Feds quash widespread Russia-backed espionage network spanning 18,000 devices | CyberScoop<\/title> <meta name=\"description\" content=\"Forest Blizzard, a threat group attributed to Russia\u2019s GRU, hijacked network traffic to steal credentials and tokens for Microsoft accounts and other services.\"> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/forest-blizzard-apt28-routers-espionage-campaign-operation-masquerade\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"Feds quash widespread Russia-backed espionage network spanning 18,000 devices\"> <meta property=\"og:description\" content=\"Forest Blizzard, a threat group attributed to Russia\u2019s GRU, hijacked network traffic to steal credentials and tokens for Microsoft accounts and other services.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/forest-blizzard-apt28-routers-espionage-campaign-operation-masquerade\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/cyberscoop\/\"> <meta property=\"article:published_time\" content=\"2026-04-07T23:46:53+00:00\"> <meta property=\"article:modified_time\" content=\"2026-04-07T23:46:56+00:00\"> <meta property=\"og:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/04\/feds-quash-widespread-russia-backed-espionage-network-spanning-18000-devices-2.jpg\"> <meta property=\"og:image:width\" content=\"1920\"> <meta property=\"og:image:height\" content=\"1280\"> <meta property=\"og:image:type\" content=\"image\/jpeg\"> <meta name=\"author\" content=\"Matt Kapko\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:creator\" content=\"@CyberScoopNews\"> <meta name=\"twitter:site\" content=\"@CyberScoopNews\">  <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1774626878g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress\/dist\/css\/related-posts-block-styles.min.css?m=1775074092g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1775068334g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=13897d660a0ac2c9c7d1\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" title=\"JSON\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/88527\"><meta name=\"generator\" content=\"WordPress 6.8.5\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=88527\">\n<link rel=\"alternate\" title=\"oEmbed (JSON)\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fforest-blizzard-apt28-routers-espionage-campaign-operation-masquerade%2F\">\n<link rel=\"alternate\" title=\"oEmbed (XML)\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fforest-blizzard-apt28-routers-espionage-campaign-operation-masquerade%2F&format=xml\">   <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"wp-singular post-template-default single single-post postid-88527 single-format-standard wp-theme-scoopnewsgroup wp-child-theme-cyberscoop\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/forest-blizzard-apt28-routers-espionage-campaign-operation-masquerade\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--newsletter js-stickybar\" readability=\"0.82\"> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"26.492456896552\">\n<div class=\"single-article__header-content\" readability=\"36.494172494172\">\n<p> Forest Blizzard, a threat group attributed to Russia\u2019s GRU, hijacked network traffic to steal credentials and tokens for Microsoft accounts and other services. <\/p>\n<p>  <br \/>\n<audio id=\"audio-player\" src=\"https:\/\/wp-tts-cdn.api.scpnewsgrp.com\/cyberscoop\/88527\/english.openai.mp3\"><\/audio> <\/p>\n<div readability=\"11\">\n<div>\n<p>Listen to this article<\/p>\n<p>  <\/p>\n<p>0:00<\/p>\n<\/p><\/div>\n<p>  <\/p>\n<p> <span id=\"tts-tooltip\">Learn more.<\/span> <span> This feature uses an automated voice, which may result in occasional errors in pronunciation, tone, or sentiment. <\/span> <\/p>\n<\/div>\n<p>  <\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"426\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2026\/04\/feds-quash-widespread-russia-backed-espionage-network-spanning-18000-devices.jpg?resize=640%2C426&ssl=1\" class=\"single-article__cover-image wp-post-image\" alt decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/04\/feds-quash-widespread-russia-backed-espionage-network-spanning-18000-devices-2.jpg 1920w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/04\/feds-quash-widespread-russia-backed-espionage-network-spanning-18000-devices-2.jpg?resize=300,200 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/04\/feds-quash-widespread-russia-backed-espionage-network-spanning-18000-devices-2.jpg?resize=768,512 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/04\/feds-quash-widespread-russia-backed-espionage-network-spanning-18000-devices-2.jpg?resize=1024,683 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/04\/feds-quash-widespread-russia-backed-espionage-network-spanning-18000-devices-2.jpg?resize=1536,1024 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/04\/feds-quash-widespread-russia-backed-espionage-network-spanning-18000-devices-2.jpg?resize=600,400 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/04\/feds-quash-widespread-russia-backed-espionage-network-spanning-18000-devices-2.jpg?resize=252,168 252w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/04\/feds-quash-widespread-russia-backed-espionage-network-spanning-18000-devices-2.jpg?resize=506,337 506w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/04\/feds-quash-widespread-russia-backed-espionage-network-spanning-18000-devices-2.jpg?resize=1013,675 1013w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/04\/feds-quash-widespread-russia-backed-espionage-network-spanning-18000-devices-2.jpg?resize=1265,843 1265w\" sizes=\"(max-width: 1013px) 100vw, 1013px\"><figcaption> Gwengoat, iStock\/Getty Images Plus <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"47.133062793678\"><body readability=\"98.580724673404\"><\/p>\n<p>Russian state-sponsored attackers compromised more than 18,000 routers spread across more than 120 countries to gain deeper access to sensitive networks for a large-scale espionage campaign before it was recently neutralized, researchers and authorities said Tuesday.