{"id":132008,"date":"2025-11-03T10:18:25","date_gmt":"2025-11-03T10:18:25","guid":{"rendered":"https:\/\/cybersecuritynews.com\/?p=132008"},"modified":"2025-11-03T10:18:29","modified_gmt":"2025-11-03T10:18:29","slug":"new-operation-skycloak-uses-powershell-tools","status":"publish","type":"post","link":"https:\/\/cybersecuritynews.com\/new-operation-skycloak-uses-powershell-tools\/","title":{"rendered":"New Operation SkyCloak Uses Powershell Tools and Hidden SSH Service to Unblock Traffic"},"content":{"rendered":"\n

A sophisticated campaign targeting military personnel across Russia and Belarus has emerged, deploying a complex multi-stage infection chain that establishes covert remote access through Tor-based infrastructure.<\/p>\n\n\n\n

Operation SkyCloak represents a stealth-oriented intrusion effort aimed at the Russian Airborne Forces and Belarusian Special Forces, utilizing legitimate OpenSSH binaries and obfs4 bridges to mask communication channels while maintaining persistence on compromised systems.<\/p>\n\n\n\n

The attack begins with phishing archives containing shortcut files disguised with double extensions, masquerading as official military documents.<\/p>\n\n\n\n

The first lure mimics a nomination letter from Military Unit 71289, referencing the 83rd Separate Guards Airborne Assault Brigade stationed in Ussuriysk.<\/p>\n\n\n\n

The second decoy targets Belarusian Special Forces personnel with training notifications for Military Unit 89417, the 5th Separate Spetsnaz Brigade located near Minsk.<\/p>\n\n\n\n

These carefully crafted documents were weaponized in late September 2025, with archive files uploaded from Belarus between October 15 and October 21.<\/p>\n\n\n\n

Once executed, the shortcut files trigger PowerShell<\/a> commands that initiate a sophisticated dropper mechanism.<\/p>\n\n\n\n

The malware extracts nested archive files into directories with cryptic naming schemes such as %APPDATA%\\dynamicUpdatingHashingScalingContext<\/code> and %USERPROFILE%\\Downloads\\incrementalStreamingMerging<\/code>.<\/p>\n\n\n\n

The multi-stage extraction process deploys payloads into hidden folders including $env:APPDATA\\logicpro<\/code> or $env:APPDATA\\reaper<\/code>, containing multiple executables, XML configuration files, decoy PDFs, and supporting DLLs.<\/p>\n\n\n

\n
\"\"
Infection Chain (Source – Seqrite)<\/figcaption><\/figure><\/div>\n\n\n

Seqrite analysts identified<\/a> this campaign as part of a broader pattern of operations targeting Russian defense infrastructure, noting similarities to previous attacks such as HollowQuill and CargoTalon.<\/p>\n\n\n\n

The researchers observed that the malware employs sophisticated anti-analysis techniques to evade sandbox detection<\/a>, including checks for legitimate user activity by verifying the presence of more than ten shortcut files in the Windows Recent folder and ensuring process counts exceed 50 before proceeding with execution.<\/p>\n\n\n\n

PowerShell Execution and Persistence Mechanisms<\/strong><\/h2>\n\n\n\n

The PowerShell stage implements multiple evasion and persistence<\/a> tactics to ensure long-term access to compromised systems.<\/p>\n\n\n\n

The script creates a mutex to prevent multiple instances from running simultaneously, then registers scheduled tasks through XML configuration files that establish daily execution triggers starting at 2025-09-25T01:41:00-08:00.<\/p>\n\n\n\n

These tasks are configured to run hidden, even when the computer is idle, without network connectivity, and with no execution time limits.<\/p>\n\n\n\n

The malware deploys legitimate “OpenSSH for Windows” binaries compiled on December 13, 2023, including githubdesktop.exe<\/code> and googlemaps.exe<\/code> as SSH daemons, along with ssh-shellhost.exe<\/code> for interactive sessions and libcrypto.dll<\/code> for encryption functions.<\/p>\n\n\n\n

Configuration files specify non-standard port 20321 for SSH services, disable password authentication, and require public key authentication using files with obfuscated names like redundantOptimizingInstanceVariableLogging<\/code> and incrementalMergingIncrementalImmutableProtocol<\/code>.<\/p>\n\n\n\n

