{"id":7524,"date":"2021-07-08T20:10:36","date_gmt":"2021-07-09T03:10:36","guid":{"rendered":"https:\/\/webdev.securin.xyz\/?p=7524"},"modified":"2023-04-05T12:39:09","modified_gmt":"2023-04-05T19:39:09","slug":"back-to-back-air-india-attacks-indicating-more-than-just-a-data-breach","status":"publish","type":"post","link":"https:\/\/10.42.32.162\/articles\/back-to-back-air-india-attacks-indicating-more-than-just-a-data-breach\/","title":{"rendered":"Back-to-Back Air India Attacks Indicating More than Just a Data Breach?"},"content":{"rendered":"<blockquote>\n<p style=\"text-align: justify;\">The airline industry is on the brink of a supply chain attack from threat groups like APT41. Here is our analysis of the vulnerabilities that APT41 uses for such attacks.<\/p>\n<\/blockquote>\n<p style=\"text-align: justify;\">In early June 2021, Air India disclosed a <a href=\"https:\/\/thehackernews.com\/2021\/06\/chinese-hackers-believed-to-be-behind.html?utm_source=feedburner&amp;utm_medium=feed&amp;utm_campaign=Feed%3A+TheHackersNews+%28The+Hackers+News+-+Cyber+Security+Blog%29&amp;_m=3n.009a.2504.oj0ao0f5hj.1l4q\" target=\"_blank\" rel=\"noopener\">cyber assault<\/a> on its network that began in February 2021, two months before the attack was identified. This disclosure came in the wake of a data breach announced in May 2021 as a result of an attack on <a href=\"https:\/\/www.cnbctv18.com\/aviation\/china-backed-apt41-behind-sita-and-air-india-cyber-attacks-9634641.htm\" target=\"_blank\" rel=\"noopener\">SITA<\/a>\u2014an air travel solutions software popularly used by 90% of the world\u2019s travel industry.<\/p>\n<p style=\"text-align: justify;\">The events compromised around 10 years&#8217; worth of data, with the personal information and credit card details of 4.5 million passengers exposed to the dark web. The attacks were traced back to a Chinese state-sponsored APT group, APT41, although the events are believed to be two separate incidents.<\/p>\n<h2><strong>Could Air India Have Avoided the Attacks?<\/strong><\/h2>\n<p><strong>According to our research findings, there are 20 vulnerabilities associated with the APT41 threat group. If these vulnerabilities had been patched, both attacks could have been avoided.<\/strong><\/p>\n<blockquote>\n<p dir=\"ltr\">Securin warned about 15 of these vulnerabilities as part of its <a href=\"https:\/\/cybersecurityworks.com\/cyber-risk-series\/\" target=\"_blank\" rel=\"noopener\">Cyber Risk in Working Remotely<\/a> (June 2020) and <a href=\"https:\/\/cybersecurityworks.com\/ransomware\/\" target=\"_blank\" rel=\"noopener\">Ransomware Reports<\/a> published in February and May 2021.<\/p>\n<\/blockquote>\n<h2 dir=\"ltr\"><strong>APT41\u2014Analysis<\/strong><\/h2>\n<p dir=\"ltr\" style=\"text-align: justify;\">We have been tracking Advanced Persistent Threat (APT) groups, their tactics and techniques, and the vulnerabilities they use to target their victims. Here are our findings.<\/p>\n<p dir=\"ltr\" style=\"text-align: justify;\"><strong>The threat actor behind the Air India and SITA attacks, APT41, has been out in the open since October 2012 and is of Chinese origin. It is also known as Bronze Atlas, Red Kelpie, Wicked Panda, Blackfly, Winnti, or Barium, and our research has uncovered 20 vulnerabilities that APT41 exploits to mount attacks.