{"id":7521,"date":"2021-07-12T20:07:04","date_gmt":"2021-07-13T03:07:04","guid":{"rendered":"https:\/\/webdev.securin.xyz\/?p=7521"},"modified":"2023-04-05T12:39:04","modified_gmt":"2023-04-05T19:39:04","slug":"kaseya-vsa-downed-by-revil-in-monumental-supply-chain-attack","status":"publish","type":"post","link":"https:\/\/10.42.32.162\/articles\/kaseya-vsa-downed-by-revil-in-monumental-supply-chain-attack\/","title":{"rendered":"Kaseya VSA Downed by REvil in a Monumental Supply Chain Attack"},"content":{"rendered":"<blockquote>\n<p style=\"text-align: justify;\"><strong>On July 21, 2021, Kaseya shared a <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/kaseya-obtains-universal-decryptor-for-revil-ransomware-victims\/\" target=\"_blank\" rel=\"noopener\">universal decryptor key<\/a> with all MSPs and their clients who were affected by the REvil ransomware attack. The decryptor key can restore all encrypted files for free.<\/strong><\/p>\n<\/blockquote>\n<p style=\"text-align: justify;\">On the night of July 02, 2021, as security teams logged off their servers preparing for the Independence Day weekend, Kaseya\u2019s remote management web-based software platform <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/kaseya-was-fixing-zero-day-just-as-revil-ransomware-sprung-their-attack\/\" target=\"_blank\" rel=\"noopener\">Kaseya VSA was breached by the infamous REvil gang<\/a>, resulting in the single largest ransomware supply chain attack in the United States. In total, more than 1,500 companies were impacted by the REvil ransomware attack across 17 countries, with 60 MSPs and 800+ companies in the United States alone. The Swedish supermarket giant <a href=\"https:\/\/www.businessinsurance.com\/article\/20210707\/STORY\/912343038\/Kaseya-ransomware-attack-forces-Coop-to-close-800-stores\" target=\"_blank\" rel=\"noopener\">Coop <\/a>was the worst hit, having to close 800 stores worldwide.<\/p>\n<p style=\"text-align: justify;\">The event happened when the REvil gang gained backend access and deployed a malicious update to the VSA servers running on the client premises. Not only did that compromise the client\u2019s VSA servers and infect all connected workstations, but also it effectively infected the networks of third-party companies that were using the attacked server.<\/p>\n<p style=\"text-align: justify;\">The effect of the Kaseya attack continues to be felt as third-party dependencies see a swarm of ransomware attacks, not just pertaining to the REvil attack on July 03 but also <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/fake-kaseya-vsa-security-update-backdoors-networks-with-cobalt-strike\/?&amp;web_view=true\" target=\"_blank\" rel=\"noopener\">other ransomware gangs conducting Cobalt Strike phishing campaigns<\/a> to exploit the vulnerabilities. There has been a spate of third-party attacks on municipalities such as <a href=\"https:\/\/www.thebaynet.com\/articles\/0721\/multiple-southern-maryland-towns-hit-by-ransomware-attack-facing-lofty-demands.html\" target=\"_blank\" rel=\"noopener\">Leonardtown<\/a> and <a href=\"https:\/\/southernmarylandchronicle.com\/2021\/07\/07\/second-somd-town-hit-in-ransomware-attack\/\" target=\"_blank\" rel=\"noopener\">North Beach<\/a> in Alabama and utility sectors such as <a href=\"https:\/\/www.alabamanews.net\/2021\/07\/06\/wiregrass-electric-cooperative-hit-with-ransomware-attack\/\" target=\"_blank\" rel=\"noopener\">Wiregrass Electric Cooperative<\/a> in the wake of the Kaseya VSA supply chain shutdown. More recently, fake phishing campaign emails containing malicious links or attachments posing as Kaseya security updates have been <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/kaseya-warns-of-phishing-campaign-pushing-fake-security-updates\/\" target=\"_blank\" rel=\"noopener\">reported <\/a>trying to enter recipients\u2019 systems through the backdoor.