<\/p>\n<p>Forest Blizzard, also known as APT28 and Fancy Bear, exploited known vulnerabilities to steal credentials for <a href=\"https:\/\/www.justice.gov\/opa\/pr\/justice-department-conducts-court-authorized-disruption-dns-hijacking-network-controlled\">thousands of TP-Link routers<\/a> globally. The threat group, which is attributed to Russia\u2019s Main Intelligence Directorate of the General Staff (GRU) Military Unit 26165, hijacked domain name system settings and stole additional credentials and tokens via redirected traffic, the Justice Department said.<\/p>\n<p>The threat group established an expansive espionage network by intruding systems of <a href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2026\/04\/07\/soho-router-compromise-leads-to-dns-hijacking-and-adversary-in-the-middle-attacks\/\">more than 200 organizations<\/a>, impacting at least 5,000 consumer devices, Microsoft Threat Intelligence said in a report. <\/p>\n<p>Operation Masquerade, a collaborative takedown operation led by the FBI, aided by federal prosecutors, the National Security Division\u2019s National Security Cyber section, <a href=\"https:\/\/www.lumen.com\/blog-and-news\/en-us\/frostarmada-forest-blizzard-dns-hijacking\">Lumen\u2019s Black Lotus Labs<\/a> and Microsoft Threat Intelligence, involved a series of commands designed to reset DNS settings and prevent the threat group from further exploiting its initial means of access. <\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>\u201cGRU actors compromised routers in the U.S. and around the world, hijacking them to conduct espionage. Given the scale of this threat, sounding the alarm wasn\u2019t enough,\u201d Brett Leatherman, assistant director of the FBI\u2019s cyber division, said in a statement. \u201cThe FBI conducted a court-authorized operation to harden compromised routers across the United States.\u201d<\/p>\n<p>Forest Blizzard\u2019s widespread campaign involved adversary-in-the-middle attacks against domains mimicking legitimate services, including Microsoft Outlook Web Access. This allowed attackers to intercept passwords, OAuth tokens, credentials for Microsoft accounts, and other services and cloud-hosted content. <\/p>\n<p>Microsoft insists company-owned assets or services were not compromised as part of the campaign.<\/p>\n<p>The threat group targeted network edge devices, including TP-Link and MicroTik routers, opportunistically before it identified sensitive targets of intelligence interest to the Russian government, including people in the military, government and critical infrastructure sectors. <\/p>\n<p>Victims, according to researchers, include government agencies and organizations in the IT, telecom and energy sectors. Lumen identified other victims associated with Afghanistan\u2019s government and others linked to foreign affairs and national law enforcement agencies in North Africa, Central America and Southeast Asia. An unnamed European country\u2019s national identity platform was also impacted, the company said.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Lumen did not find evidence of any compromised U.S. government agencies as part of this campaign, but warned that the activity poses a grave national security threat.<\/p>\n<p>While the full scope of Forest Blizzard\u2019s accomplishments remain under investigation, researchers are confident the bleeding of sensitive information has stopped. <\/p>\n<p>\u201cThe campaign has ceased,\u201d Danny Adamitis, distinguished engineer at Black Lotus Labs, told CyberScoop. \u201cWe have observed a gradual decline in communications associated with this infrastructure over the past several weeks.\u201d<\/p>\n<p>Lumen said it observed widespread router exploitation and DNS redirection beginning in August, the day after the United Kingdom\u2019s National Cyber Security Centre published a <a href=\"https:\/\/www.ncsc.gov.uk\/sites\/default\/files\/documents\/ncsc-mar-authentic_antics.pdf\">malware analysis report<\/a> about a tool used to steal Microsoft Office credentials. The U.K.\u2019s NCSC on Tuesday published details about <a href=\"https:\/\/www.ncsc.gov.uk\/news\/apt28-exploit-routers-to-enable-dns-hijacking-operations\">APT28\u2019s DNS hijacking campaign<\/a>, including indicators of compromise.<\/p>\n<p>The Justice Department and FBI, acting on a court order, remediated compromised routers in the United States after collecting evidence on Forest Blizzard\u2019s activity. The FBI said Russia\u2019s GRU weaponized routers owned by Americans in more than 23 states to steal sensitive government, military and critical infrastructure information.