Russian state threat group shifts focus to US, UK targets | CyberScoop<\/title> <meta name=\"description\" content=\"A subgroup of Seashell Blizzard exploited public vulnerabilities in internet-facing systems, Microsoft researchers said.\"> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/russian-state-threat-group-shifts-focus\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"Russian state threat group shifts focus to US, UK targets\"> <meta property=\"og:description\" content=\"A subgroup of Seashell Blizzard exploited public vulnerabilities in internet-facing systems, Microsoft researchers said.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/russian-state-threat-group-shifts-focus\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:published_time\" content=\"2025-02-12T17:58:47+00:00\"> <meta property=\"article:modified_time\" content=\"2025-02-12T17:58:50+00:00\"> <meta property=\"og:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/02\/russian-state-threat-group-shifts-focus-to-us-uk-targets-2.jpg\"> <meta property=\"og:image:width\" content=\"1920\"> <meta property=\"og:image:height\" content=\"1196\"> <meta property=\"og:image:type\" content=\"image\/jpeg\"> <meta name=\"author\" content=\"Matt Kapko\"> <meta name=\"twitter:card\" content=\"summary_large_image\">  <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1739294329g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress\/dist\/css\/related-posts-block-styles.min.css?m=1736472017g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1739308213g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=5e4722b3d0055288d011\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" title=\"JSON\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/83483\"><link rel=\"EditURI\" type=\"application\/rsd+xml\" title=\"RSD\" href=\"https:\/\/cyberscoop.com\/xmlrpc.php?rsd\">\n<meta name=\"generator\" content=\"WordPress 6.7.2\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=83483\">\n<link rel=\"alternate\" title=\"oEmbed (JSON)\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Frussian-state-threat-group-shifts-focus%2F\">\n<link rel=\"alternate\" title=\"oEmbed (XML)\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Frussian-state-threat-group-shifts-focus%2F&format=xml\">   <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"post-template-default single single-post postid-83483 single-format-standard\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/russian-state-threat-group-shifts-focus\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--event js-stickybar\">\n<div class=\"stickybar__details\" readability=\"5.12\">\n<div class=\"stickybar__info js-sticky-bar-content\" readability=\"32\">\n<p>Nominations can be submitted for the 2025 CyberScoop 50 awards!<\/p>\n<\/div>\n<p> <a class=\"stickybar__link button button-tertiary\" href=\"https:\/\/cyberscoop.com\/cyberscoop50\/\">Click here!<\/a> <\/div>\n<p> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"25.893048128342\">\n<div class=\"single-article__header-content\" readability=\"34.748677248677\">\n<ul class=\"single-article__eyebrow\">\n<li class=\"single-article__category\"> <a class=\"single-article__category-link\" href=\"https:\/\/cyberscoop.com\/russian-state-threat-group-shifts-focus\/\"> <span>Cybersecurity<\/span> <\/a> <\/li>\n<\/ul>\n<p> A subgroup of Seashell Blizzard exploited public vulnerabilities in internet-facing systems, Microsoft researchers said. <\/p>\n<p>  <br \/>\n<audio id=\"audio-player\" src=\"https:\/\/wp-tts-cdn.api.scpnewsgrp.com\/cyberscoop\/83483\/english.openai.mp3\"><\/audio> <\/p>\n<div readability=\"11\">\n<div>\n<p>Listen to this article<\/p>\n<p>  <\/p>\n<p>0:00<\/p>\n<\/p><\/div>\n<p>  <\/p>\n<p> <span id=\"tts-tooltip\">Learn more.<\/span> <span> This feature uses an automated voice, which may result in occasional errors in pronunciation, tone, or sentiment. <\/span> <\/p>\n<\/div>\n<p>  <\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"399\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/02\/russian-state-threat-group-shifts-focus-to-us-uk-targets.jpg?resize=640%2C399&ssl=1\" class=\"single-article__cover-image wp-post-image\" alt decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/02\/russian-state-threat-group-shifts-focus-to-us-uk-targets-2.jpg 1920w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/02\/russian-state-threat-group-shifts-focus-to-us-uk-targets-2.jpg?resize=300,187 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/02\/russian-state-threat-group-shifts-focus-to-us-uk-targets-2.jpg?resize=768,478 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/02\/russian-state-threat-group-shifts-focus-to-us-uk-targets-2.jpg?resize=1024,638 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/02\/russian-state-threat-group-shifts-focus-to-us-uk-targets-2.jpg?resize=1536,957 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/02\/russian-state-threat-group-shifts-focus-to-us-uk-targets-2.jpg?resize=600,374 