{"id":16646,"date":"2026-07-12T13:44:58","date_gmt":"2026-07-12T13:44:58","guid":{"rendered":"https:\/\/techtrendfeed.com\/?p=16646"},"modified":"2026-07-12T13:44:58","modified_gmt":"2026-07-12T13:44:58","slug":"leveraging-tunnels-employees-useless-drops-and-new-alliances","status":"publish","type":"post","link":"https:\/\/techtrendfeed.com\/?p=16646","title":{"rendered":"Leveraging tunnels, employees, useless drops, and new alliances"},"content":{"rendered":"<p> <br \/>\n<\/p>\n<div>\n<p>Cyberespionage has remained a relentless characteristic of Russia\u2019s conflict in opposition to Ukraine. ESET Analysis <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/www.welivesecurity.com\/en\/search\/?term=gamaredon\" target=\"_blank\" rel=\"noopener\">has lengthy tracked Gamaredon<\/a>, one of the energetic Russia-aligned superior persistent menace (APT) teams concentrating on Ukraine. The group, <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/ssu.gov.ua\/en\/novyny\/sbu-vstanovyla-khakeriv-fsb-yaki-zdiisnyly-ponad-5-tys-kiberatak-na-derzhavni-orhany-ukrainy\" target=\"_blank\" rel=\"noopener\">attributed by the Safety Service of Ukraine (SSU)<\/a> to the 18th Middle of Data Safety of Russia\u2019s FSB, maintained a excessive operational tempo all through 2025.<\/p>\n<p>In our newest analysis, we analyze Gamaredon\u2019s exercise throughout 2025, together with new instruments added to its arsenal, important shifts in the way it protects its community infrastructure, and its rising use of authentic third-party companies to cover each command and management (C&amp;C) data and stolen information. The complete technical particulars can be found in our newest <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/web-assets.esetstatic.com\/wls\/en\/papers\/white-papers\/gamaredon-in-2025.pdf\" target=\"_blank\" rel=\"noopener\">white paper<\/a>.<\/p>\n<blockquote>\n<p><strong>Key factors of this blogpost:<\/strong><\/p>\n<ul>\n<li>All through 2025, Gamaredon solely focused governmental and navy establishments in Ukraine.<\/li>\n<li>We noticed 35 distinct spearphishing campaigns in opposition to new targets. Nearly all of the campaigns had been carried out within the second half of the yr, and so they had been considerably bigger than earlier ones.<\/li>\n<li>Extra targets had been compromised through a number of customized weaponizers designed for lateral motion.<\/li>\n<li>Gamaredon operators developed and deployed six new malicious PowerShell instruments, which we analyze in our white paper, and resurrected an outdated VBScript weaponizer \u2013 PteroSetup.<\/li>\n<li>The file stealers PteroVDoor and PteroPSDoor had been upgraded to assist exfiltration to cloud storage companies (Wasabi, Tebi, and Intercolo), which grew to become the first exfiltration technique.<\/li>\n<li>Gamaredon operators sought new methods to guard their community infrastructure, with their C&amp;C servers now hidden behind numerous third-party companies reminiscent of tunnels, employees, DDNS (dynamic DNS), and PaaS (platform as a service).<\/li>\n<li>Additionally they abused a number of authentic messaging, social media, running a blog, and paste companies as useless drops for resolving C&amp;C servers and distributing payloads.<\/li>\n<\/ul>\n<\/blockquote>\n<p>The white paper is our third in-depth installment describing the techniques, methods, and procedures (TTPs) of this group, which is believed to function out of occupied Crimea. In September 2024, we revealed a white paper protecting Gamaredon actions from 2022 and 2023 \u2013 <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/web-assets.esetstatic.com\/wls\/en\/papers\/white-papers\/cyberespionage-gamaredon-way.pdf\" target=\"_blank\" rel=\"noopener\">Cyberespionage the Gamaredon approach: Evaluation of toolset used to spy on Ukraine in 2022 and 2023<\/a> \u2013 and in July 2025, we revealed a white paper protecting Gamaredon actions from 2024 \u2013 <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/web-assets.esetstatic.com\/wls\/en\/papers\/white-papers\/gamaredon-in-2024.pdf\" target=\"_blank\" rel=\"noopener\">Gamaredon in 2024: Cranking out spearphishing campaigns in opposition to Ukraine with an developed toolset<\/a>.