Amazon warns that Russia\u2019s Sandworm has shifted its tactics | CyberScoop<\/title> <meta name=\"description\" content=\"Researchers said attackers linked to Russia\u2019s military intelligence agency have moved from vulnerability exploits to focus on poorly configured network edge devices to keep its access to target networks.\"> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/amazon-threat-intel-russia-attacks-energy-sector-sandworm-apt44\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"Amazon warns that Russia\u2019s Sandworm has shifted its tactics\"> <meta property=\"og:description\" content=\"Researchers said attackers linked to Russia\u2019s military intelligence agency have moved from vulnerability exploits to focus on poorly configured network edge devices to keep its access to target networks.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/amazon-threat-intel-russia-attacks-energy-sector-sandworm-apt44\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/cyberscoop\/\"> <meta property=\"article:published_time\" content=\"2025-12-16T15:54:13+00:00\"> <meta property=\"article:modified_time\" content=\"2025-12-16T15:54:16+00:00\"> <meta property=\"og:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/12\/amazon-warns-that-russias-sandworm-has-shifted-its-tactics-2.jpg\"> <meta property=\"og:image:width\" content=\"1920\"> <meta property=\"og:image:height\" content=\"1280\"> <meta property=\"og:image:type\" content=\"image\/jpeg\"> <meta name=\"author\" content=\"Matt Kapko\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:creator\" content=\"@CyberScoopNews\"> <meta name=\"twitter:site\" content=\"@CyberScoopNews\">  <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1764717474g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress\/dist\/css\/related-posts-block-styles.min.css?m=1764694102g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1763439630g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=13897d660a0ac2c9c7d1\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" title=\"JSON\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/87171\"><link rel=\"EditURI\" type=\"application\/rsd+xml\" title=\"RSD\" href=\"https:\/\/cyberscoop.com\/xmlrpc.php?rsd\">\n<meta name=\"generator\" content=\"WordPress 6.8.3\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=87171\">\n<link rel=\"alternate\" title=\"oEmbed (JSON)\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Famazon-threat-intel-russia-attacks-energy-sector-sandworm-apt44%2F\">\n<link rel=\"alternate\" title=\"oEmbed (XML)\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Famazon-threat-intel-russia-attacks-energy-sector-sandworm-apt44%2F&format=xml\">   <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"wp-singular post-template-default single single-post postid-87171 single-format-standard wp-theme-scoopnewsgroup wp-child-theme-cyberscoop\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/amazon-threat-intel-russia-attacks-energy-sector-sandworm-apt44\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--newsletter js-stickybar\" readability=\"0.82\"> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"26.074596774194\">\n<div class=\"single-article__header-content\" readability=\"35.63557483731\">\n<p> Researchers said attackers linked to Russia\u2019s military intelligence agency have moved from vulnerability exploits to focus on poorly configured network edge devices to keep its access to target networks. <\/p>\n<p>  <br \/>\n<audio id=\"audio-player\" src=\"https:\/\/wp-tts-cdn.api.scpnewsgrp.com\/cyberscoop\/87171\/english.openai.mp3\"><\/audio> <\/p>\n<div readability=\"11\">\n<div>\n<p>Listen to this article<\/p>\n<p>  <\/p>\n<p>0:00<\/p>\n<\/p><\/div>\n<p>  <\/p>\n<p> <span id=\"tts-tooltip\">Learn more.<\/span> <span> This feature uses an automated voice, which may result in occasional errors in pronunciation, tone, or sentiment. <\/span> <\/p>\n<\/div>\n<p>  <\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"426\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/12\/amazon-warns-that-russias-sandworm-has-shifted-its-tactics.jpg?resize=640%2C426&ssl=1\" class=\"single-article__cover-image wp-post-image\" alt decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/12\/amazon-warns-that-russias-sandworm-has-shifted-its-tactics-2.jpg 1920w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/12\/amazon-warns-that-russias-sandworm-has-shifted-its-tactics-2.jpg?resize=300,200 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/12\/amazon-warns-that-russias-sandworm-has-shifted-its-tactics-2.jpg?resize=768,512 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/12\/amazon-warns-that-russias-sandworm-has-shifted-its-tactics-2.jpg?resize=1024,683 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/12\/amazon-warns-that-russias-sandworm-has-shifted-its-tactics-2.jpg?resize=1536,1024 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/12\/amazon-warns-that-russias-sandworm-has-shifted-its-tactics-2.jpg?resize=600,400 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/12\/amazon-warns-that-russias-sandworm-has-shifted-its-tactics-2.jpg?resize=252,168 252w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/12\/amazon-warns-that-russias-sandworm-has-shifted-its-tactics-2.jpg?resize=506,337 