{"id":2771,"date":"2024-03-22T12:44:37","date_gmt":"2024-03-22T17:44:37","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=79866"},"modified":"2024-03-22T12:44:37","modified_gmt":"2024-03-22T17:44:37","slug":"german-political-party-targeted-by-svr-linked-group-in-spearphishing-campaign-mandiant-says","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2024\/03\/22\/german-political-party-targeted-by-svr-linked-group-in-spearphishing-campaign-mandiant-says\/","title":{"rendered":"German political party targeted by SVR-linked group in spearphishing campaign, Mandiant says"},"content":{"rendered":"<p><head> <meta charset=\"UTF-8\"> <meta name=\"viewport\" content=\"width=device-width, initial-scale=1\"> <meta name=\"robots\" content=\"index, follow, max-image-preview:large, max-snippet:-1, max-video-preview:-1\"> <!-- This site is optimized with the Yoast SEO Premium plugin v21.7 (Yoast SEO v21.7) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ --> <title>German political party targeted by SVR-linked group in spearphishing campaign, Mandiant says | CyberScoop<\/title> <meta name=\"description\" content=\"The hacking group, with ties to the Russian SVR, may have been trying to glean insights on shifting European sentiments on Ukraine, threat analysts suggest.\"> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/cozy-bear-russia-spearphishing-germany\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"German political party targeted by SVR-linked group in spearphishing campaign, Mandiant says\"> <meta property=\"og:description\" content=\"The hacking group, with ties to the Russian SVR, may have been trying to glean insights on shifting European sentiments on Ukraine, threat analysts suggest.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/cozy-bear-russia-spearphishing-germany\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:published_time\" content=\"2024-03-22T17:44:37+00:00\"> <meta property=\"article:modified_time\" content=\"2024-03-22T17:52:50+00:00\"> <meta property=\"og:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/03\/german-political-party-targeted-by-svr-linked-group-in-spearphishing-campaign-mandiant-says-2.jpg\"> <meta property=\"og:image:width\" content=\"1024\"> <meta property=\"og:image:height\" content=\"683\"> <meta property=\"og:image:type\" content=\"image\/jpeg\"> <meta name=\"author\" content=\"djohnson\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <!-- \/ Yoast SEO Premium plugin. --> <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1710875768g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress-next\/dist\/css\/related-posts-block-styles.min.css?m=1711039170g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1710430945g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=74528d75ce0daeb8628a\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/79866\"><link rel=\"EditURI\" type=\"application\/rsd+xml\" title=\"RSD\" href=\"https:\/\/cyberscoop.com\/xmlrpc.php?rsd\">\n<meta name=\"generator\" content=\"WordPress 6.4.3\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=79866\">\n<link rel=\"alternate\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fcozy-bear-russia-spearphishing-germany%2F\">\n<link rel=\"alternate\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fcozy-bear-russia-spearphishing-germany%2F&amp;format=xml\"> <!-- Google Tag Manager --> <!-- End Google Tag Manager --> <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"post-template-default single single-post postid-79866 single-format-standard\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/cozy-bear-russia-spearphishing-germany\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--newsletter js-stickybar\" readability=\"0.82\"> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"25.672131147541\">\n<div class=\"single-article__header-content\" readability=\"30.313253012048\">\n<ul class=\"single-article__eyebrow\">\n<li class=\"single-article__category\"> <a class=\"single-article__category-link\" href=\"https:\/\/cyberscoop.com\/news\/geopolitics\/\"> <span>Geopolitics<\/span> <\/a> <\/li>\n<\/ul>\n<p> The group may have been seeking insights on shifting European sentiments on Ukraine, threat analysts suggest. <\/p>\n<\/p><\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"427\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/03\/german-political-party-targeted-by-svr-linked-group-in-spearphishing-campaign-mandiant-says.jpg?resize=640%2C427&#038;ssl=1\" class=\"single-article__cover-image wp-post-image\" alt decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/03\/german-political-party-targeted-by-svr-linked-group-in-spearphishing-campaign-mandiant-says-2.jpg 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/03\/german-political-party-targeted-by-svr-linked-group-in-spearphishing-campaign-mandiant-says-2.jpg?resize=300,200 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/03\/german-political-party-targeted-by-svr-linked-group-in-spearphishing-campaign-mandiant-says-2.jpg?resize=768,512 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/03\/german-political-party-targeted-by-svr-linked-group-in-spearphishing-campaign-mandiant-says-2.jpg?resize=600,400 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/03\/german-political-party-targeted-by-svr-linked-group-in-spearphishing-campaign-mandiant-says-2.jpg?resize=252,168 252w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/03\/german-political-party-targeted-by-svr-linked-group-in-spearphishing-campaign-mandiant-says-2.jpg?resize=505,337 505w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/03\/german-political-party-targeted-by-svr-linked-group-in-spearphishing-campaign-mandiant-says-2.jpg?resize=1012,675 1012w\" sizes=\"(max-width: 1012px) 100vw, 1012px\"><figcaption> People form a peace sign with candles ahead of a rally marking the eve of the second anniversary of Russia&#8217;s invasion of Ukraine, in front of the Reichstag, the building housing the Bundestag (German lower house of parliament) in Berlin on Feb. 23, 2024. (Photo by ODD ANDERSEN\/AFP via Getty Images) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"52.724409448819\"><body readability=\"106.30747867487\"><\/p>\n<p>A hacking group linked to Russia\u2019s Foreign Intelligence Service (SVR) known for targeting governments, embassies and diplomatic missions for political intelligence has expanded its targeting to German political parties, according to <a href=\"https:\/\/www.mandiant.com\/resources\/blog\/apt29-wineloader-german-political-parties\">new research<\/a> from Mandiant.