<\/p>\n<h2>Continued information exfiltration and a brand new alliance<\/h2>\n<p>All through 2025, Gamaredon stayed extremely energetic and remained targeted solely on Ukraine. The group\u2019s final objective continues to be the exfiltration of delicate data and different important information that might be exploited to assist Russian pursuits within the ongoing conflict in Ukraine. Gamaredon\u2019s actions seem like carefully aligned with Russia\u2019s geopolitical aims, concentrating on Ukrainian governmental and navy establishments to achieve an intelligence benefit.<\/p>\n<h3>New tooling and cooperation within the first half of the yr<\/h3>\n<p>Whereas the group took a brief operational break in January 2025, Gamaredon spent a lot of its effort within the first half of the yr growing and deploying new instruments. We describe them within the <em><a rel=\"nofollow\" target=\"_blank\" href=\"#Six new tools, mostly delivery-focused\">Six new instruments, largely delivery-focused<\/a> <\/em>part of this blogpost. Whereas we don\u2019t present the precise timestamps for all adjustments launched to the group\u2019s tooling, we noticed that many updates had been made within the lead-up to main holidays in Russia and Crimea. Notably, no updates had been noticed throughout or instantly after these holidays, additional suggesting that Gamaredon operators are in all probability government-affiliated staff.<\/p>\n<p>Notably, we uncovered that in early 2025, Gamaredon collaborated with Turla, one other Russia-aligned menace actor additionally <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/interaktiv.br.de\/elite-hacker-fsb\/en\/index.html\" target=\"_blank\" rel=\"noopener\">linked to the FSB<\/a>; we documented our findings in our blogpost <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/www.welivesecurity.com\/en\/eset-research\/gamaredon-x-turla-collab\/\" target=\"_blank\" rel=\"noopener\">Gamaredon X Turla collab<\/a>. This cooperation underscores the potential for coordinated cyberespionage campaigns amongst Russia-aligned teams, more likely to amplify their operational affect. Up to now, Gamaredon additionally <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/www.welivesecurity.com\/2020\/06\/18\/digging-up-invisimole-hidden-arsenal\/\" target=\"_blank\" rel=\"noopener\">collaborated <\/a>with a menace actor that we found and named InvisiMole.<\/p>\n<p>Extra broadly, 2025 additionally offered one other instance of cooperation and process sharing amongst Russia-aligned actors: we noticed the Russia-aligned UAC-0099 group conducting preliminary entry operations and subsequently transferring validated targets to Sandworm for follow-up exercise. We documented our findings in <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/web-assets.esetstatic.com\/wls\/en\/papers\/threat-reports\/eset-apt-activity-report-q2-2025-q3-2025.pdf\" target=\"_blank\" rel=\"noopener\">ESET APT Exercise Report Q2 2025\u2013Q3 2025<\/a>.<\/p>\n<h3>Bigger and extra frequent spearphishing campaigns within the second half<\/h3>\n<p>Within the second half of the yr, the group shifted extra towards bigger and extra frequent spearphishing campaigns; throughout 2025, we recognized 35 of those. As in earlier years, most campaigns used archive attachments or XHTML recordsdata using <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/attack.mitre.org\/techniques\/T1027\/006\/\">HTML smuggling<\/a> to ship malicious HTA downloaders, which in flip fetched the VBScript downloader PteroSand and extra payloads. We additionally noticed campaigns that in all probability used malicious hyperlinks as an alternative of attachments.<\/p>\n<p>Determine\u00a01 reveals a chart of distinctive samples of HTA downloaders delivered monthly in Gamaredon spearphishing campaigns. Notice that these figures symbolize minimums for spearphishing makes an attempt, as one HTA downloader might goal a number of people, and people may be focused in a number of campaigns throughout the identical month.