506w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/12\/amazon-warns-that-russias-sandworm-has-shifted-its-tactics-2.jpg?resize=1013,675 1013w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/12\/amazon-warns-that-russias-sandworm-has-shifted-its-tactics-2.jpg?resize=1265,843 1265w\" sizes=\"(max-width: 1013px) 100vw, 1013px\"><figcaption> Gwengoat, iStock\/Getty Images Plus <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"39.390722363259\"><body readability=\"83.269074124355\"><\/p>\n<p>Attackers associated with Russia\u2019s Main Intelligence Directorate (GRU) have targeted Western-based critical infrastructure with a special focus on the energy sector as part of an ongoing campaign <a href=\"https:\/\/aws.amazon.com\/blogs\/security\/amazon-threat-intelligence-identifies-russian-cyber-threat-group-targeting-western-critical-infrastructure\/\">dating back to 2021<\/a>, Amazon Threat Intelligence said in a report Monday. <\/p>\n<p>The threat group simplified operations earlier this year by shifting away from vulnerability exploitation to focus on misconfigured network edge devices hosted on Amazon Web Services as the primary initial access vector, CJ Moses, chief information security officer of Amazon Integrated Security, said in a blog post. <\/p>\n<p>Researchers said malicious infrastructure used by the attackers overlaps with operations linked to Sandworm, also known as APT44 and Seashell Blizzard, a detail that gives them confidence the activity is associated with Russia\u2019s GRU. <\/p>\n<p>Amazon did not say how many attacks it\u2019s attributed to the campaign, nor how the pace of activity has changed since the first wave of attacks occurred in 2021. The company said it has notified customers affected by the intrusions, remediated compromised EC2 instances and shared intelligence with partners and affected vendors to aid further investigations.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>The Russia state-sponsored threat group has continued to target multiple Western-based organizations in the energy sector including electric utilities, energy providers and managed security service providers specializing in the industry, according to Amazon. <\/p>\n<p>Researchers said the threat group has also targeted collaboration platforms, source code repositories, organizations with cloud-based network infrastructure, critical infrastructure providers in North America and Europe, and telecom providers across multiple regions. <\/p>\n<p>Attacks typically begin with a compromised customer network edge device hosted on AWS, followed by attempts to capture data traversing the network in a bid to steal credentials and reuse those credentials against victim organizations\u2019 other services and infrastructure to maintain access, according to Amazon.<\/p>\n<p>Moses insists the compromise of network edge devices hosted on AWS is not due to a weakness in its infrastructure, but rather improper device setup from customers. Attackers associated with Russia\u2019s GRU have targeted enterprise routers and routing infrastructure, virtual private networks for large organizations, remote-access gateways and network-management appliances. <\/p>\n<p>The campaign initially relied on vulnerability exploitation from 2021 to 2024, including <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/cve-2022-26318\">CVE-2022-26318<\/a> affecting WatchGuard, <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/cve-2021-26084\">CVE-2021-26084<\/a> and <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/cve-2023-22518\">CVE-2023-22518<\/a> affecting Confluence and <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/cve-2023-27532\">CVE-2023-27532<\/a> affecting Veeam, researchers said.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Yet, targeting shifted to misconfigured network edge devices this year, which allowed attackers to achieve the same strategic goals at a lower cost. <\/p>\n<p>\u201cWhile customer misconfiguration targeting has been ongoing since at least 2022, the actor maintained sustained focus on this activity in 2025 while reducing investment in zero-day and N-day exploitation,\u201d Moses said in the blog post. \u201cThe actor accomplishes this while significantly reducing the risk of exposing their operations through more detectable vulnerability exploitation activity.\u201d<\/p>\n<p>Sandworm is one of the most notorious state-sponsored threat groups of the past decade. The group primarily targets government, defense, transportation, energy, media and civil society organizations in Russia\u2019s near abroad. It has repeatedly targeted Western electoral systems and institutions, including in NATO member countries. On three separate occasions, the group has succeeded in using a cyberattack to disrupt electricity distribution in Ukraine.