Fancy Bear campaign sought emails of high-level Ukrainians and their military suppliers | CyberScoop<\/title> <meta name=\"description\" content=\"Russian hackers aren\u2019t just targeting Ukraine \u2014 they also appear to be going after their defense contractors in other countries, new ESET research surmises.\"> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/russia-fancy-bear-gru-ukrainian-military-contractors\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"Fancy Bear campaign sought emails of high-level Ukrainians and their military suppliers\"> <meta property=\"og:description\" content=\"Russian hackers aren\u2019t just targeting Ukraine \u2014 they also appear to be going after their defense contractors in other countries, new ESET research surmises.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/russia-fancy-bear-gru-ukrainian-military-contractors\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/cyberscoop\/\"> <meta property=\"article:published_time\" content=\"2025-05-15T09:00:00+00:00\"> <meta property=\"og:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/fancy-bear-campaign-sought-emails-of-high-level-ukrainians-and-their-military-suppliers-2.jpg\"> <meta property=\"og:image:width\" content=\"2121\"> <meta property=\"og:image:height\" content=\"1414\"> <meta property=\"og:image:type\" content=\"image\/jpeg\"> <meta name=\"author\" content=\"djohnson\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:creator\" content=\"@CyberScoopNews\"> <meta name=\"twitter:site\" content=\"@CyberScoopNews\">  <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1746040294g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress\/dist\/css\/related-posts-block-styles.min.css?m=1747157649g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1747161863g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=13897d660a0ac2c9c7d1\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" title=\"JSON\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/84531\"><link rel=\"EditURI\" type=\"application\/rsd+xml\" title=\"RSD\" href=\"https:\/\/cyberscoop.com\/xmlrpc.php?rsd\">\n<meta name=\"generator\" content=\"WordPress 6.8.1\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=84531\">\n<link rel=\"alternate\" title=\"oEmbed (JSON)\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Frussia-fancy-bear-gru-ukrainian-military-contractors%2F\">\n<link rel=\"alternate\" title=\"oEmbed (XML)\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Frussia-fancy-bear-gru-ukrainian-military-contractors%2F&format=xml\">   <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"wp-singular post-template-default single single-post postid-84531 single-format-standard wp-theme-scoopnewsgroup wp-child-theme-cyberscoop\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/russia-fancy-bear-gru-ukrainian-military-contractors\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--event js-stickybar\">\n<div class=\"stickybar__details\" readability=\"4.9180327868852\">\n<div class=\"stickybar__info js-sticky-bar-content\" readability=\"32\">\n<p>Voting is open for the 2025 CyberScoop 50 awards!<\/p>\n<\/div>\n<p> <a class=\"stickybar__link button button-tertiary\" href=\"https:\/\/cyberscoop.com\/cyberscoop50\/\">Click here!<\/a> <\/div>\n<p> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"25.422077922078\">\n<div class=\"single-article__header-content\" readability=\"34.765100671141\">\n<ul class=\"single-article__eyebrow\">\n<li class=\"single-article__category\"> <a class=\"single-article__category-link\" href=\"https:\/\/cyberscoop.com\/russia-fancy-bear-gru-ukrainian-military-contractors\/\"> <span>Geopolitics<\/span> <\/a> <\/li>\n<\/ul>\n<p> Russian hackers aren\u2019t just targeting Ukraine \u2014 they also appear to be going after their defense contractors in other countries, new ESET research surmises. <\/p>\n<p>  <br \/>\n<audio id=\"audio-player\" src=\"https:\/\/wp-tts-cdn.api.scpnewsgrp.com\/cyberscoop\/84531\/english.openai.mp3\"><\/audio> <\/p>\n<div readability=\"11\">\n<div>\n<p>Listen to this article<\/p>\n<p>  <\/p>\n<p>0:00<\/p>\n<\/p><\/div>\n<p>  <\/p>\n<p> <span id=\"tts-tooltip\">Learn more.