The campaign exposes multiple services through Tor<\/a> hidden services, including SSH on port 20322, SMB on port 11435, RDP on port 13893, and additional custom ports.<\/p>\n\n\n\n

Communication occurs through obfs4 pluggable transports using binaries named confluence.exe<\/code> and rider.exe<\/code>, which connect to bridge endpoints at 77.20.116.133:8080 and 156.67.24.239:33333.<\/p>\n\n\n\n

The malware generates identification beacons formatted as <username>:<onion-address>:3-yeeifyem<\/code> and transmits them through the local Tor SOCKS listener on port 9050, waiting for the onion address yuknkap4im65njr3tlprnpqwj4h7aal4hrn2tdieg75rpp6fx25hqbyd.onion<\/code> to become available before establishing persistent communication channels.<\/p>\n\n\n\n

Follow us on\u00a0Google News<\/a>,\u00a0LinkedIn<\/a>,\u00a0and\u00a0X<\/a>\u00a0to Get More Instant Updates<\/strong>,\u00a0Set CSN as a Preferred Source in\u00a0Google<\/a>.<\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"

A sophisticated campaign targeting military personnel across Russia and Belarus has emerged, deploying a complex multi-stage infection chain that establishes covert remote access through Tor-based infrastructure. Operation SkyCloak represents a stealth-oriented intrusion effort aimed at the Russian Airborne Forces and Belarusian Special Forces, utilizing legitimate OpenSSH binaries and obfs4 bridges to mask communication channels while […]<\/p>\n","protected":false},"author":6,"featured_media":132054,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhte0ChGAfja2fba5mr7sonulVm6Gm1BsZUJtVwTMM2AGYbmmmu71dvAhaf6X0_W_wuOgFs9UVxFUjY1bButWUcldAITk_fvUnmWw0pPZHf9Z43c153RYbMtjmSrf_plU_qctCulY5xh7x285bBtkUJg19SqFyq3XzMV-C_-0sL56izQLLQF-Ae_qp9tiU\/s16000\/New%20Operation%20SkyCloak%20Uses%20Powershell%20Tools%20and%20Hidden%20SSH%20Service%20to%20Unblock%20Traffic.webp","fifu_image_alt":"","_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[11,48],"tags":[149,151],"class_list":{"0":"post-132008","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-cyber-security-news","8":"category-threats","9":"tag-cyber-security","10":"tag-cyber-security-news"},"yoast_head":"\nNew Operation SkyCloak Uses Powershell Tools and Hidden SSH Service to Unblock Traffic<\/title>\n<meta name=\"description\" content=\"Operation SkyCloak hits Russian and Belarusian military with Tor-based malware using fake military docs to establish hidden remote access.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/cybersecuritynews.com\/new-operation-skycloak-uses-powershell-tools\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"New Operation SkyCloak Uses Powershell Tools and Hidden SSH Service to Unblock Traffic\" \/>\n<meta property=\"og:description\" content=\"Operation SkyCloak hits Russian and Belarusian military with Tor-based malware using fake military docs to establish hidden remote access.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/cybersecuritynews.com\/new-operation-skycloak-uses-powershell-tools\/\" \/>\n<meta property=\"og:site_name\" content=\"Cyber Security News\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/Hackingtutorialsandnews\" \/>\n<meta property=\"article:published_time\" content=\"2025-11-03T10:18:25+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-11-03T10:18:29+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhte0ChGAfja2fba5mr7sonulVm6Gm1BsZUJtVwTMM2AGYbmmmu71dvAhaf6X0_W_wuOgFs9UVxFUjY1bButWUcldAITk_fvUnmWw0pPZHf9Z43c153RYbMtjmSrf_plU_qctCulY5xh7x285bBtkUJg19SqFyq3XzMV-C_-0sL56izQLLQF-Ae_qp9tiU\/s16000\/New%20Operation%20SkyCloak%20Uses%20Powershell%20Tools%20and%20Hidden%20SSH%20Service%20to%20Unblock%20Traffic.webp\" \/><meta