has been further aggravated by the Congolese government’s recent decision to close banks and airports in areas under M23 control.The Secretary General of the National Episcopal Conference of Congo (CENCO), Bishop Donatien Nshole, denounced the interruption of these essential services. “The closure of banks and airports in these areas forces many families to survive in particularly precarious conditions,” he said on May 19. (L.M.) (Agenzia Fides, 21/5/2025)
Share:

MIL OSI Europe News –

May 22, 2025
MIL-OSI United Kingdom: UK attends Kimberley Process Intersessional hosted by the United Arab Emirates
Source: United Kingdom – Executive Government & Departments 3

News story

UK attends Kimberley Process Intersessional hosted by the United Arab Emirates

The United Kingdom reaffirms commitment to the Kimberley Process and support for its tripartite framework following the 2025 Kimberley Process Intersessional.
The United Kingdom thanks the United Arab Emirates (UAE) for hosting the Kimberley Process Intersessional from 12 to 16 May.

A strength of the Kimberley Process is its tripartite nature, which brings together leading expert voices from governments, local communities and industry.

We reaffirm our commitment to listening to and championing the voice of the Civil Society Coalition in the Kimberley Process and look forward to their contributions to the ongoing review and reform cycle.

We are proud to be a founding member of the Kimberley Process and continue to support the Initiative’s efforts to address the evolving nature of conflicts.

We look forward in particular to continuing collaboration with all Kimberley Process Participants and Observers on broadening the definition of “conflict diamonds”. This will ensure that the Kimberley Process remains relevant to emerging challenges.

The Kimberley Process was designed to ensure that diamonds are not used to finance armed conflict. We regret that to date, the Process has not addressed the implications of Russia’s use of rough diamond revenue to fund their illegal war in Ukraine and will continue to press for this to be on its agenda.

Share this page

The following links open in a new tab

Share on Facebook (opens in new tab)

Share on Twitter (opens in new tab)

Updates to this page

Published 21 May 2025

Invasion of Ukraine

UK visa support for Ukrainian nationals

Move to the UK if you’re coming from Ukraine

Homes for Ukraine: record your interest

Find out about the UK’s response
MIL OSI United Kingdom –
May 21, 2025
MIL-OSI: Radware Recognized as a Leader and Fast Mover in the GigaOm Radar for Application and API Security
Source: GlobeNewswire (MIL-OSI)

MAHWAH, N.J., May 21, 2025 (GLOBE NEWSWIRE) — Radware® (NASDAQ: RDWR), a global leader in application security and delivery solutions for multi-cloud environments, today announced it was named a Leader and Fast Mover in the GigaOm Radar for Application and API Security. The Radar examines 16 of the top application and API security solutions to help organizations make more informed investment decisions.

The Radar recognized Radware’s vulnerability detection, account takeover protection, and bot management as core areas of strength. Highlights from the report include:
- “Radware’s comprehensive coverage of OWASP Top 10 web application security risks and Top 10 API security vulnerabilities, coupled with real-time adaption capabilities, demonstrates a cutting-edge approach to AI-enhanced vulnerability detection that goes beyond the basics to offer advanced protection and automated response.”
- “Radware’s system also includes ML-based anomaly detection that can identify anomalies on targeted endpoints and automatically push real-time signatures to mitigate attacks, demonstrating a proactive and adaptive approach to account take over protection that goes beyond standard measures.”
- “Radware earned a strong score due to a multilayered strategy that includes preemptive protection to block unwanted IPs and identities, AI-powered behavioral-based detection that catches threats others might miss, and advanced mitigation offering a wide range of granular and accurate options.”
“Organizations are increasingly relying on web applications and APIs to operate their businesses, generate revenue, and engage customers, which is why keeping them secure has become so important—and more difficult,” said Connie Stack, Radware’s chief growth officer. “Our advanced AI and machine learning technologies offer customers real-time, state-of-the-art protection across an attack surface and threat landscape that is constantly evolving. We are honored to be recognized among the market’s leading providers of application and API security solutions by GigaOm.”

Radware’s complete Cloud Application Protection Service includes bot detection and management, API protection, a web application firewall (WAF), client-side protection, and application-layer DDoS protection. Combining end-to-end automation, behavioral-based detection, and 24/7 managed services, the solution is designed to offer organizations the highest level of application protection with the lowest level of false positives.

Radware has also received awards and recognitions for its application and network security solutions from other industry analysts, including Aite-Novarica Group, Forrester, Gartner, KuppingerCole, and QKS Group.

About Radware
Radware® (NASDAQ: RDWR) is a global leader in application security and delivery solutions for multi-cloud environments. The company’s cloud application, infrastructure, and API security solutions use AI-driven algorithms for precise, hands-free, real-time protection from the most sophisticated web, application, and DDoS attacks, API abuse, and bad bots. Enterprises and carriers worldwide rely on Radware’s solutions to address evolving cybersecurity challenges and protect their brands and business operations while reducing costs. For more information, please visit the Radware website.

Radware encourages you to join our community and follow us on: Facebook, LinkedIn, Radware Blog, X, and YouTube.

©2025 Radware Ltd. All rights reserved. Any Radware products and solutions mentioned in this press release are protected by trademarks, patents, and pending patent applications of Radware in the U.S. and other countries. For more details, please see: https://www.radware.com/LegalNotice/. All other trademarks and names are property of their respective owners.

THIS PRESS RELEASE AND THE GIGAOM RADAR FOR APPLICATION AND API SECURITY ARE PROVIDED FOR INFORMATIONAL PURPOSES ONLY. THESE MATERIALS ARE NOT INTENDED TO BE AN INDICATOR OF RADWARE’S BUSINESS PERFORMANCE OR OPERATING RESULTS FOR ANY PRIOR, CURRENT, OR FUTURE PERIOD.

Radware believes the information in this document is accurate in all material respects as of its publication date. However, the information is provided without any express, statutory, or implied warranties and is subject to change without notice.

The contents of any website or hyperlinks mentioned in this press release are for informational purposes and the contents thereof are not part of this press release.

Safe Harbor Statement
This press release includes “forward-looking statements” within the meaning of the Private Securities Litigation Reform Act of 1995. Any statements made herein that are not statements of historical fact, including statements about Radware’s plans, outlook, beliefs, or opinions, are forward-looking statements. Generally, forward-looking statements may be identified by words such as “believes,” “expects,” “anticipates,” “intends,” “estimates,” “plans,” and similar expressions or future or conditional verbs such as “will,” “should,” “would,” “may,” and “could.” For example, when we say in this press release that organizations are increasingly relying on web applications and APIs to operate their businesses, generate revenue, and engage customers, which is why keeping them secure has become so important—and more difficult, we are using forward-looking statements. Because such statements deal with future events, they are subject to various risks and uncertainties, and actual results, expressed or implied by such forward-looking statements, could differ materially from Radware’s current forecasts and estimates. Factors that could cause or contribute to such differences include, but are not limited to: the impact of global economic conditions, including as a result of the state of war declared in Israel in October 2023 and instability in the Middle East, the war in Ukraine, tensions between China and Taiwan, financial and credit market fluctuations (including elevated interest rates), impacts from tariffs or other trade restrictions, inflation, and the potential for regional or global recessions; our dependence on independent distributors to sell our products; our ability to manage our anticipated growth effectively; our business may be affected by sanctions, export controls, and similar measures, targeting Russia and other countries and territories, as well as other responses to Russia’s military conflict in Ukraine, including indefinite suspension of operations in Russia and dealings with Russian entities by many multi-national businesses across a variety of industries; the ability of vendors to provide our hardware platforms and components for the manufacture of our products; our ability to attract, train, and retain highly qualified personnel; intense competition in the market for cybersecurity and application delivery solutions and in our industry in general, and changes in the competitive landscape; our ability to develop new solutions and enhance existing solutions; the impact to our reputation and business in the event of real or perceived shortcomings, defects, or vulnerabilities in our solutions, if our end-users experience security breaches, or if our information technology systems and data, or those of our service providers and other contractors, are compromised by cyber-attackers or other malicious actors or by a critical system failure; our use of AI technologies that present regulatory, litigation, and reputational risks; risks related to the fact that our products must interoperate with operating systems, software applications and hardware that are developed by others; outages, interruptions, or delays in hosting services; the risks associated with our global operations, such as difficulties and costs of staffing and managing foreign operations, compliance costs arising from host country laws or regulations, partial or total expropriation, export duties and quotas, local tax exposure, economic or political instability, including as a result of insurrection, war, natural disasters, and major environmental, climate, or public health concerns; our net losses in the past and the possibility that we may incur losses in the future; a slowdown in the growth of the cybersecurity and application delivery solutions market or in the development of the market for our cloud-based solutions; long sales cycles for our solutions; risks and uncertainties relating to acquisitions or other investments; risks associated with doing business in countries with a history of corruption or with foreign governments; changes in foreign currency exchange rates; risks associated with undetected defects or errors in our products; our ability to protect our proprietary technology; intellectual property infringement claims made by third parties; laws, regulations, and industry standards affecting our business; compliance with open source and third-party licenses; complications with the design or implementation of our new enterprise resource planning (“ERP”) system; our reliance on information technology systems; our ESG disclosures and initiatives; and other factors and risks over which we may have little or no control. This list is intended to identify only certain of the principal factors that could cause actual results to differ. For a more detailed description of the risks and uncertainties affecting Radware, refer to Radware’s Annual Report on Form 20-F, filed with the Securities and Exchange Commission (SEC), and the other risk factors discussed from time to time by Radware in reports filed with, or furnished to, the SEC. Forward-looking statements speak only as of the date on which they are made and, except as required by applicable law, Radware undertakes no commitment to revise or update any forward-looking statement in order to reflect events or circumstances after the date any such statement is made. Radware’s public filings are available from the SEC’s website at www.sec.gov or may be obtained on Radware’s website at www.radware.com.