<\/p>\n<p>Mandiant, part of Google Cloud, said it discovered the campaign in late February, when the hackers \u2014 part of a subgroup of APT29, also known as Cozy Bear and Midnight Blizzard \u2014 sent spearphishing emails to victims that detailed a dinner invitation and used the logo of the Christian Democratic Union, a major center-right party in Germany. Those emails carried links to a compromised website that delivered a malicious dropper payload, dubbed ROOTSAW, which directed users to another lure document that could implant a backdoor via second-stage malware called WINELOADER.<\/p>\n<p>Mandiant believes WINELOADER to be a variant of bespoke malware families that are unique to APT29. It has significant overlaps with other malware code associated with the SVR and was last seen in a previous operation in January targeting diplomatic organizations in Germany, Italy, Czechia, Latvia, India and Peru.<\/p>\n<p>Mandiant said this is the first time they have witnessed this specific cluster of APT29 expanding its remit to target political parties, and given the group\u2019s historical interest in espionage and obtaining political intelligence on Western policymakers, could present a broader threat to other parties in Germany, Europe and the West as well as their downstream technology providers.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>\u201cThere is no reason to believe this activity is limited to any single party or country,\u201d John Hultquist, chief analyst at Mandiant Intelligence and Google Cloud, said in a statement.<\/p>\n<p>In an email to CyberScoop, a CDU spokesperson said the party \u201chas already faced digital attacks from both domestic and foreign actors in the past. In this case, too, we received very prompt information about the attack, which we are constantly following up. In cooperation with the relevant authorities, we are working continuously to keep our systems resilient to digital threats and attacks. There was no official CDU dinner on March 1, the event was fictitious.\u201d<\/p>\n<figure class=\"wp-block-image size-full\"><img data-recalc-dims=\"1\" decoding=\"async\" width=\"640\" height=\"612\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/03\/german-political-party-targeted-by-svr-linked-group-in-spearphishing-campaign-mandiant-says.png?resize=640%2C612&#038;ssl=1\" alt class=\"wp-image-79872\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/03\/german-political-party-targeted-by-svr-linked-group-in-spearphishing-campaign-mandiant-says.png 786w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/03\/german-political-party-targeted-by-svr-linked-group-in-spearphishing-campaign-mandiant-says.png?resize=300,287 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/03\/german-political-party-targeted-by-svr-linked-group-in-spearphishing-campaign-mandiant-says.png?resize=768,734 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/03\/german-political-party-targeted-by-svr-linked-group-in-spearphishing-campaign-mandiant-says.png?resize=600,573 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/03\/german-political-party-targeted-by-svr-linked-group-in-spearphishing-campaign-mandiant-says.png?resize=176,168 176w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/03\/german-political-party-targeted-by-svr-linked-group-in-spearphishing-campaign-mandiant-says.png?resize=353,337 353w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/03\/german-political-party-targeted-by-svr-linked-group-in-spearphishing-campaign-mandiant-says.png?resize=706,675 706w\" sizes=\"(max-width: 786px) 100vw, 786px\"><\/figure>\n<p><em>Mandiant-provided image of the lure document redirecting victims to an APT29-controlled and compromised WordPress website hosting ROOTSAW<\/em>.<\/p>\n<p>The SVR and Cozy Bear are also believed to have been behind the 2020 hack of SolarWinds, an IT management software company whose product was deeply embedded in U.S. federal agencies and commercial industry. That operation, which compromised the build environment for a legitimate software update sent out to 18,000 SolarWinds customers, <a href=\"https:\/\/cyberscoop.com\/solarwinds-supply-chain-treasury-commerce-espionage\/\">resulted<\/a> in the widespread compromise of at least nine federal agencies and 100 companies, <a href=\"https:\/\/cyberscoop.com\/fireeye-russia-solarwinds-kevin-mandia-postcard\/\">including FireEye<\/a>, the company that was home to Mandiant\u2019s threat intelligence work until it split off and was purchased by Google in 2022.&nbsp;&nbsp;<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Mandiant suspects the operation targeting the CDU is part of a larger push by Russian intelligence to glean insights into shifting Western policymaking and sentiments, particularly around issues like the war in Ukraine, where Germany and other European countries have been staunch supporters and financial backers of Kyiv, sending tens of billions of dollars in weapons, ammunition, and other funding to the beleaguered country as it seeks to fend off Russian troops.