{"id":5446,"date":"2025-11-07T12:43:19","date_gmt":"2025-11-07T12:43:19","guid":{"rendered":"https:\/\/www.purevpn.com\/white-label\/?p=5446"},"modified":"2025-11-07T12:43:21","modified_gmt":"2025-11-07T12:43:21","slug":"inside-the-trufflenet-attack","status":"publish","type":"post","link":"https:\/\/www.purevpn.com\/white-label\/inside-the-trufflenet-attack\/","title":{"rendered":"Inside the TruffleNet Attack: How Stolen AWS Credentials Fueled a Global Cloud Campaign"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_71 ez-toc-wrap-left counter-hierarchy ez-toc-counter ez-toc-transparent ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/www.purevpn.com\/white-label\/inside-the-trufflenet-attack\/#How_the_TruffleNet_Attack_Unfolded\" title=\"How the TruffleNet Attack Unfolded?\">How the TruffleNet Attack Unfolded?<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/www.purevpn.com\/white-label\/inside-the-trufflenet-attack\/#Phase_1_The_credential_breach\" title=\"Phase 1: The credential breach\">Phase 1: The credential breach<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/www.purevpn.com\/white-label\/inside-the-trufflenet-attack\/#Phase_2_Turning_access_into_infrastructure\" title=\"Phase 2: Turning access into infrastructure\">Phase 2: Turning access into infrastructure<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/www.purevpn.com\/white-label\/inside-the-trufflenet-attack\/#Phase_3_Expanding_through_automation\" title=\"Phase 3: Expanding through automation\">Phase 3: Expanding through automation<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/www.purevpn.com\/white-label\/inside-the-trufflenet-attack\/#What_Made_the_TruffleNet_Attack_Different\" title=\"What Made the TruffleNet Attack Different\">What Made the TruffleNet Attack Different<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/www.purevpn.com\/white-label\/inside-the-trufflenet-attack\/#Why_Stolen_AWS_Credentials_are_the_Perfect_Weapon\" title=\"Why Stolen AWS Credentials are the Perfect Weapon\">Why Stolen AWS Credentials are the Perfect Weapon<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/www.purevpn.com\/white-label\/inside-the-trufflenet-attack\/#The_Global_Impact\" title=\"The Global Impact\">The Global Impact<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"https:\/\/www.purevpn.com\/white-label\/inside-the-trufflenet-attack\/#Key_Findings_from_the_TruffleNet_Campaign\" title=\"Key Findings from the TruffleNet Campaign\">Key Findings from the TruffleNet Campaign<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-9\" href=\"https:\/\/www.purevpn.com\/white-label\/inside-the-trufflenet-attack\/#Lessons_for_IT_Leaders_and_Cloud_Administrators\" title=\"Lessons for IT Leaders and Cloud Administrators\">Lessons for IT Leaders and Cloud Administrators<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-10\" href=\"https:\/\/www.purevpn.com\/white-label\/inside-the-trufflenet-attack\/#The_Role_of_Secure_Remote_Access_in_Prevention\" title=\"The Role of Secure Remote Access in Prevention\">The Role of Secure Remote Access in Prevention<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-11\" href=\"https:\/\/www.purevpn.com\/white-label\/inside-the-trufflenet-attack\/#Strengthening_Cloud_Identity_with_PureVPN_White_Label_VPN_Solution\" title=\"Strengthening Cloud Identity with PureVPN White Label VPN Solution\">Strengthening Cloud Identity with PureVPN White Label VPN Solution<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-12\" href=\"https:\/\/www.purevpn.com\/white-label\/inside-the-trufflenet-attack\/#Final_Thoughts\" title=\"Final Thoughts\">Final Thoughts<\/a><\/li><\/ul><\/nav><\/div>\n\n<link href=\"https:\/\/fonts.googleapis.com\/css2?family=Poppins:wght@500;600&#038;display=swap\" rel=\"stylesheet\">\n\n<style>\n  .tldr-box {\n    font-family: 'Poppins', sans-serif;\n    max-width: 800px;\n    margin: 40px auto;\n    background: #F9F7FF;\n    border: 1px solid #D9D2F5;\n    border-radius: 12px;\n    box-shadow: 0 8px 25px rgba(166, 143, 239, 0.08);\n    padding: 25px 30px;\n    display: flex;\n    align-items: flex-start;\n  }\n\n  .tldr-title {\n    font-weight: 700;\n    font-size: 28px;\n    color: #4D3B7A;\n    margin-right: 20px;\n    min-width: 90px;\n    text-align: right;\n  }\n\n  .tldr-content ul {\n    margin: 0;\n    padding-left: 20px;\n    color: #4D3B7A;\n    font-size: 15px;\n    line-height: 1.7;\n  }\n\n  .tldr-content li {\n    margin-bottom: 8px;\n  }\n\n  .tldr-content strong {\n    font-weight: 600;\n    color: #4D3B7A;\n  }\n<\/style>\n\n<div class=\"tldr-box\">\n  <div class=\"tldr-title\">TL;DR<\/div>\n  <div class=\"tldr-content\">\n    <ul>\n      <li>The TruffleNet attack began with stolen AWS credentials, not malware, allowing attackers to exploit trusted cloud infrastructure for large-scale fraud.<\/li>\n      <li>Over 800 hosts were used to validate and abuse AWS SES accounts, turning legitimate email services into phishing and BEC delivery systems.