Media Contact:
Gerri Dyrek
Radware
Gerri.Dyrek@radware.com

The MIL Network –
May 21, 2025
MIL-OSI Asia-Pac: President Lai hosts state banquet for President Surangel Whipps Jr. of Republic of Palau

Source: Republic of China Taiwan

Details
2025-05-20
President Lai and President Surangel S. Whipps, Jr. of Palau hold bilateral talks and witness signing of cooperation agreements
On the afternoon of May 20, following a welcome ceremony with military honors for President Surangel S. Whipps, Jr. of the Republic of Palau and his wife, President Lai Ching-te, accompanied by Vice President Bi-khim Hsiao, held bilateral talks with President Whipps at the Presidential Office. The two leaders also jointly witnessed the signing of a technical cooperation agreement and an agreement on diplomatic staff training cooperation. In remarks, President Lai thanked Palau for standing firm in its backing of Taiwan’s international participation as geopolitical tensions continue to increase in the Pacific region. He added that he looks forward to the cooperative ties between Taiwan and Palau continuing to expand into even broader areas, allowing our economies and societies to further progress as we jointly advance peace, stability, and prosperity in the Indo-Pacific region. A translation of President Lai’s remarks follows: I welcome our guests to Taiwan once again. Last year on May 20, President Whipps led a delegation to attend the inauguration ceremony for myself and Vice President Hsiao. I am delighted, on the anniversary of my first year in office, to meet with old friends of Taiwan again, as President Whipps returns for this visit. Taiwan-Palau relations have grown even closer in recent years thanks to the strong support of President Whipps. In 2022, during my term as vice president, I led a delegation to Palau as a demonstration of how our nations were together boosting tourism development as we jointly faced the challenges of the COVID-19 pandemic. Every time I visit Palau, and every time I meet with President Whipps, I feel very deeply that Taiwan and Palau are like family. We are both maritime nations and share a common Austronesian heritage and culture. We are also staunch partners in upholding such values as freedom, democracy, and respect for human rights. Last December, when I went on my first overseas trip since taking office, one of the nations I visited was Palau. We celebrated the 30th anniversary of Palau’s independence and 25 years of diplomatic relations, underscoring our friendly ties. Taiwan and Palau enjoy close exchanges and cooperation in a range of areas, including climate change, education, agriculture and fisheries, healthcare, humanitarian assistance, sports, and culture. After this meeting, President Whipps and I will witness the signing of a technical cooperation agreement and an agreement on diplomatic staff training cooperation, demonstrating once again our diverse collaboration and strong friendship. I believe that by working together, Taiwan and Palau can contribute to each other’s development and overcome the regional and global challenges we currently face. In particular, as geopolitical tensions continue to increase in the Pacific region, Palau has wisely and courageously upheld democratic values and stood firm in its backing of Taiwan’s international participation. Palau has never stopped voicing support for Taiwan, including at the United Nations General Assembly, the World Health Organization, the UN Framework Convention on Climate Change Conference of the Parties, and the UN Ocean Conference. We have been deeply moved by this support. I thank President Whipps again for his high regard and support for Taiwan. I look forward to the cooperative ties between our nations continuing to expand into even broader areas. This will allow our economies and societies to further progress as we jointly advance peace, stability, and prosperity in the Indo-Pacific region. President Whipps then delivered remarks, saying that it is a great honor for him to be here, standing in this historic place – a symbol of strength, resilience, and the democratic spirit of the Taiwanese people. On behalf of the government of Palau, President Whipps extended heartfelt gratitude to President Lai and the people of Taiwan for the warm welcome and gracious hospitality toward him and his delegation. President Whipps then extended sincere thanks for President Lai’s visit to Palau in December – his second visit to Palau – and for having Minister of Foreign Affairs Lin Chia-lung (林佳龍) attend his inauguration as a special envoy. He added that this also marks his third visit to Taiwan since President Lai took office, saying that this demonstrates the strength of our growing relationship. President Whipps indicated that the increased engagements and numerous entrepreneurs that President Lai has brought from Taiwan to Palau have resulted in fruitful visits, and that President Lai’s leadership represents hope, unity, and continued advancement of democracy and freedom, not only for Taiwan, but for the broader Indo-Pacific region. President Whipps went on to say that this visit to Taiwan reaffirms our deep friendship and shared values between our two nations. He emphasized that Palau and Taiwan are bound not by proximity, but by purpose, in that both are island nations and believe in human dignity, the rule of law, and the right of our people to determine their own futures. President Whipps stated that although we are celebrating 26 years of diplomatic relations, Taiwan has been a steadfast partner of Palau for decades, and that one of the MOUs they are signing further extends the relationship that began in December of 1984. From healthcare and medical missions, to education, agriculture, renewable energy, infrastructure, the private sector, tourism development, and climate resilience, he said, our cooperation has improved lives and strengthened our communities. The president also indicated that during the COVID-19 pandemic, Taiwan stood with Palau, noting that both sides began the tourism bubble, and that President Lai came to Palau to reopen the two weekly direct flights that have now been increased to four. That solidarity will never be forgotten, he said. As the world faces growing uncertainty and complex challenges from climate change to global tensions, President Whipps said, this friendship becomes even more vital. The president concluded his remarks by expressing hope that both nations continue to stand together, work together, and advocate together for peace, prosperity, and for the right of small nations to be seen, heard, and respected. After the bilateral talks, President Lai and President Whipps witnessed the signing of the technical cooperation agreement and the agreement on diplomatic staff training cooperation by Minister Lin and Palauan Minister of State Gustav Aitaro. The delegation also included Palauan Minister of Public Infrastructure and Industries Charles Obichang, Minister of Human Resources, Culture, Tourism and Development Ngiraibelas Tmetuchl, Senate Floor Leader Kerai Mariur, House of Delegates Floor Leader Warren Umetaro, High Chief of Ngiwal State Elliot Udui, Governor of Peleliu State Emais Roberts, and Governor of Koror State Eyos Rudimch.