<\/p>\n<h2 dir=\"ltr\" style=\"text-align: justify;\"><strong>Could Kaseya Have Avoided the Attacks?<\/strong><\/h2>\n<p dir=\"ltr\" style=\"text-align: justify;\">Yes. On July 08, 2021, the Dutch Institute of Vulnerability Disclosure (DIVD) published a <a href=\"https:\/\/csirt.divd.nl\/2021\/07\/07\/Kaseya-Limited-Disclosure\/\" target=\"_blank\" rel=\"noopener\">timeline <\/a>of the attack, which indicates that the vulnerability was reported to Kaseya as early as April 2021. Six of the seven vulnerabilities were found to be affecting software-as-a-service and on-premise VSA servers.<\/p>\n<p style=\"text-align: justify;\">In the attack on Kaseya VSA on July 03, 2021, the company was patching one of the three critical zero-day bugs, <a href=\"http:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2021-30116\" target=\"_blank\" rel=\"noopener\">CVE-2021-30116<\/a>, when the vulnerability was used to bypass authentication on the web panel. Immediately after, SQL commands were run on the VSA appliance, and ransomware was deployed to all connected workstations. However, it is still uncertain how the REvil gang got its hands on the classified information on the zero-day bug.<\/p>\n<blockquote>\n<p style=\"text-align: justify;\">Most ransomware gangs like REvil are <a href=\"https:\/\/cybersecurityworks.com\/blog\/ransomware\/revil-brings-down-jbs-the-worlds-largest-meat-packer.html\" target=\"_blank\" rel=\"noopener\">going after organizations<\/a> whose supply chain, if affected, can cause widespread panic and chaos.<\/p>\n<\/blockquote>\n<p style=\"text-align: justify;\">According to our research findings published in <a href=\"https:\/\/cybersecurityworks.com\/resources\/whitepapers\/ransomware-2021-spotlight-report-through-the-lens-of-threat-and-vulnerability-management.html\" target=\"_blank\" rel=\"noopener\">Securin\u2019s Ransomware Spotlight 2021 <\/a>report, the REvil ransomware gang, amongst other ransomware gangs, has targeted organizations with supply chains in order to cause the maximum damage.<\/p>\n<h2 dir=\"ltr\"><strong>More CVE Findings<\/strong><\/h2>\n<p style=\"text-align: justify;\">In our <a href=\"https:\/\/cybersecurityworks.com\/blog\/ransomware\/revil-brings-down-jbs-the-worlds-largest-meat-packer.html\" target=\"_blank\" rel=\"noopener\">previous blog<\/a>, we observed how six vulnerabilities\u2014CVE-2012-0507,\u00a0 CVE-2013-0074, CVE-2018-8453, CVE-2019-11510, CVE-2019-19781, and CVE-2019-2725\u2014were associated with REvil in the attack that befell JBS on May 30, 2021.<\/p>\n<p dir=\"ltr\" style=\"text-align: justify;\">During the more recent Kaseya VSA attack, the REvil ransomware group exploited a zero-day bug, now tagged as <a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2021-30116\" target=\"_blank\" rel=\"noopener\">CVE-2021-30116<\/a>, to conduct remote code execution that affected <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/kaseya-was-fixing-zero-day-just-as-revil-ransomware-sprung-their-attack\/\" target=\"_blank\" rel=\"noopener\">140 publicly accessible VSA servers<\/a>. Here is our analysis of the vulnerability:<\/p>\n<p dir=\"ltr\" style=\"text-align: justify;\"><strong>CVE-2021-30116<\/strong><\/p>\n<ul style=\"text-align: justify;\">\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\">CVE-2021-30116 is a remote code execution vulnerability (CWE-20) in the Kaseya VSA system that is being actively exploited in the wild.