<\/p>\n<figure class=\"image\"><img decoding=\"async\" title=\"Figure 1. Unique Gamaredon spearphishing samples seen per month\" src=\"https:\/\/web-assets.esetstatic.com\/wls\/2026\/06-26\/figure-1-1.png\" alt=\"Figure 1. Unique Gamaredon spearphishing samples seen per month\" width=\"\" height=\"\"\/><figcaption><em>Determine 1. Distinctive Gamaredon spearphishing samples seen monthly<\/em><\/figcaption><\/figure>\n<p>What modified most noticeably was the tempo. Gamaredon was rather more energetic within the second half of the yr, when campaigns grew to become each extra frequent and bigger in scale. Late within the yr, the group additionally launched a brand new method \u2013 from September 26<sup>th<\/sup>, 2025 onward, it started abusing <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/www.cve.org\/CVERecord?id=CVE-2025-8088\" target=\"_blank\" rel=\"noopener\">CVE-2025-8088<\/a>, a WinRAR vulnerability, to put its traditional malicious HTA downloader into the sufferer\u2019s Startup folder. That allowed the downloader to execute on the following login, including persistence to a compromise chain that had beforehand relied extra closely on person interplay.<\/p>\n<h3>Weaponizers for motion past the compromised system<\/h3>\n<p>Past spearphishing, Gamaredon additionally continued utilizing customized weaponizers for lateral motion. These instruments weaponize USB drives, mapped community drives, and even software program installers, serving to the group unfold inside or throughout organizations after the preliminary compromise.<\/p>\n<h2>Six new instruments, largely delivery-focused<a rel=\"nofollow\" target=\"_blank\" id=\"Six new tools, mostly delivery-focused\"\/><\/h2>\n<p>Gamaredon launched six new instruments in 2025, all written in PowerShell. 5 of them appeared within the first quarter of the yr, suggesting that the group spent the early months of 2025 constructing new supply chains earlier than shifting extra consideration to large-scale spearphishing within the second half.<\/p>\n<p>Most of those new instruments are comparatively easy:<\/p>\n<ul>\n<li><strong>PteroDee<\/strong> and <strong>PteroCache<\/strong> are easy PowerShell downloaders for fetching and executing PowerShell payloads in reminiscence.<\/li>\n<li><strong>PteroDum<\/strong> serves an analogous function, however for VBScript payloads, writing them quickly to disk, executing them, after which deleting them.<\/li>\n<li><strong>PteroOdd<\/strong> is a tiny downloader used to retrieve a single PowerShell payload through the <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/telegram.org\/blog\/telegraph\" target=\"_blank\" rel=\"noopener\">Telegra.ph API<\/a>, and based mostly on what we noticed, it seems to have been used primarily in instances linked to Gamaredon\u2019s collaboration with Turla.<\/li>\n<li><strong>PteroEffigy<\/strong> is one other light-weight downloader, notable primarily for utilizing the <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/gofile.io\/home\" target=\"_blank\" rel=\"noopener\">GoFile<\/a> cloud storage service to acquire the following C&amp;C server.<\/li>\n<\/ul>\n<p>The standout among the many new instruments is <strong>PteroPaste<\/strong>, which is significantly extra complicated than the others. It combines a downloader, a USB weaponizer, and a runner element used for persistence and orchestration. Early variations of PteroPaste used <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/rentry.co\/what\" target=\"_blank\" rel=\"noopener\">Rentry<\/a> as an middleman staging level for encrypted payloads. Later variations moved away from that method and as an alternative retrieve an encrypted C&amp;C hostname from Dropbox, decrypt it regionally, after which connect with infrastructure hidden behind tunnel companies. PteroPaste can be one of many instruments concerned within the <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/www.welivesecurity.com\/en\/eset-research\/gamaredon-x-turla-collab\/\" target=\"_blank\" rel=\"noopener\">Gamaredon X Turla<\/a> collaboration that we documented in 2025.<\/p>\n<p>Gamaredon additionally introduced again <strong>PteroSetup<\/strong>, an older VBScript weaponizer that had probably been discontinued years earlier. The resurrected model scans fastened, detachable, and community drives for installer-like executable recordsdata and replaces them with malicious self-extracting archives containing each the unique installer and a malicious VBScript downloader. To the sufferer, the file nonetheless seems authentic, however working it launches each the anticipated installer and the malicious code.