Details
2025-05-20
President Lai interviewed by Nippon Television and Yomiuri TV
In a recent interview on Nippon Television’s news zero program, President Lai Ching-te responded to questions from host Mr. Sakurai Sho and Yomiuri TV Shanghai Bureau Chief Watanabe Masayo on topics including reflections on his first year in office, cross-strait relations, China’s military threats, Taiwan-United States relations, and Taiwan-Japan relations. The interview was broadcast on the evening of May 19. During the interview, President Lai stated that China intends to change the world’s rules-based international order, and that if Taiwan were invaded, global supply chains would be disrupted. Therefore, he said, Taiwan will strengthen its national defense, prevent war by preparing for war, and achieve the goal of peace. The president also noted that Taiwan’s purpose for developing drones is based on national security and industrial needs, and that Taiwan hopes to collaborate with Japan. He then reiterated that China’s threats are an international problem, and expressed hope to work together with the US, Japan, and others in the global democratic community to prevent China from starting a war. Following is the text of the questions and the president’s responses: Q: How do you feel as you are about to round out your first year in office? President Lai: When I was young, I was determined to practice medicine and save lives. When I left medicine to go into politics, I was determined to transform Taiwan. And when I was sworn in as president on May 20 last year, I was determined to strengthen the nation. Time flies, and it has already been a year. Although the process has been very challenging, I am deeply honored to be a part of it. I am also profoundly grateful to our citizens for allowing me the opportunity to give back to our country. The future will certainly be full of more challenges, but I will do everything I can to unite the people and continue strengthening the nation. That is how I am feeling now. Q: We are now coming up on the 80th anniversary of the end of World War II, and over this period, we have often heard that conflict between Taiwan and the mainland is imminent. Do you personally believe that a cross-strait conflict could happen? President Lai: The international community is very much aware that China intends to replace the US and change the world’s rules-based international order, and annexing Taiwan is just the first step. So, as China’s military power grows stronger, some members of the international community are naturally on edge about whether a cross-strait conflict will break out. The international community must certainly do everything in its power to avoid a conflict in the Taiwan Strait; there is too great a cost. Besides causing direct disasters to both Taiwan and China, the impact on the global economy would be even greater, with estimated losses of US$10 trillion from war alone – that is roughly 10 percent of the global GDP. Additionally, 20 percent of global shipping passes through the Taiwan Strait and surrounding waters, so if a conflict breaks out in the strait, other countries including Japan and Korea would suffer a grave impact. For Japan and Korea, a quarter of external transit passes through the Taiwan Strait and surrounding waters, and a third of the various energy resources and minerals shipped back from other countries pass through said areas. If Taiwan were invaded, global supply chains would be disrupted, and therefore conflict in the Taiwan Strait must be avoided. Such a conflict is indeed avoidable. I am very thankful to Prime Minister of Japan Ishiba Shigeru and former Prime Ministers Abe Shinzo, Suga Yoshihide, and Kishida Fumio, as well as US President Donald Trump and former President Joe Biden, and the other G7 leaders, for continuing to emphasize at international venues that peace and stability across the Taiwan Strait are essential components for global security and prosperity. When everyone in the global democratic community works together, stacking up enough strength to make China’s objectives unattainable or to make the cost of invading Taiwan too high for it to bear, a conflict in the strait can naturally be avoided. Q: As you said, President Lai, maintaining peace and stability across the Taiwan Strait is also very important for other countries. How can war be avoided? What sort of countermeasures is Taiwan prepared to take to prevent war? President Lai: As Mr. Sakurai mentioned earlier, we are coming up on the 80th anniversary of the end of WWII. There are many lessons we can take from that war. First is that peace is priceless, and war has no winners. From the tragedies of WWII, there are lessons that humanity should learn. We must pursue peace, and not start wars blindly, as that would be a major disaster for humanity. In other words, we must be determined to safeguard peace. The second lesson is that we cannot be complacent toward authoritarian powers. If you give them an inch, they will take a mile. They will keep growing, and eventually, not only will peace be unattainable, but war will be inevitable. The third lesson is why WWII ended: It ended because different groups joined together in solidarity. Taiwan, Japan, and the Indo-Pacific region are all directly subjected to China’s threats, so we hope to be able to join together in cooperation. This is why we proposed the Four Pillars of Peace action plan. First, we will strengthen our national defense. Second, we will strengthen economic resilience. Third is standing shoulder to shoulder with the democratic community to demonstrate the strength of deterrence. Fourth is that as long as China treats Taiwan with parity and dignity, Taiwan is willing to conduct exchanges and cooperate with China, and seek peace and mutual prosperity. These four pillars can help us avoid war and achieve peace. That is to say, Taiwan hopes to achieve peace through strength, prevent war by preparing for war, keeping war from happening and pursuing the goal of peace. Q: Regarding drones, everyone knows that recently, Taiwan has been actively researching, developing, and introducing drones. Why do you need to actively research, develop, and introduce new drones at this time? President Lai: This is for two purposes. The first is to meet national security needs. The second is to meet industrial development needs. Because Taiwan, Japan, and the Philippines are all part of the first island chain, and we are all democratic nations, we cannot be like an authoritarian country like China, which has an unlimited national defense budget. In this kind of situation, island nations such as Taiwan, Japan, and the Philippines should leverage their own technologies to develop national defense methods that are asymmetric and utilize unmanned vehicles. In particular, from the Russo-Ukrainian War, we see that Ukraine has successfully utilized unmanned vehicles to protect itself and prevent Russia from unlimited invasion. In other words, the Russo-Ukrainian War has already proven the importance of drones. Therefore, the first purpose of developing drones is based on national security needs. Second, the world has already entered the era of smart technology. Whether generative, agentic, or physical, AI will continue to develop. In the future, cars and ships will also evolve into unmanned vehicles and unmanned boats, and there will be unmanned factories. Drones will even be able to assist with postal deliveries, or services like Uber, Uber Eats, and foodpanda, or agricultural irrigation and pesticide spraying. Therefore, in the future era of comprehensive smart technology, developing unmanned vehicles is a necessity. Taiwan, based on industrial needs, is actively planning the development of drones and unmanned vehicles. I would like to take this opportunity to express Taiwan’s hope to collaborate with Japan in the unmanned vehicle industry. Just as we do in the semiconductor industry, where Japan has raw materials, equipment, and technology, and Taiwan has wafer manufacturing, our two countries can cooperate. Japan is a technological power, and Taiwan also has significant technological strengths. If Taiwan and Japan work together, we will not only be able to safeguard peace and stability in the Taiwan Strait and security in the Indo-Pacific region, but it will also be very helpful for the industrial development of both countries. Q: The drones you just described probably include examples from the Russo-Ukrainian War. Taiwan and China are separated by the Taiwan Strait. Do our drones need to have cross-sea flight capabilities? President Lai: Taiwan does not intend to counterattack the mainland, and does not intend to invade any country. Taiwan’s drones are meant to protect our own nation and territory. Q: Former President Biden previously stated that US forces would assist Taiwan’s defense in the event of an attack. President Trump, however, has yet to clearly state that the US would help defend Taiwan. Do you think that in such an event, the US would help defend Taiwan? Or is Taiwan now trying to persuade the US? President Lai: Former President Biden and President Trump have answered questions from reporters. Although their responses were different, strong cooperation with Taiwan under the Biden administration has continued under the Trump administration; there has been no change. During President Trump’s first term, cooperation with Taiwan was broader and deeper compared to former President Barack Obama’s terms. After former President Biden took office, cooperation with Taiwan increased compared to President Trump’s first term. Now, during President Trump’s second term, cooperation with Taiwan is even greater than under former President Biden. Taiwan-US cooperation continues to grow stronger, and has not changed just because President Trump and former President Biden gave different responses to reporters. Furthermore, the Trump administration publicly stated that in the future, the US will shift its strategic focus from Europe to the Indo-Pacific. The US secretary of defense even publicly stated that the primary mission of the US is to prevent China from invading Taiwan, maintain stability in the Indo-Pacific, and thus maintain world peace. There is a saying in Taiwan that goes, “Help comes most to those who help themselves.” Before asking friends and allies for assistance in facing threats from China, Taiwan must first be determined and prepared to defend itself. This is Taiwan’s principle, and we are working in this direction, making all the necessary preparations to safeguard the nation. Q: I would like to ask you a question about Taiwan-Japan relations. After the Great East Japan Earthquake in 2011, you made an appeal to give Japan a great deal of assistance and care. In particular, you visited Sendai to offer condolences. Later, you also expressed condolences and concern after the earthquakes in Aomori and Kumamoto. What are your expectations for future Taiwan-Japan exchanges and development? President Lai: I come from Tainan, and my constituency is in Tainan. Tainan has very deep ties with Japan, and of course, Taiwan also has deep ties with Japan. However, among Taiwan’s 22 counties and cities, Tainan has the deepest relationship with Japan. I sincerely hope that both of you and your teams will have an opportunity to visit Tainan. I will introduce Tainan’s scenery, including architecture from the era of Japanese rule, Tainan’s cuisine, and unique aspects of Tainan society, and you can also see lifestyles and culture from the Showa era. The Wushantou Reservoir in Tainan was completed by engineer Mr. Hatta Yoichi from Kanazawa, Japan and the team he led to Tainan after he graduated from then-Tokyo Imperial University. It has nearly a century of history and is still in use today. This reservoir, along with the 16,000-km-long Chianan Canal, transformed the 150,000-hectare Chianan Plain into Taiwan’s premier rice-growing area. It was that foundation in agriculture that enabled Taiwan to develop industry and the technology sector of today. The reservoir continues to supply water to Tainan Science Park. It is used by residents of Tainan, the agricultural sector, and industry, and even the technology sector in Xinshi Industrial Park, as well as Taiwan Semiconductor Manufacturing Company. Because of this, the people of Tainan are deeply grateful for Mr. Hatta and very friendly toward the people of Japan. A major earthquake, the largest in 50 years, struck Tainan on February 6, 2016, resulting in significant casualties. As mayor of Tainan at the time, I was extremely grateful to then-Prime Minister Abe, who sent five Japanese officials to the disaster site in Tainan the day after the earthquake. They were very thoughtful and asked what kind of assistance we needed from the Japanese government. They offered to provide help based on what we needed. I was deeply moved, as former Prime Minister Abe showed such care, going beyond the formality of just sending supplies that we may or may not have actually needed. Instead, the officials asked what we needed and then provided assistance based on those needs, which really moved me. Similarly, when the Great East Japan Earthquake of 2011 or the later Kumamoto earthquakes struck, the people of Tainan, under my leadership, naturally and dutifully expressed their support. Even earlier, when central Taiwan was hit by a major earthquake in 1999, Japan was the first country to deploy a rescue team to the disaster area. On February 6, 2018, after a major earthquake in Hualien, former Prime Minister Abe appeared in a video holding up a message of encouragement he had written in calligraphy saying “Remain strong, Taiwan.” All of Taiwan was deeply moved. Over the years, Taiwan and Japan have supported each other when earthquakes struck, and have forged bonds that are family-like, not just neighborly. This is truly valuable. In the future, I hope Taiwan and Japan can be like brothers, and that the peoples of Taiwan and Japan can treat one another like family. If Taiwan has a problem, then Japan has a problem; if Japan has a problem, then Taiwan has a problem. By caring for and helping each other, we can face various challenges and difficulties, and pursue a brighter future. Q: President Lai, you just used the phrase “If Taiwan has a problem, then Japan has a problem.” In the event that China attempts to invade Taiwan by force, what kind of response measures would you hope the US military and Japan’s Self-Defense Forces take? President Lai: As I just mentioned, annexing Taiwan is only China’s first step. Its ultimate objective is to change the rules-based international order. That being the case, China’s threats are an international problem. So, I would very much hope to work together with the US, Japan, and others in the global democratic community to prevent China from starting a war – prevention, after all, is more important than cure.