<\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\">The <a href=\"https:\/\/us-cert.cisa.gov\/ncas\/current-activity\/2021\/07\/04\/cisa-fbi-guidance-msps-and-their-customers-affected-kaseya-vsa\" target=\"_blank\" rel=\"noopener\">FBI and CISA<\/a> have issued a joint alert urging organizations to use a <a href=\"https:\/\/kaseya.app.box.com\/s\/p9b712dcwfsnhuq2jmx31ibsuef6xict\" target=\"_blank\" rel=\"noopener\">Kaseya detection tool<\/a> to find compromised systems for patching on priority.<\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\">Classified under CWE-20 (Improper Input Validation), this critical vulnerability has a severity rating of 9.8 in CVSS V3.1 scoring.<\/p>\n<\/li>\n<\/ul>\n<p style=\"text-align: justify;\"><img decoding=\"async\" class=\"aligncenter\" style=\"height: 172px; width: 500px;\" src=\"https:\/\/lh6.googleusercontent.com\/2gkddSUrd84tzlSRFBDXecg6BAIdkArktbkrDSK4DL6R50lqGRk2UWGmqFG_meLqzUzgoyRwAO-ns2Al8im0LLggwsYq8w0PM4HxqN6WEEZI2eHV2vj1GC70iJMhcCIEY0tAmmG4\" \/><\/p>\n<ul>\n<li style=\"text-align: justify;\">A patch for CVE-2021-30116 was <a href=\"https:\/\/helpdesk.kaseya.com\/hc\/en-gb\/articles\/4403785889041\" target=\"_blank\" rel=\"noopener\">released<\/a> by Kaseya on July 11, 2021.<\/li>\n<\/ul>\n<p><img decoding=\"async\" class=\"aligncenter\" style=\"width: 700px; height: 439px;\" src=\"https:\/\/cybersecurityworks.com\/howdymanage\/uploads\/image\/vulnerabilities-used-by-revil-ransomware-infographic-2.png\" alt=\"CVEs used by REvil Ransomware\" \/><\/p>\n<p>&nbsp;<\/p>\n<p style=\"text-align: justify;\">There were six other vulnerabilities mentioned in the DIVD report that Kaseya has been fixing since April 2021. Here are the details:<\/p>\n<ul style=\"text-align: justify;\">\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\"><a href=\"https:\/\/csirt.divd.nl\/cves\/CVE-2021-30117\" target=\"_blank\" rel=\"noopener\">CVE-2021-30117<\/a> is an SQL injection vulnerability that was patched on May 08, 2021. It had a CVSS V3 severity rating of 9.8.<\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\"><a href=\"https:\/\/csirt.divd.nl\/cves\/CVE-2021-30118\" target=\"_blank\" rel=\"noopener\">CVE-2021-30118<\/a> is a Remote Code Execution vulnerability that was patched on April 10, 2021. It had a CVSS V3 severity rating of 9.8.<\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\"><a href=\"https:\/\/csirt.divd.nl\/cves\/CVE-2021-30121\" target=\"_blank\" rel=\"noopener\">CVE-2021-30121<\/a> is a Local File Inclusion vulnerability that was patched on May 08, 2021. It had a CVSS V3 severity rating of 6.5.<\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\"><a href=\"https:\/\/csirt.divd.nl\/cves\/CVE-2021-30201\" target=\"_blank\" rel=\"noopener\">CVE-2021-30201<\/a> is an XML External Entity vulnerability that was patched on May 08, 2021. It had a CVSS V3 severity rating of 7.5.<\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\"><a href=\"https:\/\/csirt.divd.nl\/cves\/CVE-2021-30119\" target=\"_blank\" rel=\"noopener\">CVE-2021-30119<\/a> is a Cross-Site Scripting vulnerability. This vulnerability has a low severity rating of 5.4 on the CVSS V3 score, pointing to the risks low-score vulnerabilities may pose.<\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\"><a href=\"https:\/\/csirt.divd.nl\/cves\/CVE-2021-30120\" target=\"_blank\" rel=\"noopener\">CVE-2021-30120<\/a> is a 2FA bypass vulnerability. It has a CVSS V3 severity rating of 9.9.