<\/span> <span> This feature uses an automated voice, which may result in occasional errors in pronunciation, tone, or sentiment. <\/span> <\/p>\n<\/div>\n<p>  <\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"426\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/fancy-bear-campaign-sought-emails-of-high-level-ukrainians-and-their-military-suppliers.jpg?resize=640%2C426&ssl=1\" class=\"single-article__cover-image wp-post-image\" alt decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/fancy-bear-campaign-sought-emails-of-high-level-ukrainians-and-their-military-suppliers-2.jpg 2121w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/fancy-bear-campaign-sought-emails-of-high-level-ukrainians-and-their-military-suppliers-2.jpg?resize=300,200 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/fancy-bear-campaign-sought-emails-of-high-level-ukrainians-and-their-military-suppliers-2.jpg?resize=768,512 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/fancy-bear-campaign-sought-emails-of-high-level-ukrainians-and-their-military-suppliers-2.jpg?resize=1024,683 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/fancy-bear-campaign-sought-emails-of-high-level-ukrainians-and-their-military-suppliers-2.jpg?resize=1536,1024 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/fancy-bear-campaign-sought-emails-of-high-level-ukrainians-and-their-military-suppliers-2.jpg?resize=2048,1365 2048w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/fancy-bear-campaign-sought-emails-of-high-level-ukrainians-and-their-military-suppliers-2.jpg?resize=600,400 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/fancy-bear-campaign-sought-emails-of-high-level-ukrainians-and-their-military-suppliers-2.jpg?resize=252,168 252w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/fancy-bear-campaign-sought-emails-of-high-level-ukrainians-and-their-military-suppliers-2.jpg?resize=506,337 506w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/fancy-bear-campaign-sought-emails-of-high-level-ukrainians-and-their-military-suppliers-2.jpg?resize=1013,675 1013w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/fancy-bear-campaign-sought-emails-of-high-level-ukrainians-and-their-military-suppliers-2.jpg?resize=1265,843 1265w\" sizes=\"(max-width: 1013px) 100vw, 1013px\"><figcaption> (Getty Images) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"67.264305781458\"><body readability=\"135.67611531648\"><\/p>\n<p>Fancy Bear, the hacking group linked to Russia\u2019s Main Intelligence Directorate (GRU), has been targeting the email accounts of high-ranking Ukrainian officials as well as executives at defense contractors located in other countries who sell weapons and equipment to Kyiv, according to new <a href=\"https:\/\/www.welivesecurity.com\/en\/eset-research\/operation-roundpress\/\">research<\/a> from ESET.<\/p>\n<p>The campaign, ongoing since at least 2023, has taken advantage of spearphishing and cross-site scripting vulnerabilities in different webmail software products, including Roundcube, Horde, MDaemon and Zimbra.<\/p>\n<p>Just one of those vulnerabilities was a zero-day that ESET researchers suspect was first identified by Fancy Bear, also known as APT28 or \u201cSednit\u201d in ESET\u2019s tracking terminology. The group was observed leveraging<a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-11182\"> CVE-2024-11182<\/a> in November 2024 emails sent to two Ukrainian state-owned defense companies and a Ukrainian civilian air transport company. <\/p>\n<p>Matthieu Faou, senior malware researcher at ESET, provided CyberScoop with further detail on that rationale.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>\u201cWhat we know is that, according to our telemetry, Sednit is the only threat actor using this specific exploit,\u201d Faou said in an email. \u201cThis means that they either developed this capability in house, or that they bought it from a third-party vendor\/exploit broker.\u201d<\/p>\n<p>The remaining webmail programs were compromised using known vulnerabilities that already had patches available. There is evidence that the Russian hacking group has been heavily focused on webmail software since 2023, steadily identifying and adding more vulnerabilities that can target and break into a wide variety of programs.<\/p>\n<figure class=\"wp-block-image\"><img data-recalc-dims=\"1\" decoding=\"async\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/fancy-bear-campaign-sought-emails-of-high-level-ukrainians-and-their-military-suppliers.png?w=640&ssl=1\" alt><figcaption class=\"wp-element-caption\">An illustration of Fancy Bear\/APT28\/Sednit\u2019s use of spearphishing and cross-site scripting vulnerabilities to access the email accounts of Ukrainian defense officials and contractors. (Source: ESET)<\/figcaption><\/figure>\n<p>According to the report, the victims in 2024 alone included officials from regional national governments in Ukraine, Greece, Cameroon and Serbia, military officials in Ukraine and Ecuador, and employees of defense contracting firms in Ukraine, Romania and Bulgaria.