Details
2025-05-13
President Lai interviewed by Japan’s Nikkei
In a recent interview with Japan’s Nikkei, President Lai Ching-te responded to questions regarding Taiwan-Japan and Taiwan-United States relations, cross-strait relations, the semiconductor industry, and the international economic and trade landscape. The interview was published by Nikkei on May 13. President Lai indicated that Nikkei, Inc. is a global news organization that has received significant recognition both domestically and internationally, and that he is deeply honored to be interviewed by Nikkei and grateful for their invitation. The president said that he would like to take this rare opportunity to thank Japan’s government, National Diet, society, and public for their longstanding support for Taiwan. Noting that current Prime Minister Ishiba Shigeru and former Prime Ministers Abe Shinzo, Suga Yoshihide, and Kishida Fumio have all strongly supported Taiwan, he said that the peoples of Taiwan and Japan also have a deep mutual affection, and that through the interview, he hopes to enhance the bilateral relationship between Taiwan and Japan, deepen the affection between our peoples, and foster more future cooperation to promote prosperity and development in both countries. In response to questions raised on the free trade system and the recent tariff war, President Lai indicated that over the past few decades, the free economy headed by the Western world and led by the US has brought economic prosperity and political stability to Taiwan and Japan. At the same time, he said, we have also learned or followed many Western values. The president said he believes that Taiwan and Japan are exemplary students, but some countries are not. Therefore, he said, the biggest crisis right now is China, which exploits the free trade system to engage in plagiarism and counterfeiting, infringe on intellectual property rights, and even provide massive government subsidies that facilitate the dumping of low-priced goods worldwide, which has a major impact on many countries including Japan and Taiwan. If this kind of unfair trade is not resolved, he said, the stable societies and economic prosperity we have painstakingly built over decades, as well as some of the values we pursue, could be destroyed. Therefore, President Lai said he thinks it is worthwhile for us to observe the recent willingness of the US to address unfair trade, and if necessary, offer assistance. President Lai emphasized that the national strategic plan for Taiwanese industries is for them to be rooted in Taiwan while expanding their global presence and marketing worldwide. Therefore, he said, while the 32 percent tariff increase imposed by the US on Taiwan is indeed a major challenge, we are willing to address it seriously and find opportunities within that challenge, making Taiwan’s strategic plan for industry even more comprehensive. When asked about Taiwan’s trade arrangements, President Lai indicated that in 2010 China accounted for 83.8 percent of Taiwan’s outbound investment, but last year it accounted for only 7.5 percent. In 2020, he went on, 43.9 percent of Taiwan’s exports went to China, but that figure dropped to 31.7 percent in 2024. The president said that we have systematically transferred investments from Taiwanese enterprises to Japan, Southeast Asia, Europe, and the US. Therefore, he said, last year Taiwan’s largest outbound investment was in the US, accounting for roughly 40 percent of the total. Nevertheless, only 23.4 percent of Taiwanese products were sold to the US, with 76.6 percent sold to places other than the US, he said. The president emphasized that we don’t want to put all our eggs in one basket, and hope to establish a global presence. Under these circumstances, he said, Taiwan is very eager to cooperate with Japan. President Lai stated that at this moment, the Indo-Pacific and international community really need Japan’s leadership, especially to make the Comprehensive and Progressive Agreement for Trans-Pacific Partnership (CPTPP) excel in its functions, and also requested Japan to support Taiwan’s CPTPP accession. The president said that Taiwan hopes to sign an Economic Partnership Agreement (EPA) with Japan to build closer ties in economic trade and promote further investment, and that we also hope to strengthen relations with the European Union, and even other regions. Currently, he said, we are proposing an initiative on global semiconductor supply chain partnerships for democracies, because the semiconductor industry is an ecosystem. The president raised the example that Japan has materials, equipment, and technology; the US has IC design and marketing; Taiwan has production and manufacturing; and the Netherlands excels in equipment, saying we therefore hope to leverage Taiwan’s advantages in production and manufacturing to connect the democratic community and establish a global non-red supply chain for semiconductors, ensuring further world prosperity and development in the future, and ensuring that free trade can continue to function without being affected by dumping, which would undermine future prosperity and development. The president stated that as we want industries to expand their global presence and market internationally while staying rooted here in Taiwan, having industries rooted in Taiwan involves promoting pay raises for employees, tax cuts, and deregulation, as well as promoting enterprise investment tax credits. He said that we have also proposed Three Major Programs for Investing in Taiwan for Taiwanese enterprises and are actively resolving issues regarding access to water, electricity, land, human resources, and professional talent so that the business community can return to Taiwan to invest, or enterprises in Taiwan can increase their investments. He went on to say that we are also actively signing bilateral investment agreements with friends and allies so that when our companies invest and expand their presence abroad, their rights and interests as investors are ensured. President Lai mentioned that Taiwan hopes to sign an EPA with Japan, similar to the Taiwan-US Initiative on 21st-Century Trade and the Economic Prosperity Partnership Dialogue, or the Enhanced Trade Partnership arrangement with the United Kingdom, or similar agreements or memorandums of understanding with Canada and Australia that allow Taiwanese products to be marketed worldwide, concluding that those are our overall arrangements. Looking at the history of Taiwan’s industrial development, President Lai indicated, of course it began in Taiwan, and then moved west to China and south to Southeast Asia. He said that we hope to take this opportunity to strengthen cooperation with Japan to the north, across the Pacific Ocean to the east, and develop the North American market, making Taiwan’s industries even stronger. In other words, he said, while Taiwan sees the current reciprocal tariffs imposed by the US as a kind of challenge, it also views these changes positively. On the topic of pressure from China affecting Taiwan’s participation in international frameworks such as the CPTPP or its signing of an EPA with Japan, President Lai responded that the key point is what kind of attitude we should adopt in viewing China’s acts of oppression. If we act based on our belief in free trade, he said, or on the universal values we pursue – democracy, freedom, and respect for human rights – and also on the understanding that a bilateral trade agreement between Taiwan and Japan would contribute to the economic prosperity and development of both countries, or that Taiwan’s accession to the CPTPP would benefit progress and prosperity in the Indo-Pacific region, then he hopes that friends and allies will strongly support us. On the Trump administration’s intentions regarding the reciprocal tariff policy and the possibility of taxing semiconductors, as well as how Taiwan plans to respond, President Lai said that since President Trump took office, he has paid close attention to interviews with both him and his staff. The president said that several of President Trump’s main intentions are: First, he wants to address the US fiscal situation. For example, President Lai said, while the US GDP is about US$29 trillion annually, its national debt stands at US$36 trillion, which is roughly 124 percent of GDP. Second, he went on, annual government spending exceeds US$6.5 trillion, but revenues are only around US$4.5 trillion, resulting in a nearly US$2 trillion deficit each year, about 7 percent of GDP. Third, he said, the US pays nearly US$1.2 trillion in interest annually, which exceeds the US$1 trillion defense budget and accounts for more than 3 percent of GDP. Fourth, President Trump still wants to implement tax cuts, aiming to reduce taxes for 85 percent of Americans, he said, noting that this would cost between US$500 billion and US$1 trillion. These points, President Lai said, illustrate his first goal: solving the fiscal problem. President Lai went on to say that second, the US feels the threat of China and believes that reindustrialization is essential; without reindustrialization, the US risks a growing gap in industrial capacity compared to China. Third, he said, in this era of global smart technology, President Trump wants to lead the nation to become a world center of AI. Fourth, he aims to ensure world peace and prevent future wars, President Lai said. In regard to what the US seeks to achieve, he said he believes these four areas form the core of the Trump administration’s intentions, and that is why President Trump has raised tariffs, demanded that trading partners purchase more American goods, and encouraged friendly and allied nations to invest in the US, all in order to achieve these goals. President Lai indicated that the 32 percent reciprocal tariff poses a critical challenge for Taiwan, and we must treat it seriously. He said that our approach is not confrontation, but negotiation to reduce tariffs, and that we have also agreed to measures such as procurement, investment, resolving non-tariff trade barriers, and addressing origin washing in order to effectively reduce the trade deficit between Taiwan and the US. Of course, he said, through this negotiation process, we also hope to turn challenges into opportunities. The president said that first, we aim to start negotiations from the proposal of zero tariffs and seek to establish a bilateral trade agreement with the US. Second, he went on, we hope to support US reindustrialization and its aim to become a world AI hub through investment, while simultaneously upgrading and transforming Taiwan’s industries, which would help further integrate Taiwan’s industries into the US economic structure, ensuring Taiwan’s long-term development. President Lai emphasized again that Taiwan’s national industrial strategy is for industries to stay firmly rooted in Taiwan while expanding their global presence and marketing worldwide. He repeated that we have gone from moving westward across the Taiwan Strait, to shifting southbound, to working closer northward with Japan, and now the time is ripe for us to expand eastward by investing in North America. In other words, he said, while we take this challenge seriously to protect national interests and ensure that no industry is sacrificed, we also hope these negotiations will lead to deeper Taiwan-US trade relations through Taiwanese investment in the US, concluding that these are our expectations. The president stated that naturally, the reciprocal tariffs imposed by the US will have an impact on Taiwanese industries, so in response, the Taiwanese government has already proposed support measures for affected industries totaling NT$93 billion. In addition, he said, we have outlined broader needs for Taiwan’s long-term development, which will be covered by a special budget proposal of NT$410 billion, noting that this has already been approved by the Executive Yuan and will be submitted to the Legislative Yuan for review. He said that this special budget proposal addresses four main areas: supporting industries, stabilizing employment, protecting people’s livelihoods, and enhancing resilience. As for tariffs on semiconductors, President Lai said, Taiwan Semiconductor Manufacturing Company (TSMC) has committed to investing in the US at the request of its customers. He said he believes that TSMC’s industry chain will follow suit, and that these are concrete actions that are unrelated to tariffs. However, he said, if the US were to invoke Section 232 and impose tariffs on semiconductors or related industries, it would discourage Taiwanese semiconductor and ICT investments in the US, and that we will make this position clear to the US going forward. President Lai indicated that among Taiwan’s exports to the US, there are two main categories: ICT products and electronic components, which together account for 65.4 percent. These are essential to the US, he said, unlike final goods such as cups, tables, or mattresses. He went on to say that what Taiwan sells to the US are the technological products required by AI designers like NVIDIA, AMD, Amazon, Google, and Apple, and that therefore, we will make sure the US understands clearly that we are not exporting end products, but the high-tech components necessary for the US to reindustrialize and become a global AI center. Furthermore, the president said, Taiwan is also willing to increase its defense budget and military procurement. He stated that Taiwan is committed to defending itself and is strongly willing to cooperate with friends and allies to ensure regional peace and stability, and that this is also something President Trump hopes to see. Asked whether TSMC’s fabs overseas could weaken Taiwan’s strategic position as a key hub for semiconductor manufacturing, and whether that could then give other countries fewer incentives to protect Taiwan, President Lai responded by saying that political leaders around the world including Japan’s Prime Minister Ishiba and former Prime Ministers Abe, Suga, and Kishida have emphasized, at the G7 and other major international fora, that peace and stability in the Taiwan Strait are essential for global security and prosperity. In other words, he explained, the international community cares about Taiwan and supports peace and stability in the Taiwan Strait because Taiwan is located in the first island chain in the Indo-Pacific, directly facing China. He pointed out that if Taiwan is not protected, China’s expansionist ambitions will certainly grow, which would impact the current rules-based international order. Thus, he said, the international community willingly cares about Taiwan and supports stability in the Taiwan Strait – that is the reason, and it has no direct connection with TSMC. He noted that after all, TSMC has not made investments in that many countries, stressing that, on that point, it is clear. President Lai said that TSMC’s investments in Japan, Europe, and the US are all natural, normal economic and investment activities. He said that Taiwan is a democratic country whose society is based on the rule of law, so when Taiwanese companies need to invest around the world for business needs, the government will support those investments in principle so long as they do not harm national interests. President Lai said that after TSMC Chairman C.C. Wei (魏哲家) held a press conference with President Trump to announce the investment in the US, Chairman Wei returned to Taiwan to hold a press conference with him at the Presidential Office, where the chairman explained to the Taiwanese public that TSMC’s R&D center will remain in Taiwan and that the facilities it has already committed to investing in here will not change and will not be affected. So, the president explained, to put it another way, TSMC will not be weakened by its investment in the US. He further emphasized that Taiwan has strengths in semiconductor manufacturing and is very willing to work alongside other democratic countries to promote the next stage of global prosperity and development. A question was raised about which side should be chosen between the US and China, under the current perception of a return to the Cold War, with East and West facing off as two opposing blocs. President Lai responded by saying that some experts and scholars describe the current situation as entering a new Cold War era between democratic and authoritarian camps; others assert that the war has already begun, including information warfare, economic and trade wars, and the ongoing wars in Europe – the Russo-Ukrainian War – and the Middle East, and the Israel-Hamas conflict. The president said that these are all matters experts have cautioned about, noting that he is not a historian and so will not attempt to define today’s political situation from an academic standpoint. However, he said, he believes that every country has a choice, which is to say, Taiwan, Japan, or any other nation does not necessarily have to choose between the US and China. What we are deciding, he said, is whether our country will maintain a democratic constitutional system or regress into an authoritarian regime, and this is essentially a choice of values – not merely a choice between two major powers. President Lai said that Taiwan’s situation is different from other countries because we face a direct threat from China. He pointed out that we have experienced military conflicts such as the August 23 Artillery Battle and the Battle of Guningtou – actual wars between the Republic of China and the People’s Republic of China. He said that China’s ambition to annex Taiwan has never wavered, and that today, China’s political and military intimidation, as well as internal united front infiltration, are growing increasingly intense. Therefore, he underlined, to defend democracy and sovereignty, protect our free and democratic system, and ensure the safety of our people’s lives and property, Taiwan’s choice is clear. President Lai said that China’s military exercises are not limited to the Taiwan Strait, and include the East China Sea, South China Sea, and even the Sea of Japan, as well as areas around Korea and Australia. Emphasizing that Taiwan, Japan, Australia, and the Philippines are all democratic nations, the president said that Taiwan’s choice is clear, and that he believes Japan also has no other choice. We are all democratic countries, he said, whose people have long pursued the universal values of democracy, freedom, and respect for human rights, and that is what is most important. Regarding the intensifying tensions between the US and China, the president was asked what roles Taiwan and Japan can play. President Lai responded that in his view, Japan is a powerful nation, and he sincerely hopes that Japan can take a leading role amid these changes in the international landscape. He said he believes that countries in the Indo-Pacific region are also willing to respond. He suggested several areas where we can work together: first, democracy and peace; second, innovation and prosperity; and third, justice and sustainability. President Lai stated that in the face of authoritarian threats, we should let peace be our beacon and democracy our compass as we respond to the challenges posed by authoritarian states. Second, he added, as the world enters an era characterized by the comprehensive adoption of smart technologies, Japan and Taiwan should collaborate in the field of innovation to further drive regional prosperity and development. Third, he continued, is justice and sustainability. He explained that because international society still has many issues that need to be resolved, Taiwan and Japan can cooperate for the public good, helping countries in need around the world, and cooperating to address climate change and achieve net-zero transition by 2050. Asked whether he hopes that the US will continue to be a leader in the liberal democratic system, President Lai responded by saying that although the US severed diplomatic ties with the Republic of China, for the past few decades it has assisted Taiwan in various areas such as national defense, security, and countering threats from China, based on the Taiwan Relations Act and the Six Assurances. He pointed out that Taiwan has also benefited, directly and indirectly, in terms of politics, democracy, and economic prosperity thanks to the US, and so Taiwan naturally hopes that the US remains strong and continues to lead the world. President Lai said that when the US encounters difficulties, whether financial difficulties, reindustrialization issues, or becoming a global center for AI, and hopes to receive support from its friends and allies to jointly safeguard regional peace and stability, Taiwan is willing to stand together for a common cause. If the US remains strong, he said, that helps Taiwan, the Indo-Pacific region, and the world as a whole. Noting that while the vital role of the US on the global stage has not changed, the president said that after decades of shouldering global responsibilities, it has encountered some issues. Now, it has to make adjustments, he said, stating his firm belief that it will do so swiftly, and quickly resume its leadership role in the world. Asked to comment on remarks he made during his election campaign that he would like to invite China’s President Xi Jinping for bubble tea, President Lai responded that Taiwan is a peace-loving country, and Taiwanese society is inherently kind, and therefore we hope to get along peacefully with China, living in peace and mutual prosperity. So, during his term as vice president, he said, he was expressing the goodwill of Taiwanese society. Noting that while he of course understands that China’s President Xi would have certain difficulties in accepting this, he emphasized that the goodwill of Taiwanese society has always existed. If China reflects on the past two or three decades, he said, it will see that its economy was able to develop with Taiwan as its largest foreign investor. The president explained that every year, 1 to 2 million Taiwanese were starting businesses or investing in China, creating numerous job opportunities and stabilizing Chinese society. While many Taiwanese businesses have profited, he said, Chinese society has benefited even more. He added that every time a natural disaster occurs, if China is in need, Taiwanese always offer donations. Therefore, the president said, he hopes that China can face the reality of the Republic of China’s existence and understand that the people of Taiwan hope to continue living free and democratic lives with respect for human rights. He also expressed hope that China can pay attention to the goodwill of Taiwanese society. He underlined that we have not abandoned the notion that as long as there is parity, dignity, exchange, and cooperation, the goodwill of choosing dialogue over confrontation and exchange over containment will always exist. Asked for his view on the national security reforms in response to China’s espionage activities and infiltration attempts, President Lai said that China’s united front infiltration activities in Taiwan are indeed very serious. He said that China’s ambitions to annex Taiwan rely not only on the use of political and military intimidation, but also on its long-term united front and infiltration activities in Taiwanese society. Recently, he pointed out, the Taiwan High Prosecutors Office of the Ministry of Justice prosecuted 64 spies, which is three times the number in 2021, and in addition to active-duty military personnel, many retired military personnel were also indicted. Moreover, he added, Taiwan also has the Chinese Unification Promotion Party, which has a background in organized crime, Rehabilitation Alliance Party, which was established by retired military personnel, and Republic of China Taiwan Military Government, which is also composed of retired generals. He explained that these are all China’s front organizations, and they plan one day to engage in collaboration within Taiwan, which shows the seriousness of China’s infiltration in Taiwan. Therefore, the president said, in the recent past he convened a high-level national security meeting and proposed 17 response strategies across five areas. He then enumerated the five areas: first, to address China’s threat to Taiwan’s sovereignty; second, to respond to the threat of China’s obscuring the Taiwanese people’s sense of national identity; third, to respond to the threat of China’s infiltrating and recruiting members of the ROC Armed Forces as spies; fourth, to respond to the threat of China’s infiltration of Taiwanese society through societal exchanges and united front work; and fifth, to respond to the threat of China using “integration plans” to draw Taiwan’s young people and Taiwanese businesses into its united front activities. In response to these five major threats, he said, he has proposed 17 response strategies, one of which being to restore the military trial system. He explained that if active-duty military personnel commit military crimes, they must be subject to military trials, and said that this expresses the Taiwanese government’s determination to respond to China’s united front infiltration and the subversion of Taiwan. Responding to the question of which actions Taiwan can take to guard against China’s threats to regional security, President Lai said that many people are worried that the increasingly tense situation may lead to accidental conflict and the outbreak of war. He stated his own view that Taiwan is committed to facing China’s various threats with caution. Taiwan is never the source of these problems, he emphasized, and if there is an accidental conflict and it turns into a full-scale war, it will certainly be a deliberate act by China using an accidental conflict as a pretext. He said that when China expanded its military presence in the East China Sea and South China Sea, the international community did not stop it; when China conducted exercises in the Taiwan Strait, the international community did not take strong measures to prevent this from happening. Now, he continued, China is conducting gray-zone exercises, which are aggressions against not only the Taiwan Strait, the South China Sea, and the East China Sea, but also extending to the Sea of Japan and waters near South Korea. He said that at this moment, Taiwan, the Philippines, Japan, and even the US should face these developments candidly and seriously, and we must exhibit unity and cooperation to prevent China’s gray-zone aggression from continuing to expand and prevent China from shifting from a military exercise to combat. If no action is taken now, the president said, the situation may become increasingly serious. Asked about the view of some US analysts who point out that China will have the ability to invade Taiwan around 2027, President Lai responded that Taiwan, as the country on the receiving end of threats and aggression, must plan for the worst and make the best preparations. He recalled a famous saying from the armed forces: “Do not count on the enemy not showing up; count on being ready should it strike.” This is why, he said, he proposed the Four Pillars of Peace action plan. First, he said, we must strengthen our national defense. Second, he added, we must strengthen economic resilience, adding that not only must our economy remain strong, but it must also be resilient, and that we cannot put all our eggs in the same basket, in China, as we have done in the past. Third, he continued, we must stand shoulder to shoulder with friends and allies such as Japan and the US, as well as the democratic community, and we must demonstrate the strength of deterrence to prevent China from making the wrong judgment. Fourth, he emphasized, as long as China treats Taiwan with parity and dignity, Taiwan is willing to conduct exchanges and cooperate with China and seek cross-strait peace and mutual prosperity through exchanges and cooperation. Regarding intensifying US-China confrontation, the president was asked in which areas he thinks Taiwan and Japan should strengthen cooperation; with Japan’s Ishiba administration also being a minority government, the president was asked for his expectations for the Ishiba administration. President Lai said that in the face of rapid and tremendous changes in the political situation, every government faces considerable challenges, especially for minority governments, but the Japanese government led by Prime Minister Ishiba has quite adequately responded with various strategies. Furthermore, he said, Japan is different from Taiwan, explaining that although Japan’s ruling party lacks a majority, political parties in Japan engage in competition domestically while exhibiting unity externally. He said that Taiwan’s situation is more challenging, because the ruling and opposition parties hold different views on the direction of the country, due to differences in national identity. The president expressed his hope that in the future Taiwan and Japan will enjoy even more comprehensive cooperation. He stated that he has always believed that deep historical bonds connect Taiwan and Japan. Over the past several decades, he said, when encountering natural disasters and tragedies, our two nations have assisted each other with mutual care and support. He said that the affection between the people of Taiwan and Japan is like that of a family. Pointing out that both countries face the threat of authoritarianism, he said that we share a mission to safeguard universal values such as democracy, freedom, and respect for human rights. The president said that our two countries should be more open to cooperation in various areas to maintain regional peace and stability as well as to strengthen cooperation in economic and industrial development, such as for semiconductor industry chains and everyday applications of AI, including robots and drones, adding that we can also cooperate on climate change response, such as in hydrogen energy and other strategies. He said our two countries should also continue to strengthen people-to-people exchanges. He then took the opportunity to once again invite our good friends from Japan to visit Taiwan for tourism and learn more about Taiwan, saying that the Taiwanese people wholeheartedly welcome our Japanese friends.