<\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\">Patches for CVE-2021-30119 and CVE-2021-30120 were <a href=\"https:\/\/helpdesk.kaseya.com\/hc\/en-gb\/articles\/4403785889041\" target=\"_blank\" rel=\"noopener\">released<\/a> on July 11, 2021.<\/p>\n<\/li>\n<\/ul>\n<h2 dir=\"ltr\" style=\"text-align: justify;\"><strong>Kaseya VSA Attack Methodology<\/strong><\/h2>\n<p dir=\"ltr\" style=\"text-align: justify;\">The initial deployment of ransomware packets onto the Kaseya VSA commenced on July 02, 2021. Here are a few details of the server-side intrusion:<\/p>\n<ul style=\"text-align: justify;\">\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\">Attackers conducted authentication bypass to exploit the VSA server to spread ransomware.<\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\">Two digitally signed malicious files, agent.crt\/agent.exe and screenshot.jpg, were uploaded onto the server. Screenshot.jpg, when clicked, removed IIS logs and disabled user sessions and other clean-up activities.<\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\">Once the ransomware was injected into the on-premise client servers, the REvil gang executed a decryptor payload that disabled Windows Defender.<\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\">With Windows Defender down, the gang was able to conduct remote code execution to gain control of the Kaseya VSA server.<\/p>\n<\/li>\n<\/ul>\n<p dir=\"ltr\" style=\"text-align: justify;\"><img decoding=\"async\" class=\"aligncenter\" style=\"width: 950px; height: 380px;\" src=\"https:\/\/cybersecurityworks.com\/howdymanage\/uploads\/image\/revil-kaseya-attack-methodology.png\" alt=\"REvil Kaseya Attack Methodology\" \/><\/p>\n<h2 dir=\"ltr\" style=\"text-align: justify;\"><strong>Kaseya MITRE ATT&amp;CK\u00a0Mapping<\/strong><\/h2>\n<p dir=\"ltr\" style=\"text-align: justify;\"><img decoding=\"async\" class=\"aligncenter\" style=\"height: 100%; width: 100%;\" src=\"https:\/\/lh4.googleusercontent.com\/gzNR_FGYwQm8STc9E-Cz1xgBKLRlCXkIKKdhFUzPYlchA9vlAentI0i9N_sdfbu74MY74Nv5zr7MYIvbDJgz0VpojMZyd1RlHieW6SDSVTadKahTKvWf7xOAFxyFzLUB81BIVerm\" \/><\/p>\n<table style=\"width: 500px;\" border=\"1\" cellspacing=\"1\" cellpadding=\"1\" align=\"center\">\n<tbody>\n<tr>\n<td style=\"text-align: center;\"><strong>IoCs<\/strong><\/td>\n<\/tr>\n<tr>\n<td>\n<table style=\"width: 550px;\">\n<tbody>\n<tr>\n<td>\n<p dir=\"ltr\">MD5<\/p>\n<p dir=\"ltr\">agent.crt: 2093c195b6c1fd6ab9e1110c13096c5fe130b75a84a27748007ae52d9e951643<\/p>\n<p dir=\"ltr\">agent.exe: d55f983c994caa160ec63a59f6b4250fe67fb3e8c43a388aec60a4a6978e9f1e<\/p>\n<p dir=\"ltr\">mpsvc.dll: e2a24ab94f865caeacdf2c3ad015f31f23008ac6db8312c2cbfb32e4a5466ea2<\/p>\n<p dir=\"ltr\">mpsvc.dll: 8dd620d9aeb35960bb766458c8890ede987c33d239cf730f93fe49d90ae759dd<\/p>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h2 dir=\"ltr\"><strong>Kaseya Exposure Analysis<\/strong><\/h2>\n<p dir=\"ltr\" style=\"text-align: justify;\">Our exposure analysis using Shodan for the Kaseya CVE attributes indicates no direct exposures for the affected CVEs. However, Shodan mentions 2,942 public-facing instances of Kaseya products that are currently being used around the world.