<\/p>\n<p>General, the brand new additions to Gamaredon\u2019s arsenal match a sample that we&#8217;ve seen earlier than \u2013 fairly than investing in extremely subtle malware, the group prefers a bigger variety of easy instruments that may be up to date rapidly and mixed flexibly.<\/p>\n<p>Vital updates to beforehand identified instruments reminiscent of <strong>PteroLNK<\/strong>, <strong>PteroPSLoad<\/strong>, <strong>PteroPSDoor<\/strong>, <strong>PteroVDoor<\/strong>, and <strong>PteroBox<\/strong> may be discovered within the <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/web-assets.esetstatic.com\/wls\/en\/papers\/white-papers\/gamaredon-in-2025.pdf\" target=\"_blank\" rel=\"noopener\">white paper<\/a>.<\/p>\n<h2>Superior community infrastructure<\/h2>\n<p>Gamaredon continued to refine its methods for safeguarding its community infrastructure and hiding its C&amp;C servers. In 2025, the group\u2019s reliance on third-party companies grew considerably, with tunnel companies and serverless employee platforms turning into an more and more essential a part of the way it hid its actual back-end infrastructure.<\/p>\n<p>Tunnel companies are authentic instruments that enable a system or utility to be uncovered to the web by way of a provider-controlled area, with out revealing the true server straight. Employees serve an analogous function, however go a step additional: as an alternative of merely forwarding visitors, they&#8217;re serverless platforms that may run code and course of requests earlier than passing them on. In apply, each assist obscure the underlying infrastructure and make disruption tougher.<\/p>\n<h3>Tunnels, employees, and a return to DDNS<\/h3>\n<p>By the tip of 2024, Gamaredon was already relying closely on Cloudflare tunnels (<span style=\"font-family: courier new, courier, monospace;\">trycloudflare.com<\/span>) to hide its infrastructure, and in 2025 it expanded that method additional. In Might, we started seeing the group disguise C&amp;C servers behind Cloudflare employees (<span style=\"font-family: courier new, courier, monospace;\">employees.dev<\/span>), and in June it added Microsoft\u2019s <span style=\"font-family: courier new, courier, monospace;\">devtunnels.ms<\/span> and Loophole (<span style=\"font-family: courier new, courier, monospace;\">loophole.website<\/span>). These companies had been typically used collectively, with one performing as the first communication path and others serving as fallbacks.<\/p>\n<p>In just a few remoted instances, we additionally noticed experiments with different tunnel companies, reminiscent of <span style=\"font-family: courier new, courier, monospace;\">loca.lt<\/span> and <span style=\"font-family: courier new, courier, monospace;\">bore.pub<\/span>, however these didn&#8217;t seem to turn into a part of the group\u2019s common toolkit.<\/p>\n<p>Gamaredon additionally returned to a way that had as soon as been a <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/www.welivesecurity.com\/2020\/06\/11\/gamaredon-group-grows-its-game\/\" target=\"_blank\" rel=\"noopener\">hallmark of its operations<\/a>: dynamic DNS (DDNS). After a number of years of relying extra closely on registered domains, the group once more started utilizing <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/www.noip.com\/\" target=\"_blank\" rel=\"noopener\">No-IP domains<\/a> throughout a number of instruments, particularly in HTA downloaders delivered in spearphishing campaigns. In parallel, we noticed Gamaredon abuse platform-as-a-service choices from <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/www.clever.cloud\/\" target=\"_blank\" rel=\"noopener\">Intelligent Cloud<\/a> (<span style=\"font-family: courier new, courier, monospace;\">cleverapps.io<\/span>) and <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/supabase.com\/\" target=\"_blank\" rel=\"noopener\">Supabase<\/a> (<span style=\"font-family: courier new, courier, monospace;\">supabase.co<\/span>) in a number of campaigns, suggesting that the group remains to be actively searching for low-cost, disposable infrastructure that blends in with authentic visitors.