Details
2025-05-09
President Lai extends congratulations on election of His Holiness Pope Leo XIV
Following the successful election of the 267th pope of the Roman Catholic Church, His Holiness Pope Leo XIV, on May 8, President Lai Ching-te extended sincere congratulations on behalf of the people and government of Taiwan, including its Catholic community. The president stated that he looks forward to working with Pope Leo XIV to continue deepening cooperation in the area of humanitarian aid and jointly defend the universal value of religious freedom, expanding and strengthening the alliance between Taiwan and the Vatican. Upon learning of the election results, President Lai directed the Republic of China (Taiwan) Embassy to the Holy See to convey a message of congratulations. In the message, President Lai extended sincere congratulations to Pope Leo XIV on behalf of the people and government of Taiwan, including its Catholic community, expressing confidence that His Holiness will lead the Catholic Church and its 1.4 billion followers worldwide with profound wisdom. President Lai also emphasized that Taiwan looks forward to continuing to work alongside the Holy See in the shared pursuit of peace, justice, religious freedom, solidarity, friendship, and human dignity. This year marks the 83rd anniversary of the establishment of diplomatic ties between Taiwan and the Vatican. Enjoying a strong alliance, Taiwan and the Vatican share such universal values as freedom of religion, respect for human rights, peace, and benevolence, and conduct close exchanges. Taiwan will continue to engage in exchanges and cooperation with the Holy See, further strengthen bilateral relations, and work alongside the Holy See to contribute even more to the world.