\u00a0\u00a0<\/strong><\/p>\n<blockquote>\n<p dir=\"ltr\" style=\"text-align: justify;\">The analysis by Securin&#8217;s researchers indicates that the APT41 group prefers victim-specific multistage attacks, favoring the use of the Maze ransomware to take control and create maximum disruption.<\/p>\n<\/blockquote>\n<table class=\"aligncenter\" style=\"width: 728px;\" border=\"1\" cellspacing=\"1\" cellpadding=\"1\" align=\"center\">\n<tbody>\n<tr>\n<td>\n<h2 style=\"text-align: center;\"><strong>\u00a0 \u00a0 \u00a0APT41\u2014Cheat Sheet<\/strong><\/h2>\n<ul>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" style=\"text-align: left;\" role=\"presentation\"><strong>Exploits<\/strong><\/p>\n<ul>\n<li aria-level=\"1\">\n<p dir=\"ltr\" style=\"text-align: justify;\" role=\"presentation\">All 20 CVEs are weaponized.<\/p>\n<\/li>\n<li style=\"text-align: justify;\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\">Two of these vulnerabilities have both Remote Code Execution (RCE) and Privilege Escalation (PE) capabilities.<\/p>\n<\/li>\n<li style=\"text-align: justify;\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\">Sixteen vulnerabilities are linked to RCE exploits, making them critical for patches.<\/p>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<ul style=\"text-align: justify;\">\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\"><strong>Severity Scores\u00a0<\/strong><\/p>\n<ul>\n<li dir=\"ltr\" aria-level=\"2\">\n<p dir=\"ltr\" role=\"presentation\">Nine vulnerabilities are critical according to CVSS V3 rating, with scores of 9.8 and above.<\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"2\">\n<p dir=\"ltr\" role=\"presentation\">Eight vulnerabilities fall under the high severity bracket.<\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"2\">\n<p dir=\"ltr\" role=\"presentation\">CVE-2017-0213 has a medium severity score of 4.7 based on CVSS V3 but has associated exploits.<\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"2\">\n<p dir=\"ltr\" role=\"presentation\">This indicates a need to approach vulnerabilities with associated risks while prioritizing them for patches rather than focusing only on the severity.<\/p>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<ul style=\"text-align: justify;\">\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\"><strong>The Year of Discovery<\/strong><\/p>\n<ul>\n<li dir=\"ltr\" aria-level=\"2\">\n<p dir=\"ltr\" role=\"presentation\">There are 16 vulnerabilities that were discovered in 2020 and earlier, of which six are recently trending. This includes a vulnerability as old as 2012, CVE-2012-0158.<\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"2\">\n<p dir=\"ltr\" role=\"presentation\">Interestingly, CVE-2012-0158 was listed as one of the Department of Homeland Security&#8217;s <a href=\"https:\/\/us-cert.cisa.gov\/ncas\/alerts\/TA15-119A\" target=\"_blank\" rel=\"noopener\">Top 30 Targeted High-Risk Vulnerabilities<\/a>\/Top 30 Most Commonly Exploited Vulnerabilities. CISA also listed this in the Top 10 Routinely Exploited Vulnerabilities in 2020.<\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"2\">\n<p dir=\"ltr\" role=\"presentation\">The list includes four new vulnerabilities identified in March 2021, three of which are currently trending.