<\/p>\n<p>Fancy Bear is perhaps best known in the United States for its hack and leak of Democratic National Committee emails in the lead-up to the 2016 presidential election. Since the start of the Russia-Ukraine war, the unit has increasingly turned its focus to collecting political and wartime intelligence from the conflict.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>This espionage campaign appears to be focused on gaining insight into the Ukrainian military\u2019s supply chain, though the report also notes it found evidence of victims in Latin America, the European Union and Africa.<\/p>\n<p>Faou said he believes the evidence points to extracting information about Ukraine\u2019s defense base as the campaign\u2019s primary motivation, and that the victims in other countries reflect how the GRU \u201cis also tasked in collecting intelligence from a broad range of targets, including governments and military entities worldwide.\u201d<\/p>\n<p>Last month, the French Ministry for Europe and Foreign Affairs<a href=\"https:\/\/www.diplomatie.gouv.fr\/en\/country-files\/russia\/news\/2025\/article\/russia-attribution-of-cyber-attacks-on-france-to-the-russian-military\"> accused<\/a> the group of attempted or successful hacks against a dozen French entities since 2021 and trying to \u201cdestabilize\u201d French elections in 2017 through covert and cyber means.<\/p>\n<p>The ministry\u2019s statement also accused the Russian government of using APT28 \u201cto exert continual pressure on Ukrainian infrastructures amid Russia\u2019s war of aggression against Ukraine,\u201d adding that \u201cmany European partners have also been targeted by APT28 in recent years.\u201d This week, French intelligence agencies released a 16-page assessment <a href=\"https:\/\/kyivinsider.com\/france-unveils-extensive-russian-espionage-sabotage-and-disinformation-operations\/?utm_source=dlvr.it&utm_medium=twitter\">detailing the hacking group\u2019s<\/a> targeting of French governments and organizations dating back to 2015.<\/p>\n<p>Faou said ESET identified at least 17 separate victim organizations in the webmail campaign. When asked how many were compromised, he said ESET\u2019s endpoint was able to block the email, the malicious script or the network connection during data exfiltration for \u201cmost\u201d of those organizations.<\/p>\n<p>\u201cMost of the targets are related to the current war in Ukraine; they are either Ukrainian governmental entities or defense companies in Bulgaria and Romania. Notably, some of these defense companies are producing Soviet-era weapons to be sent to Ukraine,\u201d the report stated.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>The group\u2019s spearphishing lures used fake headlines from prominent Ukrainian news outlets like the Kyiv Post about the Russia-Ukraine war, seemingly playing on their targets\u2019 personal or business interests in the conflict. Some headlines, written in Ukrainian, were \u201cSBU arrested a banker who worked for enemy military intelligence in Kharkiv\u201d and \u201cPutin seeks Trump\u2019s acceptance of Russian conditions in bilateral relations.\u201d<\/p>\n<figure class=\"wp-block-image\"><img data-recalc-dims=\"1\" decoding=\"async\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/fancy-bear-campaign-sought-emails-of-high-level-ukrainians-and-their-military-suppliers-1.png?w=640&ssl=1\" alt><figcaption class=\"wp-element-caption\">An emailed phishing lure that mimic Ukrainian news sources like the Kyiv Post. (Source: ESET)<\/figcaption><\/figure>\n<p>Those who opened the emails using the affected webmail clients were then served up \u2014 via cross-site scripting \u2014 a custom JavaScript malware payload capable of exfiltrating data from the account\u2019s email messages, address book, contacts and log-in history.<\/p>\n<p>At least one of the vulnerabilities, affecting MDaemon software, could steal passwords and secrets for the account\u2019s two-factor authentication, meaning attackers could bypass the security protection and access the victim\u2019s mailbox using another application.