property=\"og:image\" content=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhte0ChGAfja2fba5mr7sonulVm6Gm1BsZUJtVwTMM2AGYbmmmu71dvAhaf6X0_W_wuOgFs9UVxFUjY1bButWUcldAITk_fvUnmWw0pPZHf9Z43c153RYbMtjmSrf_plU_qctCulY5xh7x285bBtkUJg19SqFyq3XzMV-C_-0sL56izQLLQF-Ae_qp9tiU\/s16000\/New%20Operation%20SkyCloak%20Uses%20Powershell%20Tools%20and%20Hidden%20SSH%20Service%20to%20Unblock%20Traffic.webp\" \/>\n\t<meta property=\"og:image:width\" content=\"1600\" \/>\n\t<meta property=\"og:image:height\" content=\"900\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Tushar Subhra Dutta\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhte0ChGAfja2fba5mr7sonulVm6Gm1BsZUJtVwTMM2AGYbmmmu71dvAhaf6X0_W_wuOgFs9UVxFUjY1bButWUcldAITk_fvUnmWw0pPZHf9Z43c153RYbMtjmSrf_plU_qctCulY5xh7x285bBtkUJg19SqFyq3XzMV-C_-0sL56izQLLQF-Ae_qp9tiU\/s16000\/New%20Operation%20SkyCloak%20Uses%20Powershell%20Tools%20and%20Hidden%20SSH%20Service%20to%20Unblock%20Traffic.webp\" \/>\n<meta name=\"twitter:creator\" content=\"@The_Cyber_News\" \/>\n<meta name=\"twitter:site\" content=\"@The_Cyber_News\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Tushar Subhra Dutta\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"New Operation SkyCloak Uses Powershell Tools and Hidden SSH Service to Unblock Traffic","description":"Operation SkyCloak hits Russian and Belarusian military with Tor-based malware using fake military docs to establish hidden remote access.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/cybersecuritynews.com\/new-operation-skycloak-uses-powershell-tools\/","og_locale":"en_US","og_type":"article","og_title":"New Operation SkyCloak Uses Powershell Tools and Hidden SSH Service to Unblock Traffic","og_description":"Operation SkyCloak hits Russian and Belarusian military with Tor-based malware using fake military docs to establish hidden remote access.","og_url":"https:\/\/cybersecuritynews.com\/new-operation-skycloak-uses-powershell-tools\/","og_site_name":"Cyber Security News","article_publisher":"https:\/\/www.facebook.com\/Hackingtutorialsandnews","article_published_time":"2025-11-03T10:18:25+00:00","article_modified_time":"2025-11-03T10:18:29+00:00","og_image":[{"url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhte0ChGAfja2fba5mr7sonulVm6Gm1BsZUJtVwTMM2AGYbmmmu71dvAhaf6X0_W_wuOgFs9UVxFUjY1bButWUcldAITk_fvUnmWw0pPZHf9Z43c153RYbMtjmSrf_plU_qctCulY5xh7x285bBtkUJg19SqFyq3XzMV-C_-0sL56izQLLQF-Ae_qp9tiU\/s16000\/New%20Operation%20SkyCloak%20Uses%20Powershell%20Tools%20and%20Hidden%20SSH%20Service%20to%20Unblock%20Traffic.webp","type":"","width":"","height":""},{"width":1600,"height":900,"url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhte0ChGAfja2fba5mr7sonulVm6Gm1BsZUJtVwTMM2AGYbmmmu71dvAhaf6X0_W_wuOgFs9UVxFUjY1bButWUcldAITk_fvUnmWw0pPZHf9Z43c153RYbMtjmSrf_plU_qctCulY5xh7x285bBtkUJg19SqFyq3XzMV-C_-0sL56izQLLQF-Ae_qp9tiU\/s16000\/New%20Operation%20SkyCloak%20Uses%20Powershell%20Tools%20and%20Hidden%20SSH%20Service%20to%20Unblock%20Traffic.webp","type":"image\/jpeg"}],"author":"Tushar Subhra Dutta","twitter_card":"summary_large_image","twitter_image":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhte0ChGAfja2fba5mr7sonulVm6Gm1BsZUJtVwTMM2AGYbmmmu71dvAhaf6X0_W_wuOgFs9UVxFUjY1bButWUcldAITk_fvUnmWw0pPZHf9Z43c153RYbMtjmSrf_plU_qctCulY5xh7x285bBtkUJg19SqFyq3XzMV-C_-0sL56izQLLQF-Ae_qp9tiU\/s16000\/New%20Operation%20SkyCloak%20Uses%20Powershell%20Tools%20and%20Hidden%20SSH%20Service%20to%20Unblock%20Traffic.webp","twitter_creator":"@The_Cyber_News","twitter_site":"@The_Cyber_News","twitter_misc":{"Written by":"Tushar Subhra