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/02\/russian-state-threat-group-shifts-focus-to-us-uk-targets-2.jpg?resize=270,168 270w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/02\/russian-state-threat-group-shifts-focus-to-us-uk-targets-2.jpg?resize=541,337 541w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/02\/russian-state-threat-group-shifts-focus-to-us-uk-targets-2.jpg?resize=1084,675 1084w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/02\/russian-state-threat-group-shifts-focus-to-us-uk-targets-2.jpg?resize=1353,843 1353w\" sizes=\"(max-width: 1084px) 100vw, 1084px\"><figcaption> Cars drive past the headquarters of the Russian General Staff’s Main Intelligence Department (GRU) in Moscow on December 30, 2016. (Photo by NATALIA KOLESNIKOVA\/AFP via Getty Images) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"47.071428571429\"><body readability=\"95.662884927066\"><\/p>\n<p>A subgroup of Seashell Blizzard has shifted its focus to targets in the U.S., Canada, Australia and the U.K. within the past year, expanding the scope of its malicious activity, Microsoft\u2019s threat intelligence team said in a <a href=\"https:\/\/aka.ms\/Seashell-Blizzard-initial-access-subgroup\">report<\/a> released Wednesday.<\/p>\n<p>The initial-access operation, which Microsoft tracks as the \u201cBadPilot campaign,\u201d has allowed the Russian state threat group \u2014 commonly known as Sandworm, which operates on behalf of the Russian Military Intelligence Unit 74455 (GRU) \u2014 to establish long-term persistence on affected systems to steal credentials, execute commands and achieve lateral movement since at least 2021.<\/p>\n<p>The subgroup\u2019s activities enabled at least three destructive cyberattacks in Ukraine since 2023, but additional capabilities and publicly available exploits for internet-facing systems provided the subgroup with access to more opportunistic targets that don\u2019t appear to align with Russia\u2019s strategic interests, according to Microsoft. <\/p>\n<p>\u201cThe concern with the activity we identified is that it shows a significant departure from Russia\u2019s typical operating behavior of narrowly-focused cyber operations,\u201d Sherrod DeGrippo, director of threat intelligence strategy at Microsoft, said in an email.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>\u201cThe activity has been indiscriminate at times, affecting a wide range of industries across numerous countries and regions, well outside the borders of Ukraine,\u201d she added.<\/p>\n<p>The subgroup gained access to a broader range of targets in the U.S. and U.K. since early 2024 by primarily exploiting vulnerabilities in ConnectWise ScreenConnect (<a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/cve-2024-1709\">CVE-2024-1709<\/a>) and Fortinet FortiClientEMS (<a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/cve-2023-48788\">CVE-2023-48788<\/a>), according to Microsoft.<\/p>\n<p>The subgroup\u2019s altered operations and widened targeting indicate a \u201cspray and pray\u201d approach that has allowed it to achieve compromises at scale, increasing the probability of gaining access to targets of strategic interest to Russia with limited tailored effort, Microsoft said in the report.<\/p>\n<p>Microsoft\u2019s threat researchers observed significant post-compromise activity in cases when the subgroup acquired access to a target of strategic importance. <\/p>\n<p>\u201cThis global exploitation activity has helped Russian intelligence gain access to sensitive industries in numerous locations around the world,\u201d DeGrippo said. \u201cHistorically, Seashell Blizzard\u2019s operations are assessed to be a key component of Russia\u2019s overall strategy for destabilizing western institutions and emerging or established democracies, and has been one of the lead threat actors we see operational in Ukraine since the 2022 invasion.\u201d<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Microsoft said the BadPilot campaign has enabled Seashell Blizzard to obtain access to global targets supporting critical infrastructure sectors, including energy, oil and gas, telecommunications, weapons manufacturing and international governments. The company\u2019s threat intelligence team did not provide details about how many organizations have been impacted by the subgroup\u2019s activities or the types of sectors compromised in the U.S. and U.K.<\/p>\n<p>\u201cThis subgroup has leveraged exploiting a variety of recent public vulnerabilities since late 2021, this shows a focus on being agile and keeping track of new CVEs as a potential way to gain access to targets quickly,\u201d DeGrippo said.