<\/p>\n<h3>Leveraging an outdated espionage idea: Lifeless drops<\/h3>\n<p>One of the essential facets of Gamaredon\u2019s 2025 operations was its heavy use of so-called dead-drop companies. The time period comes from conventional espionage \u2013 as an alternative of assembly straight, one operative leaves data in a public or hidden location and one other retrieves it later. On-line, the precept is analogous. Somewhat than embedding the true malicious server straight in malware, operators place that data on a authentic web site or platform, and the malware retrieves it from there. Which means the malware might first contact a public web page on a authentic service, learn a hidden or staged worth from it, and solely then connect with the precise C&amp;C server.<\/p>\n<p>This method offers attackers a number of benefits. It makes their operations extra versatile, as a result of they&#8217;ll swap servers rapidly. It additionally complicates blocking, as a result of defenders could also be reluctant to dam authentic and broadly used companies outright.<\/p>\n<p>In 2025, Gamaredon abused quite a few companies on this approach: Telegram channels (through <span style=\"font-family: courier new, courier, monospace;\">t.me<\/span>; Telegram\u2019s official URL shortener service), posts on the Telegra.ph (<span style=\"font-family: courier new, courier, monospace;\">telegra.ph<\/span>) and Teletype (<span style=\"font-family: courier new, courier, monospace;\">teletype.in<\/span>) platforms, <span style=\"font-family: courier new, courier, monospace;\">rentry.co<\/span>, <span style=\"font-family: courier new, courier, monospace;\">write.as<\/span>, Dropbox, <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/gofile.io\/home\" target=\"_blank\" rel=\"noopener\">GoFile<\/a>, social networks DEV Neighborhood (<span style=\"font-family: courier new, courier, monospace;\">dev.to<\/span>) and Mastodon (<span style=\"font-family: courier new, courier, monospace;\">mastodon.social<\/span>), lesma (<span style=\"font-family: courier new, courier, monospace;\">lesma.eu<\/span>), <span style=\"font-family: courier new, courier, monospace;\">nopaste.internet<\/span>, and Paste.ee (<span style=\"font-family: courier new, courier, monospace;\">pastee.dev<\/span>). In some instances, these companies had been used to publish up to date C&amp;C data. In others, they had been used to ship payloads or cloud-storage configuration information.<\/p>\n<p>In comparison with 2024, we additionally noticed a shift in how Gamaredon used these useless drops. Somewhat than merely publishing uncooked C&amp;C IP addresses, operators more and more used them to level malware to infrastructure already hidden behind tunnels or employees. In different phrases, the useless drop typically not revealed the true server straight; as an alternative, it pointed to a different intermediate layer.<\/p>\n<h3>Cloud storage grew to become the popular exfiltration channel<\/h3>\n<p>The opposite main infrastructure shift we noticed was on the data-exfiltration facet. Gamaredon upgraded two of its flagship file stealers, PteroPSDoor and PteroVDoor, to add stolen recordsdata to S3-compatible cloud storage companies \u2013 suppliers that assist the <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/aws.amazon.com\/s3\/\" target=\"_blank\" rel=\"noopener\">Amazon S3 API<\/a>, permitting the identical instruments and code to work throughout completely different storage distributors. Over the course of the yr, configurations moved from <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/wasabi.com\/\" target=\"_blank\" rel=\"noopener\">Wasabi<\/a> (<span style=\"font-family: courier new, courier, monospace;\">wasabisys.com<\/span>) to <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/tebi.io\/\">Tebi<\/a> (<span style=\"font-family: courier new, courier, monospace;\">tebi.io<\/span>) after which to <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/intercolo.de\/en\/object-storage\" target=\"_blank\" rel=\"noopener\">Intercolo<\/a> (<span style=\"font-family: courier new, courier, monospace;\">de-fra.i3storage.com<\/span>), which by December had turn into the first exfiltration vacation spot.