<\/p>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<ul style=\"text-align: justify;\">\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\"><strong>Products and Vendors<\/strong><\/p>\n<ul>\n<li dir=\"ltr\" aria-level=\"2\">\n<p dir=\"ltr\" role=\"presentation\">Eleven of these vulnerabilities exist across Microsoft products.<\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"2\">\n<p dir=\"ltr\" role=\"presentation\">Multiple groups have repeatedly exploited a Citrix vulnerability (CVE-2019-19781) and another Pulse Secure vulnerability (CVE-2019-11510)\u2014pet favorites of threat actors.<\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"2\">\n<p dir=\"ltr\" role=\"presentation\">A notable mention is CVE-2020-10189,10189, which exists in versions of the Zoho Corp ManageEngine Desktop Central, a Saas-based endpoint management solution. We have observed threat actors increasingly exploiting vulnerabilities in SaaS products, a trend that was recorded in Securin\u2019s <a href=\"https:\/\/www.cybersecurityworks.com\/resources\/whitepapers\/ransomware-2021-spotlight-report-through-the-lens-of-threat-and-vulnerability-management.html\" target=\"_blank\" rel=\"noopener\">Ransomware Spotlight Report<\/a>.<\/p>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p dir=\"ltr\" style=\"text-align: justify;\"><img decoding=\"async\" class=\"aligncenter\" style=\"height: 100px; width: 500px;\" src=\"https:\/\/lh6.googleusercontent.com\/66CBacWEr2TRMkcsnQoAqNI44_LYEaUawv04R6lf9m1uUnG8TWmdUa7AqtFs_s3U_Z5zwYDbequJa3FXtagl0kZ4Y2vtS70VOlXUrr_7IqB7EH-OTi6K_zD8D2xFwZys3bnVNmRx\" \/><\/p>\n<ul style=\"text-align: justify;\">\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\"><strong>Patches<\/strong><\/p>\n<ul>\n<li dir=\"ltr\" aria-level=\"2\">\n<p dir=\"ltr\" role=\"presentation\">Ninetten CVEs have patches that ought to be implemented on priority.<\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"2\">\n<p dir=\"ltr\" role=\"presentation\">The list includes CVE-2019-16920, associated with an end-of-life Dlink firmware. The vendors <a href=\"https:\/\/www.fortinet.com\/blog\/threat-research\/d-link-routers-found-vulnerable-rce\" target=\"_blank\" rel=\"noopener\">recommend<\/a> upgrading to the latest device series as soon as possible.<\/p>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<ul style=\"text-align: justify;\">\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\"><strong>Weaknesses<\/strong><\/p>\n<ul>\n<li dir=\"ltr\" aria-level=\"2\">\n<p dir=\"ltr\" role=\"presentation\">The vulnerabilities belong to a mixed bag of weaknesses that result in improper authentication, control, restriction, or the mismanagement of data.<\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"2\">\n<p dir=\"ltr\" role=\"presentation\">Of these, five weaknesses feature in MITRE\u2019s top 10 weaknesses of 2020, three in the top 20, and two CWEs in the top 30 list.<\/p>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h2 dir=\"ltr\" style=\"text-align: justify;\"><strong>Attack Methodology<\/strong><\/h2>\n<p style=\"text-align: justify;\">The seed for the Air India attacks was sown way back in December 2020. The attackers deployed Cobalt Strike payloads after compromising the network, spreading the payload to other devices within 24 hours. The attackers then established persistence, obtained passwords, and began to make their way laterally across the network. At least 20 devices were compromised, one of which was responsible for communicating with the Cobalt Strike payloads since February 2021.