<\/p>\n<p>But there are signs that European support <a href=\"https:\/\/www.foreignaffairs.com\/eastern-europe-and-former-soviet-union\/europes-emerging-war-fatigue\">could be waning<\/a> as the war enters its third year, and as gas prices and other essential costs have risen as a result of the conflict, far-right parties less sympathetic to the Ukrainian cause <a href=\"https:\/\/www.theguardian.com\/world\/2023\/jun\/30\/far-right-on-the-march-europe-growing-taste-for-control-and-order#:~:text=But%20now%20across%20western%20Europe,ministerial%20roles%20in%20coalition%20governments.\">have been ascendant<\/a> in elections and polling across the continent.<\/p>\n<p>\u201cOutside of Ukraine, there is no bigger priority for Russia\u2019s intelligence services right now than monitoring changing Western political dynamics,\u201d said Dan Black, a principal analyst at Mandiant. \u201cThis latest targeting is not just about going after the CDU or Germany; it is part of Russia\u2019s wider effort aimed at finding ways to undermine European support for Ukraine.\u201d&nbsp;<\/p>\n<p>Black told CyberScoop in an email Friday that Mandiant independently identified the campaign as part of its regular monitoring of SVR operations, whereupon they moved to notify the CDU. The lure was designed to ensnare not only members of the CDU, but also other parties that may interact with them, including other political parties. Black declined to answer whether Mandiant observed any victims clicking on the malicious links.&nbsp;<\/p>\n<p>In addition to compromising political parties for policymaking insights, Cozy Bear may also try to use their access to infect downstream cloud providers and their customers. According to an <a href=\"https:\/\/www.ncsc.gov.uk\/news\/svr-cyber-actors-adapt-tactics-for-initial-cloud-access\">advisory<\/a> from the UK\u2019s National Cyber Security Centre in February, the SVR was observed using password spraying, brute forcing and cloud-based authentication tokens in attempts to gain access to service accounts for victim cloud environments, where they can register their own devices and burrow in for further operations.<\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\" readability=\"3.6117216117216\">\n<div class=\"author-card\" readability=\"13\">\n<div class=\"author-card__avatar\">\n<figure class=\"author-card__image-wrap\"> <img data-recalc-dims=\"1\" decoding=\"async\" class=\"author-card__image\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/03\/german-political-party-targeted-by-svr-linked-group-in-spearphishing-campaign-mandiant-says-1.jpg?w=640&#038;ssl=1\" alt=\"Derek B. Johnson\"> <\/figure>\n<\/p><\/div>\n<p><h4 class=\"author-card__name\">Written by Derek B. Johnson<\/h4>\n<p> Derek B. Johnson is a reporter at CyberScoop, where his beat includes cybersecurity, elections and the federal government. Prior to that, he has provided award-winning coverage of cybersecurity news across the public and private sectors for various publications since 2017. Derek has a bachelor\u2019s degree in print journalism from Hofstra University in New York and a master\u2019s degree in public policy from George Mason University in Virginia. <\/p>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<p> <!-- .popular-stories__stories --> <\/div>\n<p><!-- .popular-stories__inner -->\n<\/div>\n<p><!-- .popular-stories --> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Geopolitics<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p> <!-- Start of HubSpot Embed Code --> <!-- End of HubSpot Embed Code --> <\/body> <a href=\"https:\/\/cyberscoop.com\/cozy-bear-russia-spearphishing-germany\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>German political party targeted by SVR-linked group in spearphishing campaign,<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[1732,302,1733,117,168,646,270,1011,1387],"tags":[1734,306,1735,119,169,650,276,1013,1389],"class_list":["post-2771","post","type-post","status-publish","format-standard","hentry","category-cozy-bear","category-geopolitics","category-germany","category-government","category-malware","category-mandiant","category-russia","category-spearphishing","category-svr","tag-cozy-bear","tag-geopolitics","tag-germany","tag-government","tag-malware","tag-mandiant","tag-russia","tag-spearphishing","tag-svr"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cozy-bear\/\" rel=\"category tag\">Cozy Bear<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/geopolitics\/\" rel=\"category tag\">Geopolitics<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/germany\/\" rel=\"category tag\">germany<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/government\/\" rel=\"category tag\">Government<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/malware\/\" rel=\"category tag\">Malware<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/mandiant\/\" rel=\"category tag\">Mandiant<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/russia\/\" rel=\"category tag\">Russia<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/spearphishing\/\" rel=\"category tag\">spearphishing<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/svr\/\" rel=\"category tag\">SVR<\/a>","tag_info":"SVR","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/2771","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=2771"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/2771\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=2771"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=2771"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=2771"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}