<\/p>\n<p>Microsoft threat researchers have tracked the subgroup\u2019s exploits to at least eight vulnerabilities in server infrastructure commonly used in the perimeters of small office\/office and enterprise networks. Those exploits include <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/cve-2021-34473\">CVE-2021-34473<\/a> in Microsoft Exchange, <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/cve-2022-41352\">CVE-2022-41352<\/a> in Zimbra Collaboration, <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/cve-2023-32315\">CVE-2023-32315<\/a> in Openfire, <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/cve-2023-42793\">CVE-2023-42793<\/a> in JetBrains TeamCity, <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/cve-2023-23397\">CVE-2023-23397<\/a> in Microsoft Outlook, CVE-2024-1709 in ConnectWise ScreenConnect, CVE-2023-48788 in Fortinet FortiClientEMS and an unknown vulnerability in JBoss.<\/p>\n<p>All but one of the known exploited vulnerabilities are critical on the CVSS scale. Seashell Blizzard is also tracked by other security vendors as UAC-0113, BE2, Blue Echidna, PHANTOM, BlackEnergy Lite and APT44.<\/p>\n<p>Microsoft described Seashell Blizzard as \u201cRussia\u2019s cyber tip of the spear in Ukraine,\u201d and said the subgroup within the Russian state threat group will likely offer Russia expansive opportunities for niche operations and activities over the medium term.<\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\" readability=\"3.6970954356846\">\n<div class=\"author-card\" readability=\"14\">\n<div class=\"author-card__avatar\">\n<figure class=\"author-card__image-wrap\"> <img data-recalc-dims=\"1\" decoding=\"async\" class=\"author-card__image\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/02\/russian-state-threat-group-shifts-focus-to-us-uk-targets-1.jpg?w=640&ssl=1\" alt=\"Matt Kapko\"> <\/figure>\n<\/p><\/div>\n<p><h4 class=\"author-card__name\">Written by Matt Kapko<\/h4>\n<p> Matt Kapko is a reporter at CyberScoop. His beat includes cybercrime, ransomware, software defects and vulnerability (mis)management. The lifelong Californian started his journalism career in 2001 with previous stops at Cybersecurity Dive, CIO, SDxCentral and RCR Wireless News. Matt has a degree in journalism and history from Humboldt State University. <\/p>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<p>  <\/div>\n<p>\n<\/div>\n<p> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p>   <\/body> <a href=\"https:\/\/cyberscoop.com\/russian-state-threat-group-shifts-focus\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Russian state threat group shifts focus to US, UK targets<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[1765,78,625,467,256,270,3701,288,1,643],"tags":[1770,86,630,471,262,276,3702,294,325,645],"class_list":["post-7303","post","type-post","status-publish","format-standard","hentry","category-cve","category-cybersecurity","category-microsoft","category-microsoft-threat-intelligence-center","category-research","category-russia","category-seashell-blizzard","category-threats","category-uncategorized","category-vulnerabilities","tag-cve","tag-cybersecurity","tag-microsoft","tag-microsoft-threat-intelligence-center","tag-research","tag-russia","tag-seashell-blizzard","tag-threats","tag-uncategorized","tag-vulnerabilities"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cve\/\" rel=\"category tag\">CVE<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybersecurity\/\" rel=\"category tag\">Cybersecurity<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/microsoft\/\" rel=\"category tag\">Microsoft<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/microsoft-threat-intelligence-center\/\" rel=\"category tag\">Microsoft Threat Intelligence Center<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/research\/\" rel=\"category tag\">Research<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/russia\/\" rel=\"category tag\">Russia<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/seashell-blizzard\/\" rel=\"category tag\">Seashell Blizzard<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/threats\/\" rel=\"category tag\">Threats<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/uncategorized\/\" rel=\"category tag\">Uncategorized<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/vulnerabilities\/\" rel=\"category tag\">vulnerabilities<\/a>","tag_info":"vulnerabilities","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/7303","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=7303"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/7303\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=7303"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=7303"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=7303"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":7303,"date":"2025-02-12T11:58:47","date_gmt":"2025-02-12T17:58:47","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=83483"},"modified":"2025-02-12T11:58:47","modified_gmt":"2025-02-12T17:58:47","slug":"russian-state-threat-group-shifts-focus-to-us-uk-targets","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2025\/02\/12\/russian-state-threat-group-shifts-focus-to-us-uk-targets\/","title":{"rendered":"Russian state threat group shifts focus to US, UK targets"},"content":{"rendered":"