Details
2025-05-05
President Lai meets Japanese Diet Member and former Minister of Economy, Trade, and Industry Nishimura Yasutoshi
On the afternoon of May 5, President Lai Ching-te met with a delegation from Japan led by House of Representatives Member and former Minister of Economy, Trade, and Industry Nishimura Yasutoshi. President Lai thanked the government of Japan for continuously speaking up for Taiwan at international venues and reiterating the importance of peace and stability in the Taiwan Strait. The president stated that to address China’s gray-zone aggression against neighboring countries, Taiwan and Japan, both located in the first island chain, should strengthen cooperation and respond together. He said he looks forward to bilateral industrial cooperation in fields including semiconductors, hydrogen energy, AI, and drones, jointly strengthening the resilience of non-red supply chains, and promoting mutual prosperity and development. A translation of President Lai’s remarks follows: I would like to welcome all the members of the Japanese Diet who are using their valuable Golden Week vacation to visit Taiwan, especially House of Representatives Member Nishimura Yasutoshi, whom former Prime Minister Shinzo Abe deeply trusted and relied on, and who for many years held important cabinet positions. This is his first visit after a hiatus of 17 years, so I am sure he will sense Taiwan’s progress and development. House of Representatives Member Tanaka Kazunori has long promoted local exchanges between Taiwan and Japan, and I hope that our visitors will all gain a deeper understanding of Taiwan through this visit. Yesterday, several of our distinguished guests made a special trip to Kaohsiung to pay their respects at the statue of former Prime Minister Abe, a visionary politician with a broad, international perspective. The former prime minister pioneered the vision of a free and open Indo-Pacific, and once said that “if Taiwan has a problem, then Japan has a problem,” demonstrating strong support for Taiwan and making a deep and lasting impression on the hearts of Taiwanese. Over the past few years, China has continuously conducted military exercises in the Taiwan Strait, East and South China Seas, and carried out acts of gray-zone aggression against neighboring countries, severely undermining regional peace and stability. Taiwan and Japan, both located in the first island chain, should strengthen cooperation and respond together. Especially since Taiwan and Japan are democratic partners who share values such as freedom, democracy, and respect for human rights, if we can strengthen cooperation in areas such as maritime security, social resilience, and addressing gray-zone aggression, I am confident we can demonstrate the strength of deterrence, ensure peace and stability in the Indo-Pacific region, and safeguard our cherished democratic institutions. I would like to take this opportunity to thank the Japanese government for continuously speaking up for Taiwan at international venues, including this year’s US-Japan leaders’ summit, the G7 foreign ministers’ joint statement, and the Japan-NATO bilateral meeting, reiterating the importance of peace and stability in the Taiwan Strait and expressing opposition to unilaterally changing the status quo by force or coercion. In the face of global economic and trade changes, economic security is becoming increasingly important, and Taiwan looks forward to further deepening economic cooperation with Japan. In addition to actively seeking to participate in the Comprehensive and Progressive Agreement for Trans-Pacific Partnership (CPTPP), Taiwan hopes to sign an economic partnership agreement (EPA) with Japan as soon as possible. This will expand our cooperation in industries such as semiconductors, hydrogen energy, AI, and drones, establish a closer economic partnership, jointly strengthen the resilience of non-red supply chains, and promote mutual prosperity and development. Once again, I welcome all of our guests. I am deeply grateful for your taking concrete action to deepen Taiwan-Japan relations and show support for Taiwan. I wish you a successful and rewarding visit. Representative Nishimura then delivered remarks, first thanking President Lai for taking time out of his busy schedule to meet with the visiting delegation. He also expressed admiration for the performance of President Lai’s government, which has allowed Taiwan to develop smoothly amidst the current complex international situation. Representative Nishimura mentioned that when former Prime Minister Abe unfortunately passed away in 2020, President Lai, who was vice president at the time, personally visited the former prime minister’s residence to offer his condolences. The representative said that including that meeting, today is the second time he and President Lai have met. This delegation’s visit to Taiwan, he said, carries on the legacy of former Prime Minister Abe. He said that Taiwan and Japan are countries that share universal values and have close ties in terms of economic cooperation and mutual visits. Notably, he highlighted, in 2024, business travelers from Taiwan made over six million visits to Japan, and based on population, Taiwan has the highest percentage of visitors to Japan. He also expressed hope that more Japanese people will visit Taiwan for tourism. Representative Nishimura stated that the delegation visited Kaohsiung yesterday to pay their respects at the statue of former Prime Minister Abe. Then, he said, they traveled to Tainan to sample a wide variety of fruits and local delicacies, during which time they also discussed the Wushantou Reservoir, built by Japanese engineer Hatta Yoichi. Since May 8 is the anniversary of Mr. Hatta’s birth, Representative Nishimura said he hopes to use this opportunity to continue Mr. Hatta’s concern and love for Taiwan, and further deepen the friendship between Taiwan and Japan. Representative Nishimura said that when he served as Japan’s Minister of Economy, Trade, and Industry, he welcomed Taiwan’s application to join the CPTPP on behalf of the Japanese government. He also said that his government has also provided substantial assistance for the establishment of Taiwan Semiconductor Manufacturing Company’s (TSMC) fab in Kumamoto, Japan. He said he believes that mutual cooperation between Taiwan and Japan in the semiconductor sector can further promote semiconductor industry development, and build a more resilient supply chain system. Representative Nishimura pointed out that former Prime Minister Abe once said, “If Taiwan has a problem, then Japan has a problem.” Currently, many European countries are also very concerned about peace and stability in the Asia-Pacific region, because it is crucial to peace and stability in the entire international community. It can therefore be said that “if Taiwan has a problem, the world has a problem.” He said he believes that in order to maintain peace and stability in the Taiwan Strait, like-minded countries and allied nations must all cooperate closely and definitively proclaim that message. He then said he looks forward to exchanging views with President Lai on issues such as strengthening Taiwan-Japan relations and changes in the international situation. The delegation also included Chairman of Kanagawa Prefecture Japan-Taiwan Friendship Association Matsumoto Jun, Japanese House of Representatives members Nishime Kosaburo, Sasaki Hajime, Yana Kazuo, and Katou Ryusho, and Japan-Taiwan Exchange Association Taipei Office Chief Representative Katayama Kazuyuki.