Dutta","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"NewsArticle","@id":"https:\/\/cybersecuritynews.com\/new-operation-skycloak-uses-powershell-tools\/#article","isPartOf":{"@id":"https:\/\/cybersecuritynews.com\/new-operation-skycloak-uses-powershell-tools\/"},"author":{"name":"Tushar Subhra Dutta","@id":"https:\/\/cybersecuritynews.com\/#\/schema\/person\/7eb7d8d026aa5dd566f134d4def5c05c"},"headline":"New Operation SkyCloak Uses Powershell Tools and Hidden SSH Service to Unblock Traffic","datePublished":"2025-11-03T10:18:25+00:00","dateModified":"2025-11-03T10:18:29+00:00","mainEntityOfPage":{"@id":"https:\/\/cybersecuritynews.com\/new-operation-skycloak-uses-powershell-tools\/"},"wordCount":494,"publisher":{"@id":"https:\/\/cybersecuritynews.com\/#organization"},"image":{"@id":"https:\/\/cybersecuritynews.com\/new-operation-skycloak-uses-powershell-tools\/#primaryimage"},"thumbnailUrl":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhte0ChGAfja2fba5mr7sonulVm6Gm1BsZUJtVwTMM2AGYbmmmu71dvAhaf6X0_W_wuOgFs9UVxFUjY1bButWUcldAITk_fvUnmWw0pPZHf9Z43c153RYbMtjmSrf_plU_qctCulY5xh7x285bBtkUJg19SqFyq3XzMV-C_-0sL56izQLLQF-Ae_qp9tiU\/s16000\/New%20Operation%20SkyCloak%20Uses%20Powershell%20Tools%20and%20Hidden%20SSH%20Service%20to%20Unblock%20Traffic.webp?w=1600&resize=1600,900&ssl=1","keywords":["cyber security","cyber security news"],"articleSection":["Cyber Security News","Threats"],"inLanguage":"en-US","copyrightYear":"2025","copyrightHolder":{"@id":"https:\/\/cybersecuritynews.com\/#organization"}},{"@type":"WebPage","@id":"https:\/\/cybersecuritynews.com\/new-operation-skycloak-uses-powershell-tools\/","url":"https:\/\/cybersecuritynews.com\/new-operation-skycloak-uses-powershell-tools\/","name":"New Operation SkyCloak Uses Powershell Tools and Hidden SSH Service to Unblock Traffic","isPartOf":{"@id":"https:\/\/cybersecuritynews.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/cybersecuritynews.com\/new-operation-skycloak-uses-powershell-tools\/#primaryimage"},"image":{"@id":"https:\/\/cybersecuritynews.com\/new-operation-skycloak-uses-powershell-tools\/#primaryimage"},"thumbnailUrl":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhte0ChGAfja2fba5mr7sonulVm6Gm1BsZUJtVwTMM2AGYbmmmu71dvAhaf6X0_W_wuOgFs9UVxFUjY1bButWUcldAITk_fvUnmWw0pPZHf9Z43c153RYbMtjmSrf_plU_qctCulY5xh7x285bBtkUJg19SqFyq3XzMV-C_-0sL56izQLLQF-Ae_qp9tiU\/s16000\/New%20Operation%20SkyCloak%20Uses%20Powershell%20Tools%20and%20Hidden%20SSH%20Service%20to%20Unblock%20Traffic.webp?w=1600&resize=1600,900&ssl=1","datePublished":"2025-11-03T10:18:25+00:00","dateModified":"2025-11-03T10:18:29+00:00","description":"Operation SkyCloak hits Russian and Belarusian military with Tor-based malware using fake military docs to establish hidden remote access.","breadcrumb":{"@id":"https:\/\/cybersecuritynews.com\/new-operation-skycloak-uses-powershell-tools\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/cybersecuritynews.com\/new-operation-skycloak-uses-powershell-tools\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/cybersecuritynews.com\/new-operation-skycloak-uses-powershell-tools\/#primaryimage","url":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhte0ChGAfja2fba5mr7sonulVm6Gm1BsZUJtVwTMM2AGYbmmmu71dvAhaf6X0_W_wuOgFs9UVxFUjY1bButWUcldAITk_fvUnmWw0pPZHf9Z43c153RYbMtjmSrf_plU_qctCulY5xh7x285bBtkUJg19SqFyq3XzMV-C_-0sL56izQLLQF-Ae_qp9tiU\/s16000\/New%20Operation%20SkyCloak%20Uses%20Powershell%20Tools%20and%20Hidden%20SSH%20Service%20to%20Unblock%20Traffic.webp?w=1600&resize=1600,900&ssl=1","contentUrl":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhte0ChGAfja2fba5mr7sonulVm6Gm1BsZUJtVwTMM2AGYbmmmu71dvAhaf6X0_W_wuOgFs9UVxFUjY1bButWUcldAITk_fvUnmWw0pPZHf9Z43c153RYbMtjmSrf_plU_qctCulY5xh7x285bBtkUJg19SqFyq3XzMV-C_-0sL56izQLLQF-Ae_qp9tiU\/s16000\/New%20Operation%20SkyCloak%20Uses%20Powershell%20Tools%20and%20Hidden%20SSH%20Service%20to%20Unblock%20Traffic.webp?w=1600&resize=1600,900&ssl=1","width":"1600","height":"900"},{"@type":"BreadcrumbList","@id":"https:\/\/cybersecuritynews.com\/new-operation-skycloak-uses-powershell-tools\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/cybersecuritynews.com\/"},{"@type":"ListItem","position":2,"name":"New