<\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\" readability=\"2.9206730769231\">\n<div class=\"author-card\" readability=\"14\">\n<div class=\"author-card__avatar\">\n<figure class=\"author-card__image-wrap\"> <img data-recalc-dims=\"1\" decoding=\"async\" class=\"author-card__image\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2026\/04\/feds-quash-widespread-russia-backed-espionage-network-spanning-18000-devices-1.jpg?w=640&ssl=1\" alt=\"Matt Kapko\"> <\/figure>\n<\/p><\/div>\n<p><h4 class=\"author-card__name\">Written by Matt Kapko<\/h4>\n<p> Matt Kapko is a reporter at CyberScoop. His beat includes cybercrime, ransomware, software defects and vulnerability (mis)management. The lifelong Californian started his journalism career in 2001 with previous stops at Cybersecurity Dive, CIO, SDxCentral and RCR Wireless News. Matt has a degree in journalism and history from Humboldt State University. <\/p>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p>   <\/body> <a href=\"https:\/\/cyberscoop.com\/forest-blizzard-apt28-routers-espionage-campaign-operation-masquerade\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Feds quash widespread Russia-backed espionage network spanning 18,000 devices |<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[3460,2707,78,338,624,1505,669,6337,117,466,625,5177,6338,6339,256,270,288,2481,971],"tags":[3463,2709,86,341,629,1508,671,6340,119,470,630,5179,6341,6342,262,276,294,2483,973],"class_list":["post-8510","post","type-post","status-publish","format-standard","hentry","category-apt28","category-black-lotus-labs","category-cybersecurity","category-department-of-justice-doj","category-espionage","category-fancy-bear","category-federal-bureau-of-investigation-fbi","category-forest-blizzard","category-government","category-gru","category-microsoft","category-microsoft-threat-intelligence","category-microtik","category-ncsc","category-research","category-russia","category-threats","category-tp-link-technologies","category-united-kingdom-u-k","tag-apt28","tag-black-lotus-labs","tag-cybersecurity","tag-department-of-justice-doj","tag-espionage","tag-fancy-bear","tag-federal-bureau-of-investigation-fbi","tag-forest-blizzard","tag-government","tag-gru","tag-microsoft","tag-microsoft-threat-intelligence","tag-microtik","tag-ncsc","tag-research","tag-russia","tag-threats","tag-tp-link-technologies","tag-united-kingdom-u-k"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/apt28\/\" rel=\"category tag\">APT28<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/black-lotus-labs\/\" rel=\"category tag\">Black Lotus Labs<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybersecurity\/\" rel=\"category tag\">Cybersecurity<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/department-of-justice-doj\/\" rel=\"category tag\">Department of Justice (DOJ)<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/espionage\/\" rel=\"category tag\">espionage<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/fancy-bear\/\" rel=\"category tag\">Fancy Bear<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/federal-bureau-of-investigation-fbi\/\" rel=\"category tag\">Federal Bureau of Investigation (FBI)<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/forest-blizzard\/\" rel=\"category tag\">Forest Blizzard<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/government\/\" rel=\"category tag\">Government<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/gru\/\" rel=\"category tag\">GRU<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/microsoft\/\" rel=\"category tag\">Microsoft<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/microsoft-threat-intelligence\/\" rel=\"category tag\">Microsoft Threat Intelligence<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/microtik\/\" rel=\"category tag\">MicroTik<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/ncsc\/\" rel=\"category tag\">NCSC<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/research\/\" rel=\"category tag\">Research<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/russia\/\" rel=\"category tag\">Russia<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/threats\/\" rel=\"category tag\">Threats<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/tp-link-technologies\/\" rel=\"category tag\">TP-Link Technologies<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/united-kingdom-u-k\/\" rel=\"category tag\">United Kingdom (U.K.)<\/a>","tag_info":"United Kingdom (U.K.)","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/8510","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=8510"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/8510\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=8510"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=8510"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=8510"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":8510,"date":"2026-04-07T18:46:53","date_gmt":"2026-04-07T23:46:53","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=88527"},"modified":"2026-04-07T18:46:53","modified_gmt":"2026-04-07T23:46:53","slug":"feds-quash-widespread-russia-backed-espionage-network-spanning-18000-devices","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2026\/04\/07\/feds-quash-widespread-russia-backed-espionage-network-spanning-18000-devices\/","title":{"rendered":"Feds quash widespread Russia-backed espionage network spanning 18,000 devices"},"content":{"rendered":"