Details
2025-05-20
President Lai interviewed by Nippon Television and Yomiuri TV
In a recent interview on Nippon Television’s news zero program, President Lai Ching-te responded to questions from host Mr. Sakurai Sho and Yomiuri TV Shanghai Bureau Chief Watanabe Masayo on topics including reflections on his first year in office, cross-strait relations, China’s military threats, Taiwan-United States relations, and Taiwan-Japan relations. The interview was broadcast on the evening of May 19. During the interview, President Lai stated that China intends to change the world’s rules-based international order, and that if Taiwan were invaded, global supply chains would be disrupted. Therefore, he said, Taiwan will strengthen its national defense, prevent war by preparing for war, and achieve the goal of peace. The president also noted that Taiwan’s purpose for developing drones is based on national security and industrial needs, and that Taiwan hopes to collaborate with Japan. He then reiterated that China’s threats are an international problem, and expressed hope to work together with the US, Japan, and others in the global democratic community to prevent China from starting a war. Following is the text of the questions and the president’s responses: Q: How do you feel as you are about to round out your first year in office? President Lai: When I was young, I was determined to practice medicine and save lives. When I left medicine to go into politics, I was determined to transform Taiwan. And when I was sworn in as president on May 20 last year, I was determined to strengthen the nation. Time flies, and it has already been a year. Although the process has been very challenging, I am deeply honored to be a part of it. I am also profoundly grateful to our citizens for allowing me the opportunity to give back to our country. The future will certainly be full of more challenges, but I will do everything I can to unite the people and continue strengthening the nation. That is how I am feeling now. Q: We are now coming up on the 80th anniversary of the end of World War II, and over this period, we have often heard that conflict between Taiwan and the mainland is imminent. Do you personally believe that a cross-strait conflict could happen? President Lai: The international community is very much aware that China intends to replace the US and change the world’s rules-based international order, and annexing Taiwan is just the first step. So, as China’s military power grows stronger, some members of the international community are naturally on edge about whether a cross-strait conflict will break out. The international community must certainly do everything in its power to avoid a conflict in the Taiwan Strait; there is too great a cost. Besides causing direct disasters to both Taiwan and China, the impact on the global economy would be even greater, with estimated losses of US$10 trillion from war alone – that is roughly 10 percent of the global GDP. Additionally, 20 percent of global shipping passes through the Taiwan Strait and surrounding waters, so if a conflict breaks out in the strait, other countries including Japan and Korea would suffer a grave impact. For Japan and Korea, a quarter of external transit passes through the Taiwan Strait and surrounding waters, and a third of the various energy resources and minerals shipped back from other countries pass through said areas. If Taiwan were invaded, global supply chains would be disrupted, and therefore conflict in the Taiwan Strait must be avoided. Such a conflict is indeed avoidable. I am very thankful to Prime Minister of Japan Ishiba Shigeru and former Prime Ministers Abe Shinzo, Suga Yoshihide, and Kishida Fumio, as well as US President Donald Trump and former President Joe Biden, and the other G7 leaders, for continuing to emphasize at international venues that peace and stability across the Taiwan Strait are essential components for global security and prosperity. When everyone in the global democratic community works together, stacking up enough strength to make China’s objectives unattainable or to make the cost of invading Taiwan too high for it to bear, a conflict in the strait can naturally be avoided. Q: As you said, President Lai, maintaining peace and stability across the Taiwan Strait is also very important for other countries. How can war be avoided? What sort of countermeasures is Taiwan prepared to take to prevent war? President Lai: As Mr. Sakurai mentioned earlier, we are coming up on the 80th anniversary of the end of WWII. There are many lessons we can take from that war. First is that peace is priceless, and war has no winners. From the tragedies of WWII, there are lessons that humanity should learn. We must pursue peace, and not start wars blindly, as that would be a major disaster for humanity. In other words, we must be determined to safeguard peace. The second lesson is that we cannot be complacent toward authoritarian powers. If you give them an inch, they will take a mile. They will keep growing, and eventually, not only will peace be unattainable, but war will be inevitable. The third lesson is why WWII ended: It ended because different groups joined together in solidarity. Taiwan, Japan, and the Indo-Pacific region are all directly subjected to China’s threats, so we hope to be able to join together in cooperation. This is why we proposed the Four Pillars of Peace action plan. First, we will strengthen our national defense. Second, we will strengthen economic resilience. Third is standing shoulder to shoulder with the democratic community to demonstrate the strength of deterrence. Fourth is that as long as China treats Taiwan with parity and dignity, Taiwan is willing to conduct exchanges and cooperate with China, and seek peace and mutual prosperity. These four pillars can help us avoid war and achieve peace. That is to say, Taiwan hopes to achieve peace through strength, prevent war by preparing for war, keeping war from happening and pursuing the goal of peace. Q: Regarding drones, everyone knows that recently, Taiwan has been actively researching, developing, and introducing drones. Why do you need to actively research, develop, and introduce new drones at this time? President Lai: This is for two purposes. The first is to meet national security needs. The second is to meet industrial development needs. Because Taiwan, Japan, and the Philippines are all part of the first island chain, and we are all democratic nations, we cannot be like an authoritarian country like China, which has an unlimited national defense budget. In this kind of situation, island nations such as Taiwan, Japan, and the Philippines should leverage their own technologies to develop national defense methods that are asymmetric and utilize unmanned vehicles. In particular, from the Russo-Ukrainian War, we see that Ukraine has successfully utilized unmanned vehicles to protect itself and prevent Russia from unlimited invasion. In other words, the Russo-Ukrainian War has already proven the importance of drones. Therefore, the first purpose of developing drones is based on national security needs. Second, the world has already entered the era of smart technology. Whether generative, agentic, or physical, AI will continue to develop. In the future, cars and ships will also evolve into unmanned vehicles and unmanned boats, and there will be unmanned factories. Drones will even be able to assist with postal deliveries, or services like Uber, Uber Eats, and foodpanda, or agricultural irrigation and pesticide spraying. Therefore, in the future era of comprehensive smart technology, developing unmanned vehicles is a necessity. Taiwan, based on industrial needs, is actively planning the development of drones and unmanned vehicles. I would like to take this opportunity to express Taiwan’s hope to collaborate with Japan in the unmanned vehicle industry. Just as we do in the semiconductor industry, where Japan has raw materials, equipment, and technology, and Taiwan has wafer manufacturing, our two countries can cooperate. Japan is a technological power, and Taiwan also has significant technological strengths. If Taiwan and Japan work together, we will not only be able to safeguard peace and stability in the Taiwan Strait and security in the Indo-Pacific region, but it will also be very helpful for the industrial development of both countries. Q: The drones you just described probably include examples from the Russo-Ukrainian War. Taiwan and China are separated by the Taiwan Strait. Do our drones need to have cross-sea flight capabilities? President Lai: Taiwan does not intend to counterattack the mainland, and does not intend to invade any country. Taiwan’s drones are meant to protect our own nation and territory. Q: Former President Biden previously stated that US forces would assist Taiwan’s defense in the event of an attack. President Trump, however, has yet to clearly state that the US would help defend Taiwan. Do you think that in such an event, the US would help defend Taiwan? Or is Taiwan now trying to persuade the US? President Lai: Former President Biden and President Trump have answered questions from reporters. Although their responses were different, strong cooperation with Taiwan under the Biden administration has continued under the Trump administration; there has been no change. During President Trump’s first term, cooperation with Taiwan was broader and deeper compared to former President Barack Obama’s terms. After former President Biden took office, cooperation with Taiwan increased compared to President Trump’s first term. Now, during President Trump’s second term, cooperation with Taiwan is even greater than under former President Biden. Taiwan-US cooperation continues to grow stronger, and has not changed just because President Trump and former President Biden gave different responses to reporters. Furthermore, the Trump administration publicly stated that in the future, the US will shift its strategic focus from Europe to the Indo-Pacific. The US secretary of defense even publicly stated that the primary mission of the US is to prevent China from invading Taiwan, maintain stability in the Indo-Pacific, and thus maintain world peace. There is a saying in Taiwan that goes, “Help comes most to those who help themselves.” Before asking friends and allies for assistance in facing threats from China, Taiwan must first be determined and prepared to defend itself. This is Taiwan’s principle, and we are working in this direction, making all the necessary preparations to safeguard the nation. Q: I would like to ask you a question about Taiwan-Japan relations. After the Great East Japan Earthquake in 2011, you made an appeal to give Japan a great deal of assistance and care. In particular, you visited Sendai to offer condolences. Later, you also expressed condolences and concern after the earthquakes in Aomori and Kumamoto. What are your expectations for future Taiwan-Japan exchanges and development? President Lai: I come from Tainan, and my constituency is in Tainan. Tainan has very deep ties with Japan, and of course, Taiwan also has deep ties with Japan. However, among Taiwan’s 22 counties and cities, Tainan has the deepest relationship with Japan. I sincerely hope that both of you and your teams will have an opportunity to visit Tainan. I will introduce Tainan’s scenery, including architecture from the era of Japanese rule, Tainan’s cuisine, and unique aspects of Tainan society, and you can also see lifestyles and culture from the Showa era. The Wushantou Reservoir in Tainan was completed by engineer Mr. Hatta Yoichi from Kanazawa, Japan and the team he led to Tainan after he graduated from then-Tokyo Imperial University. It has nearly a century of history and is still in use today. This reservoir, along with the 16,000-km-long Chianan Canal, transformed the 150,000-hectare Chianan Plain into Taiwan’s premier rice-growing area. It was that foundation in agriculture that enabled Taiwan to develop industry and the technology sector of today. The reservoir continues to supply water to Tainan Science Park. It is used by residents of Tainan, the agricultural sector, and industry, and even the technology sector in Xinshi Industrial Park, as well as Taiwan Semiconductor Manufacturing Company. Because of this, the people of Tainan are deeply grateful for Mr. Hatta and very friendly toward the people of Japan. A major earthquake, the largest in 50 years, struck Tainan on February 6, 2016, resulting in significant casualties. As mayor of Tainan at the time, I was extremely grateful to then-Prime Minister Abe, who sent five Japanese officials to the disaster site in Tainan the day after the earthquake. They were very thoughtful and asked what kind of assistance we needed from the Japanese government. They offered to provide help based on what we needed. I was deeply moved, as former Prime Minister Abe showed such care, going beyond the formality of just sending supplies that we may or may not have actually needed. Instead, the officials asked what we needed and then provided assistance based on those needs, which really moved me. Similarly, when the Great East Japan Earthquake of 2011 or the later Kumamoto earthquakes struck, the people of Tainan, under my leadership, naturally and dutifully expressed their support. Even earlier, when central Taiwan was hit by a major earthquake in 1999, Japan was the first country to deploy a rescue team to the disaster area. On February 6, 2018, after a major earthquake in Hualien, former Prime Minister Abe appeared in a video holding up a message of encouragement he had written in calligraphy saying “Remain strong, Taiwan.” All of Taiwan was deeply moved. Over the years, Taiwan and Japan have supported each other when earthquakes struck, and have forged bonds that are family-like, not just neighborly. This is truly valuable. In the future, I hope Taiwan and Japan can be like brothers, and that the peoples of Taiwan and Japan can treat one another like family. If Taiwan has a problem, then Japan has a problem; if Japan has a problem, then Taiwan has a problem. By caring for and helping each other, we can face various challenges and difficulties, and pursue a brighter future. Q: President Lai, you just used the phrase “If Taiwan has a problem, then Japan has a problem.” In the event that China attempts to invade Taiwan by force, what kind of response measures would you hope the US military and Japan’s Self-Defense Forces take? President Lai: As I just mentioned, annexing Taiwan is only China’s first step. Its ultimate objective is to change the rules-based international order. That being the case, China’s threats are an international problem. So, I would very much hope to work together with the US, Japan, and others in the global democratic community to prevent China from starting a war – prevention, after all, is more important than cure.