<\/p>\n<p dir=\"ltr\">\u00a0<b id=\"docs-internal-guid-1139a343-7fff-ce49-d006-36b89edb5928\"><img decoding=\"async\" class=\"aligncenter\" style=\"width: 316px; height: 458px;\" src=\"https:\/\/lh5.googleusercontent.com\/zxB6UW1dhIBf-4MEv0S2pe4Zp06K-4vShMTHepK7RYBTTQuC9xbXNy1Ouc12UxPyIVjTOlqYenw0ZLW_k42Ds1HkM94w1xXuNWrzR-7d3mfMG4uzii26AQKyjyZzXjehNsbxYdm9\" \/><\/b><\/p>\n<h2 dir=\"ltr\"><strong>The Way Forward<\/strong><\/h2>\n<p dir=\"ltr\" style=\"text-align: justify;\">The FBI and CISA issued a <a href=\"https:\/\/us-cert.cisa.gov\/ncas\/current-activity\/2021\/07\/04\/cisa-fbi-guidance-msps-and-their-customers-affected-kaseya-vsa\" target=\"_blank\" rel=\"noopener\">joint advisory<\/a> on July 04, 2021, encouraging MSPs to install a <a href=\"https:\/\/kaseya.app.box.com\/s\/0ysvgss7w48nxh8k1xt7fqhbcjxhas40\" target=\"_blank\" rel=\"noopener\">detection tool<\/a> to analyze their systems to determine if they have been compromised.<\/p>\n<p style=\"text-align: justify;\">Our research indicates a significant increase in the number of vulnerabilities exploited by or associated with ransomware attacks in the last few months.<\/p>\n<p style=\"text-align: justify;\">With REvil going after critical sectors such as Banking and Finance, Construction, Defense Industrial Base, Government Healthcare, High Technology, Legal, Manufacturing, Media, Non-profit, Oil &amp; Gas, Petrochemical, Pharmaceutical, Real Estate, Telecommunications, Transportation, Airline, and Utility, all MSPs like Kaseya, as well as organizations, should adopt a risk-based approach to become resilient against more ransomware attacks.<\/p>\n<p dir=\"ltr\" style=\"text-align: justify;\">Securin\u2019s in-depth research helps organizations become more resilient against ransomware. We recommend organizations get a <a href=\"https:\/\/cybersecurityworks.com\/get-quote.php\" target=\"_blank\" rel=\"noopener\">Ransomware Assessment<\/a> done to know the gaps, understand the exposure, and become resilient to ransomware attacks in the future.<\/p>\n<p style=\"text-align: justify;\"><strong>{Updated on September 01, 2021}<\/strong>: Since July 26, 2021, news about three new zero-day vulnerabilities in Kaseya Unitrends Service, a backup and recovery add-on for Kaseya VSA, has been doing the rounds. While the vulnerability details are yet to be publicly disclosed, Kaseya has issued a patch to <a href=\"https:\/\/csirt.divd.nl\/2021\/08\/26\/Kaseya-Unitrends-update\/\">mitigate<\/a> two of these vulnerabilities with its latest server software version 10.5.5-2. As a workaround for the third client-side vulnerability, Unitrends has released firewall rules. Users are advised to act on these immediately to avoid becoming a victim of future attacks.<\/p>\n<p style=\"text-align: justify;\"><strong>{Updated on September 24, 2021}<\/strong>: After mysteriously <a href=\"https:\/\/www.darkreading.com\/attacks-breaches\/revil-ransomware-group-s-sudden-re-emergence-sparks-concerns\">coming back to life<\/a> following a hiatus of almost two months, the REvil ransomware gang was back in <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/revil-ransomware-is-back-in-full-attack-mode-and-leaking-data\/\">full attack mode<\/a> by mid-September. Initially, it went after two <a href=\"https:\/\/www.hackread.com\/revil-gang-hits-uk-itsps-ransom-ddos-attacks\/\">ITSPs<\/a> in the UK, primarily VoIP Unlimited and Voipfone, on August 31, 2021, before carrying out a <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/voipms-phone-services-disrupted-by-ddos-extortion-attack\/\">full-blown DDoS attack<\/a> on VoIP.ms with a ransom demand of 100 bitcoins (approximately $4.3 million).<\/p>\n<p style=\"text-align: justify;\"><strong>{Updated on October 04, 2021}<\/strong>: On September 25, 2021, another Voice over Internet Protocol (VoIP) provider, Bandwidth.com, was taken down by a DDoS attack similar to VoIP.ms a few weeks back. The attackers identified themselves as &#8220;REvil.