Operation SkyCloak Uses Powershell Tools and Hidden SSH Service to Unblock Traffic"}]},{"@type":"WebSite","@id":"https:\/\/cybersecuritynews.com\/#website","url":"https:\/\/cybersecuritynews.com\/","name":"Cyber Security News","description":"World's #1 Premier Cybersecurity and Hacking News Portal","publisher":{"@id":"https:\/\/cybersecuritynews.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/cybersecuritynews.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/cybersecuritynews.com\/#organization","name":"Cyber Security News","url":"https:\/\/cybersecuritynews.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/cybersecuritynews.com\/#\/schema\/logo\/image\/","url":"https:\/\/cybersecuritynews.com\/wp-content\/uploads\/2021\/06\/Cyber-security.jpg","contentUrl":"https:\/\/cybersecuritynews.com\/wp-content\/uploads\/2021\/06\/Cyber-security.jpg","width":200,"height":200,"caption":"Cyber Security News"},"image":{"@id":"https:\/\/cybersecuritynews.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/Hackingtutorialsandnews","https:\/\/x.com\/The_Cyber_News","https:\/\/www.linkedin.com\/company\/cybersecurity-news\/"]},{"@type":"Person","@id":"https:\/\/cybersecuritynews.com\/#\/schema\/person\/7eb7d8d026aa5dd566f134d4def5c05c","name":"Tushar Subhra Dutta","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/cybersecuritynews.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/f8bc0247220c7d4dea6c8b5a77d910613305ead17b13c2a7920b400435a848dd?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f8bc0247220c7d4dea6c8b5a77d910613305ead17b13c2a7920b400435a848dd?s=96&d=mm&r=g","caption":"Tushar Subhra Dutta"},"description":"Tushar is a senior cybersecurity and breach reporter. He specializes in covering cybersecurity news, trends, and emerging threats, data breaches, and malware attacks. With years of experience, he brings clarity and depth to complex security topics.","url":"https:\/\/cybersecuritynews.com\/author\/tushar\/"}]}},"jetpack_featured_media_url":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhte0ChGAfja2fba5mr7sonulVm6Gm1BsZUJtVwTMM2AGYbmmmu71dvAhaf6X0_W_wuOgFs9UVxFUjY1bButWUcldAITk_fvUnmWw0pPZHf9Z43c153RYbMtjmSrf_plU_qctCulY5xh7x285bBtkUJg19SqFyq3XzMV-C_-0sL56izQLLQF-Ae_qp9tiU\/s16000\/New%20Operation%20SkyCloak%20Uses%20Powershell%20Tools%20and%20Hidden%20SSH%20Service%20to%20Unblock%20Traffic.webp?w=1600&resize=1600,900&ssl=1","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/posts\/132008","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/comments?post=132008"}],"version-history":[{"count":1,"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/posts\/132008\/revisions"}],"predecessor-version":[{"id":132053,"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/posts\/132008\/revisions\/132053"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/media\/132054"}],"wp:attachment":[{"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/media?parent=132008"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/categories?post=132008"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/tags?post=132008"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}