<\/p>\n<p style=\"text-align: justify;\">According to <a href=\"https:\/\/www.bankinfosecurity.asia\/report-china-connected-apt41-likely-behind-attacks-on-airlines-a-16873\" target=\"_blank\" rel=\"noopener\">research<\/a>, the attackers exfiltrated NTLM hashes and plaintext passwords from local workstations using hashdump and mimikatz and tried to escalate local privileges with the help of the BadPotato malware.<\/p>\n<h2 style=\"text-align: justify;\"><strong>Global Analysis<\/strong><\/h2>\n<p dir=\"ltr\" style=\"text-align: justify;\">Global exposure analysis of the CVEs using Shodan shows more than 100,000 instances overall that could be vulnerable to attacks by the threat group. CVE-2020-0796, the wormable SMBleeding Ghost vulnerability, exposes over 90,000 deployments across the world to the risk of an attack. This comes as no surprise,surprise, considering it alarmed the cybersecurity community last March with a PoC exploit that targeted millions of Windows devices.<\/p>\n<table style=\"width: 700px;\" border=\"1\" cellspacing=\"1\" cellpadding=\"1\">\n<tbody>\n<tr>\n<td style=\"text-align: center;\"><strong>CVE-2019-11510<\/strong><\/td>\n<td style=\"text-align: center;\"><strong>CVE-2019-1652<\/strong><\/td>\n<\/tr>\n<tr>\n<td style=\"width: 400px;\"><b id=\"docs-internal-guid-04dbf4c5-7fff-a803-e7f3-0b34140acccc\"><img decoding=\"async\" style=\"width: 300px; height: 200px;\" src=\"https:\/\/lh6.googleusercontent.com\/2JkDevqdXnqXLjv47hhbT2wyUX2ur6xwa6NywJM_DHNrLJRgLos-k7hmnB6F7hmq_ZAqIc6DqDFqVmhS5JmldDL_rA3nFhG28qxWxjUTdDaK7pTIcpmbroK6jdgf-3ArsGbyXF33\" \/><\/b><\/td>\n<td style=\"width: 400px;\"><b id=\"docs-internal-guid-a299d443-7fff-4370-9e32-e53330be61dc\"><img decoding=\"async\" style=\"width: 300px; height: 200px;\" src=\"https:\/\/lh5.googleusercontent.com\/8dbqZ_3-6WZ58Ot9rYaORvcpWiCHx539Ev2fzRmxlmQYlom73c6MmHfou_JxJgwhvV0W9SMPbydA2MF_DxwniUICSYMoY3AT86h-nbhVew3N2hBvoFQEMF9mz_OxxqGl9pxGknN8\" \/><\/b><\/td>\n<\/tr>\n<tr>\n<td style=\"width: 400px; text-align: center;\"><strong>CVE-2019-1653<\/strong><\/td>\n<td style=\"width: 400px; text-align: center;\"><strong>CVE-2020-0796<\/strong><\/td>\n<\/tr>\n<tr>\n<td style=\"width: 400px;\"><b id=\"docs-internal-guid-9089fb1f-7fff-3499-7f08-57e67148047b\"><img decoding=\"async\" style=\"width: 300px; height: 200px;\" src=\"https:\/\/lh5.googleusercontent.com\/jEXGv3qzTkMD1Xa7d7xqNijLH_kABTXo1BY8yp8qdsk_bW6WrN24TzP5R2UJJLsOmAIOPqcZT-EHO73WQnEnLKi8gqAOIy7xOHXXiM5IF5FQeeHbvtkJt573XX4G2nlOBUnAWS7_\" \/><\/b><\/td>\n<td style=\"width: 400px;\"><b id=\"docs-internal-guid-ceb19481-7fff-d675-6071-0a190d9faa36\"><img decoding=\"async\" style=\"height: 200px; width: 145px;\" src=\"https:\/\/lh4.googleusercontent.com\/pH18F6mSx1zX5UpnHouB7VK3K-50-OQj3kNDvqupoPuneK0oZ_3oDCq8Ku0wU8V1h8HuLh4jVPr1q19cQfl8XfFMZ9VOrV9tBB-zN37aRDvFTIQNsLvOGp2XfwC4IGmjW_jwbAl7\" \/><\/b><\/td>\n<\/tr>\n<tr>\n<td style=\"width: 400px; text-align: center;\"><strong>CVE-2021-26855<\/strong><\/td>\n<td style=\"text-align: center;\"><strong>CVE-2021-26857<\/strong><\/td>\n<\/tr>\n<tr>\n<td style=\"width: 400px;\"><b id=\"docs-internal-guid-fe4f6d18-7fff-51e5-99aa-fb00e576f3d0\"><img decoding=\"async\" style=\"width: 300px; height: 