<\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\" readability=\"2.8220338983051\">\n<div class=\"author-card\" readability=\"14\">\n<div class=\"author-card__avatar\">\n<figure class=\"author-card__image-wrap\"> <img data-recalc-dims=\"1\" decoding=\"async\" class=\"author-card__image\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/12\/amazon-warns-that-russias-sandworm-has-shifted-its-tactics-1.jpg?w=640&ssl=1\" alt=\"Matt Kapko\"> <\/figure>\n<\/p><\/div>\n<p><h4 class=\"author-card__name\">Written by Matt Kapko<\/h4>\n<p> Matt Kapko is a reporter at CyberScoop. His beat includes cybercrime, ransomware, software defects and vulnerability (mis)management. The lifelong Californian started his journalism career in 2001 with previous stops at Cybersecurity Dive, CIO, SDxCentral and RCR Wireless News. Matt has a degree in journalism and history from Humboldt State University. <\/p>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<p>  <\/div>\n<p>\n<\/div>\n<p> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p>   <\/body> <a href=\"https:\/\/cyberscoop.com\/amazon-threat-intel-russia-attacks-energy-sector-sandworm-apt44\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Amazon warns that Russia\u2019s Sandworm has shifted its tactics |<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[5644,1064,1895,413,78,579,2659,302,466,5676,4838,256,2815,270,880,5319,29,288,3542,2281,5677],"tags":[5646,1065,1896,415,86,581,2661,306,470,5678,4841,262,2822,276,881,5320,37,294,3545,2283,5679],"class_list":["post-8207","post","type-post","status-publish","format-standard","hentry","category-amazon-threat-intelligence","category-amazon-web-services-aws","category-apt44","category-critical-infrastructure","category-cybersecurity","category-energy","category-exploit","category-geopolitics","category-gru","category-managed-service-providers","category-network-edge-devices","category-research","category-routers","category-russia","category-sandworm","category-source-code","category-telecommunications","category-threats","category-virtual-private-network-vpn","category-vulnerability","category-watchguard","tag-amazon-threat-intelligence","tag-amazon-web-services-aws","tag-apt44","tag-critical-infrastructure","tag-cybersecurity","tag-energy","tag-exploit","tag-geopolitics","tag-gru","tag-managed-service-providers","tag-network-edge-devices","tag-research","tag-routers","tag-russia","tag-sandworm","tag-source-code","tag-telecommunications","tag-threats","tag-virtual-private-network-vpn","tag-vulnerability","tag-watchguard"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/amazon-threat-intelligence\/\" rel=\"category tag\">Amazon Threat Intelligence<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/amazon-web-services-aws\/\" rel=\"category tag\">Amazon Web Services (AWS)<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/apt44\/\" rel=\"category tag\">APT44<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/critical-infrastructure\/\" rel=\"category tag\">critical infrastructure<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybersecurity\/\" rel=\"category tag\">Cybersecurity<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/energy\/\" rel=\"category tag\">energy<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/exploit\/\" rel=\"category tag\">exploit<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/geopolitics\/\" rel=\"category tag\">Geopolitics<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/gru\/\" rel=\"category tag\">GRU<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/managed-service-providers\/\" rel=\"category tag\">managed service providers<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/network-edge-devices\/\" rel=\"category tag\">network edge devices<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/research\/\" rel=\"category tag\">Research<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/routers\/\" rel=\"category tag\">routers<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/russia\/\" rel=\"category tag\">Russia<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/sandworm\/\" rel=\"category tag\">Sandworm<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/source-code\/\" rel=\"category tag\">source code<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/telecommunications\/\" rel=\"category tag\">Telecommunications<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/threats\/\" rel=\"category tag\">Threats<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/virtual-private-network-vpn\/\" rel=\"category tag\">virtual private network (VPN)<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/vulnerability\/\" rel=\"category tag\">vulnerability<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/watchguard\/\" rel=\"category tag\">WatchGuard<\/a>","tag_info":"WatchGuard","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/8207","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=8207"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/8207\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=8207"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=8207"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=8207"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":8207,"date":"2025-12-16T09:54:13","date_gmt":"2025-12-16T15:54:13","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=87171"},"modified":"2025-12-16T09:54:13","modified_gmt":"2025-12-16T15:54:13","slug":"amazon-warns-that-russias-sandworm-has-shifted-its-tactics","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2025\/12\/16\/amazon-warns-that-russias-sandworm-has-shifted-its-tactics\/","title":{"rendered":"Amazon warns that Russia\u2019s Sandworm has shifted its tactics"},"content":{"rendered":"