MIL OSI Asia Pacific News –

May 21, 2025

FUND NAME	TICKER	CUSIP
GraniteShares YieldBOOST NVDA ETF	NVYY	38747R637
GraniteShares YieldBOOST Bitcoin ETF	XBTY	38747R421

Category: Ukraine

UK and South Korea sign first of its kind agreement to support global infrastructure development and Ukraine’s reconstruction

Background

Share this page

Updates to this page

Russia’s power plays are expanding globally

Reviving Russia literacy

Executive Summary

Introduction

Description of Targets

Initial Access TTPs

Credential Guessing/Brute Force

Spearphishing

CVE Usage

Post-Compromise TTPs

Malware

Persistence

Exfiltration

Connections to Targeting of IP Cameras

Mitigation Actions

General Security Mitigations

IP Camera Mitigations

Indicators of Compromise (IOCs)

Utilities and scripts

Outlook CVE Exploitation IOCs

Commonly Used Webmail Providers

Malicious Archive Filenames Involving CVE-2023-38831

Brute Forcing IP Addresses

Detections

Customized NTLM listener

HEADLACE shortcut

HEADLACE credential dialogbox phishing

HEADLACE core script

MASEPIE

STEELHOOK

PSEXEC

Further Reference

Works Cited

Disclaimer of endorsement

Purpose

Contact

Appendix B: CVEs exploited

Appendix C: MITRE D3FEND Countermeasures

Moving on

UK reaffirms support for Ukraine, tightens sanctions on Russia, and urges ceasefire: UK statement to the OSCE

Updates to this page

Invasion of Ukraine

Executive Summary

Introduction

Description of Targets

Initial Access TTPs

Credential Guessing/Brute Force

Spearphishing

CVE Usage

Post-Compromise TTPs

Malware

Persistence

Exfiltration

Connections to Targeting of IP Cameras

Mitigation Actions

General Security Mitigations

IP Camera Mitigations

Indicators of Compromise (IOCs)

Utilities and scripts

Outlook CVE Exploitation IOCs

Commonly Used Webmail Providers

Malicious Archive Filenames Involving CVE-2023-38831

Brute Forcing IP Addresses

Detections

Customized NTLM listener

HEADLACE shortcut

HEADLACE credential dialogbox phishing

HEADLACE core script

MASEPIE

STEELHOOK

PSEXEC

Further Reference

Works Cited

Disclaimer of endorsement

Purpose