<\/p>\n<p>The malware uses flaws in webmail software programs to steal an account\u2019s credentials, either by tricking the browser or password manager into pasting those credentials into a hidden form or getting the user to log out, whereupon they can be served fake phishing landing pages to log back in.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>While the JavaScript code lacks the kind of sophisticated persistence mechanisms that are routinely deployed by state-backed hackers to maintain their access, ESET researchers note that the malware is reloaded every time the victim opens the malicious email.<\/p>\n<p>Faou described the GRU-linked hacking operation as ongoing, with the last detected email flagged April 17.<\/p>\n<p>\u201cWhile we do have a good understanding of the TTPs used in this operation, we continue to closely track it to be able to detect the exploitation of new [zero days] in webmail applications as fast as possible,\u201d he wrote.<\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\" readability=\"3.5515370705244\">\n<div class=\"author-card\" readability=\"13\">\n<div class=\"author-card__avatar\">\n<figure class=\"author-card__image-wrap\"> <img data-recalc-dims=\"1\" decoding=\"async\" class=\"author-card__image\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/fancy-bear-campaign-sought-emails-of-high-level-ukrainians-and-their-military-suppliers-1.jpg?w=640&ssl=1\" alt=\"Derek B. Johnson\"> <\/figure>\n<\/p><\/div>\n<p><h4 class=\"author-card__name\">Written by Derek B. Johnson<\/h4>\n<p> Derek B. Johnson is a reporter at CyberScoop, where his beat includes cybersecurity, elections and the federal government. Prior to that, he has provided award-winning coverage of cybersecurity news across the public and private sectors for various publications since 2017. Derek has a bachelor\u2019s degree in print journalism from Hofstra University in New York and a master\u2019s degree in public policy from George Mason University in Virginia. <\/p>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<p>  <\/div>\n<p>\n<\/div>\n<p> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p>   <\/body> <a href=\"https:\/\/cyberscoop.com\/russia-fancy-bear-gru-ukrainian-military-contractors\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Fancy Bear campaign sought emails of high-level Ukrainians and their<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[4259,4260,1505,302,117,270,354],"tags":[4261,4262,1508,306,119,276,358],"class_list":["post-7640","post","type-post","status-publish","format-standard","hentry","category-cross-site-scripting","category-defense-contractors","category-fancy-bear","category-geopolitics","category-government","category-russia","category-ukraine","tag-cross-site-scripting","tag-defense-contractors","tag-fancy-bear","tag-geopolitics","tag-government","tag-russia","tag-ukraine"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cross-site-scripting\/\" rel=\"category tag\">cross site scripting<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/defense-contractors\/\" rel=\"category tag\">defense contractors<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/fancy-bear\/\" rel=\"category tag\">Fancy Bear<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/geopolitics\/\" rel=\"category tag\">Geopolitics<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/government\/\" rel=\"category tag\">Government<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/russia\/\" rel=\"category tag\">Russia<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/ukraine\/\" rel=\"category tag\">Ukraine<\/a>","tag_info":"Ukraine","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/7640","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=7640"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/7640\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=7640"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=7640"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=7640"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":7640,"date":"2025-05-15T04:00:00","date_gmt":"2025-05-15T09:00:00","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=84531"},"modified":"2025-05-15T04:00:00","modified_gmt":"2025-05-15T09:00:00","slug":"fancy-bear-campaign-sought-emails-of-high-level-ukrainians-and-their-military-suppliers","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2025\/05\/15\/fancy-bear-campaign-sought-emails-of-high-level-ukrainians-and-their-military-suppliers\/","title":{"rendered":"Fancy Bear campaign sought emails of high-level Ukrainians and their military suppliers"},"content":{"rendered":"