200px;\" src=\"https:\/\/lh3.googleusercontent.com\/OVwflTykSoryP0FK16bGD9zJEl8ng4wZhnjk6SSlGF7LH-TnWlLP96dMAoCDDcZFa1XKO0alAgWJy8PZSJ-6o4i6kQG7IoXi7EURoQ_nQKgTofLz3xnUuLd2Fz-8NYt8rKWLoHsQ\" \/><\/b><\/td>\n<td style=\"width: 400px;\"><b id=\"docs-internal-guid-8cb51afd-7fff-0992-e6a9-155f57a0100d\"><img decoding=\"async\" style=\"width: 300px; height: 200px;\" src=\"https:\/\/lh5.googleusercontent.com\/KsGnWaGDfoqQ4VZe-nNTXHuKKHaGzjqrulc_a3O4RTmlQzzChGUzmKo4pai1MhQJ8ETY0pIOgqj3uxYwULQ2Cbp-1luJRBzjJgyCKPVv-6M0ILg3tcxHLb9WP7n0IPeYZbkcD1yG\" \/><\/b><\/td>\n<\/tr>\n<tr>\n<td style=\"text-align: center;\"><strong>CVE-2021-26858<\/strong><\/td>\n<td style=\"text-align: center;\"><strong>CVE-2019-19781<\/strong><\/td>\n<\/tr>\n<tr>\n<td style=\"width: 400px;\"><b id=\"docs-internal-guid-49df9bb1-7fff-b732-f9e1-f12633adf0bb\"><img decoding=\"async\" style=\"width: 300px; height: 200px;\" src=\"https:\/\/lh5.googleusercontent.com\/mg62Q6x20XIMTcPODGxKrd3txFN18b7JZoXV4fFB-spf89OjTJt5ksTDzA_n7sFjCMPDApt1Q46LozCmNibV5kyWKVm4HqaVf8DnE5FteVccyqvZP7LVEECHgDZFBpeMRwJ9y6d5\" \/><\/b><\/td>\n<td style=\"width: 400px;\"><b id=\"docs-internal-guid-5069e315-7fff-a9e7-0b0d-00ac6dccd852\"><img decoding=\"async\" style=\"width: 300px; height: 200px;\" src=\"https:\/\/lh6.googleusercontent.com\/pQ6IIai75iGLCTBgmDqYJo9h3C14bIO0K2JVlc4DNObxDSNId9wG1u577wq7DoLcUb9z20QdsIyYLaN7tlz-_eB5nSjmKMN1h1SjaUb_2XKpL5hSAWJGAGowEqNZtXKwn7g25mSZ\" \/><\/b><\/td>\n<\/tr>\n<tr>\n<td style=\"text-align: center;\" colspan=\"2\"><strong>CVE-2021-27065<\/strong><\/td>\n<\/tr>\n<tr>\n<td style=\"width: 400px;\" colspan=\"2\"><b id=\"docs-internal-guid-dca43501-7fff-5799-287d-651355b3191a\"><img decoding=\"async\" class=\"aligncenter\" style=\"width: 350px; height: 248px;\" src=\"https:\/\/lh5.googleusercontent.com\/k_aR312kqs2RhMWa9Up7oQh8qRYdPpd5WapILlO_yoq-3XepHxxchdx2SdhmOK6Wt9zTfWwGJENh55LCJ-8-Ttf-Acn_QW-TmgwDXpjZStLVhyH4kjGDdkzwH0z7W_5NBS7Bi19c\" \/><\/b><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h2><\/h2>\n<h2><strong>MITRE ATT&amp;CK Mapping<\/strong><\/h2>\n<p><img decoding=\"async\" class=\"aligncenter\" style=\"width: 100%; height: 100%;\" src=\"https:\/\/cybersecurityworks.com\/howdymanage\/uploads\/image\/air-india-apt41-mitre-attck-map.png\" alt=\"MITRE ATT&amp;CK Map for APT 41 Air India Attack\" \/><\/p>\n<table style=\"width: 550px;\" border=\"1\" cellspacing=\"1\" cellpadding=\"1\" align=\"center\">\n<tbody>\n<tr>\n<td style=\"text-align: center;\" colspan=\"2\"><strong>IoCs<\/strong><\/td>\n<\/tr>\n<tr>\n<td>\n<p dir=\"ltr\">MD5:<\/p>\n<p dir=\"ltr\">20aebf6e20c46b6bfe44f2828adf3b91<\/p>\n<p dir=\"ltr\">b6b06a95cfeeeeOefe8bc0cd54eac71d<\/p>\n<p dir=\"ltr\">83249cff833182b3299cbd4aac539c9a<\/p>\n<p dir=\"ltr\">143278845a3f5276a1dd5860e7488313<\/p>\n<p dir=\"ltr\">559b7150d936fffe 728092b160c14d28<\/p>\n<p dir=\"ltr\">9337952aa3beOdacfc12898df3180f02<\/p>\n<p dir=\"ltr\">212784cf25fOadfaf9ba46db41c373d5<\/p>\n<p dir=\"ltr\">d414c7ede5a9d6d30e6d3fe547e27484<\/p>\n<p dir=\"ltr\">83e6da9cd8ccf9b0c04f00416b091076<\/p>\n<\/td>\n<td>\n<p dir=\"ltr\">7b501402c843034cd79151257aca189e<\/p>\n<p dir=\"ltr\">69f5c5f67850acdb373ddd106adce48c<\/p>\n<p dir=\"ltr\">b071a62d2dd745743c6de5f115d633b1<\/p>\n<p dir=\"ltr\">019122b1d783646f99c73a3c399cc334<\/p>\n<p dir=\"ltr\">f61dbac694d34c96830f184658610261<\/p>\n<p dir=\"ltr\">fc208a4d04c085edcealec5f402057f9<\/p>\n<p