&#8221; However, it is still uncertain if they are affiliates, an impersonator group, or the original REvil gang. The frequency of attacks made by impersonator groups has been an interesting and recent trend that we need to watch out for.<\/p>\n<p style=\"text-align: justify;\"><strong>{Updated on October 28, 2021}<\/strong>: With the US government leading a global law enforcement effort to fight ransomware attacks, a <a href=\"https:\/\/www.securityweek.com\/revil-ransomware-gang-hit-law-enforcement-hack-back-operation\">hack-back operation<\/a> on the REvil ransomware gang was successfully carried out by a government-backed operator on October 22, 2021.<\/p>\n<p style=\"text-align: justify;\">During the operation, the ransomware\u2019s Tor servers and public-shaming blogs were seized. In the wake of the hack-back, threat hunters noticed that the REvil gang was using the <a href=\"https:\/\/cybersecurityworks.com\/blog\/ransomware\/darkside-ransomware-threat-associations-unearthed.html\">Darkside ransomware<\/a> encryption tool for its human-operated ransomware attacks. Competing ransomware groups responded to the takedown by <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/darkside-ransomware-rushes-to-cash-out-7-million-in-bitcoin\/\">moving their cryptocurrency<\/a> reserves.<\/p>\n<p><strong>Securin&#8217;s researchers noted that the REvil gang had developed new tactics and attack patterns ever since it came back to life, probably to account for the universal REvil decryption key that was revealed after the <a href=\"https:\/\/cybersecurityworks.com\/blog\/ransomware\/kaseya-vsa-downed-by-revil-in-monumental-supply-chain-attack.html\">Kaseya attack<\/a> in July 2021. An updated infographic is posted below.<\/strong><\/p>\n<p>&nbsp;<\/p>\n<p><img decoding=\"async\" src=\"https:\/\/lh3.googleusercontent.com\/bxX3SN5P23q-1v0q0dIbCijwX2U2rQXx1OV-tv9Vy6K1vNDeelAeD92xynTfu57K6jUqVFhPpL7__oagkg-cXSo6UNPuPsPENlV16nz-ENoPAB9knTP6nXOjTPBOe9_WsF61ArfY\" \/><\/p>\n","protected":false},"excerpt":{"rendered":"<p>REvil&#8217;s monumental supply-chain attack on 3 July 2021 affected 1500 companies and opened a path for third-party attack onslaughts. What else does REvil\u2019s historic supply-chain attack portend?<\/p>\n","protected":false},"author":1,"featured_media":7522,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"content-type":""},"categories":[82,80,81,117],"tags":[352,341,381,379,380,357,91,355,139],"acf":[],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/10.42.32.162\/wp-json\/wp\/v2\/posts\/7521"}],"collection":[{"href":"https:\/\/10.42.32.162\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/10.42.32.162\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/10.42.32.162\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/10.42.32.162\/wp-json\/wp\/v2\/comments?post=7521"}],"version-history":[{"count":4,"href":"https:\/\/10.42.32.162\/wp-json\/wp\/v2\/posts\/7521\/revisions"}],"predecessor-version":[{"id":14485,"href":"https:\/\/10.42.32.162\/wp-json\/wp\/v2\/posts\/7521\/revisions\/14485"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/10.42.32.162\/wp-json\/wp\/v2\/media\/7522"}],"wp:attachment":[{"href":"https:\/\/10.42.32.162\/wp-json\/wp\/v2\/media?parent=7521"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/10.42.32.162\/wp-json\/wp\/v2\/categories?post=7521"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/10.42.32.162\/wp-json\/wp\/v2\/tags?post=7521"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}