<\/p>\n<p>On the identical time, PteroBox continued to add recordsdata to Dropbox, and one newer variant used the <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/rclone.org\/\">rclone<\/a> utility to take action.<\/p>\n<p>Importing stolen recordsdata to cloud storage reduces the necessity for Gamaredon to keep up its personal infrastructure for receiving giant quantities of stolen information. It additionally helps malicious visitors mix in with entry to authentic storage suppliers. Basically, Gamaredon more and more makes use of third-party companies not solely to cover the place directions come from, but in addition to cover the place stolen information goes.<\/p>\n<h2>Conclusion<\/h2>\n<p>Gamaredon continued to focus its cyberespionage exercise solely on Ukraine all through 2025, and nothing in ESET telemetry means that this may change within the close to future.<\/p>\n<p>Whereas the six new instruments launched in 2025 had been, for probably the most half, easy downloaders, the extra essential improvement was the continued evolution of the infrastructure supporting the group\u2019s operations. Gamaredon additional expanded its use of useless drops, tunnels, employees, dynamic DNS, and cloud storage, making its operations extra versatile and tougher to disrupt.<\/p>\n<p>As in earlier years, the group compensated for the relative simplicity of its malware with persistence, frequent updates, and an more and more inventive abuse of authentic on-line companies. So long as Russia\u2019s conflict in opposition to Ukraine continues, we count on Gamaredon to stay a major cyberespionage menace to Ukrainian establishments.<\/p>\n<h2>IoCs<\/h2>\n<p>A complete listing of indicators of compromise (IoCs) may be present in <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/github.com\/eset\/malware-ioc\/tree\/master\/gamaredon\" target=\"_blank\" rel=\"noopener\">our GitHub repository<\/a> and the <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/web-assets.esetstatic.com\/wls\/en\/papers\/white-papers\/gamaredon-in-2025.pdf\" target=\"_blank\" rel=\"noopener\">Gamaredon white paper<\/a>.<\/p>\n<p><a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/www.eset.com\/int\/business\/services\/threat-intelligence\/?utm_source=welivesecurity.com&amp;utm_medium=referral&amp;utm_campaign=wls-research&amp;utm_content=gamaredon-2025-leveraging-tunnels-workers-dead-drops-new-alliances&amp;sfdccampaignid=7011n0000017htTAAQ\" target=\"_blank\" rel=\"noopener\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/web-assets.esetstatic.com\/wls\/eti-eset-threat-intelligence.png\" alt=\"\" width=\"915\" height=\"296\"\/><\/a><\/p>\n<\/div>\n\n","protected":false},"excerpt":{"rendered":"<p>Cyberespionage has remained a relentless characteristic of Russia\u2019s conflict in opposition to Ukraine. ESET Analysis has lengthy tracked Gamaredon, one of the energetic Russia-aligned superior persistent menace (APT) teams concentrating on Ukraine. The group, attributed by the Safety Service of Ukraine (SSU) to the 18th Middle of Data Safety of Russia\u2019s FSB, maintained a excessive [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":16648,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[58],"tags":[5407,384,3068,1686,9747,1765],"class_list":["post-16646","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-alliances","tag-dead","tag-drops","tag-leveraging","tag-tunnels","tag-workers"],"_links":{"self":[{"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/posts\/16646","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=16646"}],"version-history":[{"count":1,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/posts\/16646\/revisions"}],"predecessor-version":[{"id":16647,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/posts\/16646\/revisions\/16647"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/media\/16648"}],"wp:attachment":[{"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=16646"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=16646"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=16646"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}<!-- This website is optimized by Airlift. Learn more: https://airlift.net. Template:. Learn more: https://airlift.net. Template: 69d9690a190636c2e0989534. Config Timestamp: 2026-04-10 21:18:02 UTC, Cached Timestamp: 2026-07-12 16:30:03 UTC -->