dir=\"ltr\">5528bb928e02926179fca52dd388b1f0<\/p>\n<p dir=\"ltr\">b8ecab09b7bfb42b9ace3666edf867a7<\/p>\n<p dir=\"ltr\">c4be6b466807540a22f62ffa6829540f<\/p>\n<p dir=\"ltr\">a00ab8ac0f11c3fcd5c557729afcbf89<\/p>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h2><\/h2>\n<h2><strong>Good Cyber Hygiene Is the Order of the Day<\/strong><\/h2>\n<p style=\"text-align: justify;\">Researchers have now revealed that Air India\u2019s network (named &#8220;SITASERVER4&#8221;) was compromised in December 2020. After SITA\u2019s disclosure, it has come to light that Star Alliance, One World Airlines, Finnair, Japan Airlines, Jeju Air, Malaysia Airlines, Air New Zealand, Cathay Pacific, Lufthansa, and Singapore Airlines had sensitive customer information published on the dark web. Additionally, the second attack on Air India was uncovered only after two months of infiltration, by which time the attackers had well-penetrated the network.<\/p>\n<p style=\"text-align: justify;\">A supply chain attack on the airline industry could cause a major disruption in the air travel industry\u2014from ticketing to navigation. The disruption could be even more devastating when combined with ransomware, and its ramifications affect the targeted nation. Malicious actors could identify and exploit the travel patterns of prominent individuals, endangering national and international security apparatus. A lack of cyber hygiene on Air India\u2019s part allowed it to be attacked, not once but twice. We urge government entities and organizations in sectors like aviation, military, and defense to take cyber hygiene more seriously and address issues as soon as possible.<\/p>\n<p style=\"text-align: center;\"><a href=\"https:\/\/cybersecurityworks.com\/get-quote.php\" target=\"_blank\" rel=\"noopener\">Organizations can reach out to Securin to improve their security posture.<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>The Airline industry is on the brink of a supply-chain attack from threat groups like APT41. According to our research findings, there are 20 vulnerabilities associated with the APT41 threat group.<\/p>\n","protected":false},"author":1,"featured_media":7525,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"content-type":""},"categories":[82,80,81,123],"tags":[382,383,107,349,352,152,384,357,139],"acf":[],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/10.42.32.162\/wp-json\/wp\/v2\/posts\/7524"}],"collection":[{"href":"https:\/\/10.42.32.162\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/10.42.32.162\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/10.42.32.162\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/10.42.32.162\/wp-json\/wp\/v2\/comments?post=7524"}],"version-history":[{"count":7,"href":"https:\/\/10.42.32.162\/wp-json\/wp\/v2\/posts\/7524\/revisions"}],"predecessor-version":[{"id":14491,"href":"https:\/\/10.42.32.162\/wp-json\/wp\/v2\/posts\/7524\/revisions\/14491"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/10.42.32.162\/wp-json\/wp\/v2\/media\/7525"}],"wp:attachment":[{"href":"https:\/\/10.42.32.162\/wp-json\/wp\/v2\/media?parent=7524"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/10.42.32.162\/wp-json\/wp\/v2\/categories?post=7524"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/10.42.32.162\/wp-json\/wp\/v2\/tags?post=7524"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}