<\/li>\n      <li>Attackers leveraged automation to test and weaponize leaked credentials, demonstrating how identity misuse now outpaces software exploitation.<\/li>\n      <li>Traditional defenses failed because all activity appeared legitimate, emphasizing the need for strict credential hygiene and API monitoring.<\/li>\n      <li>Secure remote access and network-layer controls, such as PureVPN\u2019s White Label VPN Solution, are essential to prevent credential leaks and enforce trusted cloud connections.<\/li>\n    <\/ul>\n  <\/div>\n<\/div>\n\n\n\n\n<p>It did not start with malware or a zero-day exploit. The TruffleNet attack began with something far more ordinary: valid credentials. A set of stolen AWS access keys, quietly circulating online, gave attackers the foothold they needed to turn Amazon\u2019s trusted infrastructure into a global fraud operation.<\/p>\n\n\n\n<p>This wasn\u2019t just another phishing wave. It was a coordinated cloud campaign that exploited legitimate services, proving how attackers now think less about breaking in and more about logging in.<\/p>\n\n\n\n<p>The TruffleNet attack is a lesson in modern credential-based warfare: identity is the new perimeter, and once that line is crossed, traditional defenses become almost meaningless.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"How_the_TruffleNet_Attack_Unfolded\"><\/span>How the TruffleNet Attack Unfolded?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"740\" height=\"420\" src=\"https:\/\/d1jxermyrliwoo.cloudfront.net\/wp-content\/uploads\/2025\/11\/07122726\/image-3-19.png\" alt=\"Diagram showing TruffleNet\u2019s attack flow, reconnaissance servers, abuse servers sending phishing emails via AWS SES, and management nodes.\n\" class=\"wp-image-5448\" srcset=\"https:\/\/d1jxermyrliwoo.cloudfront.net\/wp-content\/uploads\/2025\/11\/07122726\/image-3-19.png 740w, https:\/\/d1jxermyrliwoo.cloudfront.net\/wp-content\/uploads\/2025\/11\/07122726\/image-3-19-705x400.png 705w\" sizes=\"auto, (max-width: 740px) 100vw, 740px\" \/><\/figure>\n\n\n\n<p>The TruffleNet attack, uncovered in October 2025, marks one of the most sophisticated cloud-targeted campaigns of the year. These are the main phases of the attack:&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Phase_1_The_credential_breach\"><\/span>Phase 1: The credential breach<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>The operation began when attackers obtained stolen AWS credentials from exposed repositories, leaked configuration files, or compromised developer accounts. These weren\u2019t admin passwords or brute-forced logins, they were legitimate access keys left unprotected.<\/p>\n\n\n\n<p>With those keys in hand, attackers performed cloud reconnaissance. They started with an innocuous <a href=\"https:\/\/www.purevpn.com\/white-label\/purevpn-apis-documentation-explained-for-developers\/\" target=\"_blank\" rel=\"noreferrer noopener\">API <\/a>call to confirm whether the credentials were valid. Next, they asked AWS SES how many emails that account was allowed to send.<\/p>\n\n\n\n<p>Researchers later traced over<a href=\"https:\/\/www.darkreading.com\/vulnerabilities-threats\/trufflenet-attack-stolen-credentials-aws?\" target=\"_blank\" rel=\"noreferrer noopener nofollow\"> 800 active hosts<\/a> across 57 network ranges participating in this activity. Every one of them played a role in validating, testing, or abusing the stolen AWS credentials.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Phase_2_Turning_access_into_infrastructure\"><\/span>Phase 2: Turning access into infrastructure<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>Once attackers confirmed which AWS accounts had active SES permissions, they moved to weaponize them. Using those permissions, they set up new email identities, configured DKIM authentication, and began sending out realistic vendor invoices, payment requests, and procurement forms.<\/p>\n\n\n\n<p>Because AWS SES is a trusted email platform, messages from these accounts bypassed spam filters with ease. Recipients saw legitimate headers, verified sender domains, and even authentic SPF and DKIM records. That credibility is what made the TruffleNet attack so effective.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Phase_3_Expanding_through_automation\"><\/span>Phase 3: Expanding through automation<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>What made TruffleNet particularly dangerous was its automation. Attackers built scripts to test credentials at scale, scanning the internet for leaked keys and immediately verifying them. Once a working set was found, it was added to the next phase of the campaign.<\/p>\n\n\n\n<p>The entire operation moved like a production pipeline:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Reconnaissance servers<\/strong> identified and validated credentials.<br><\/li>\n\n\n\n<li><strong>Abuse servers<\/strong> sent high-volume email from trusted AWS SES nodes.<br><\/li>\n\n\n\n<li><strong>Management nodes<\/strong> controlled timing, quotas, and domain registrations.<br><\/li>\n<\/ul>\n\n\n\n<p>This wasn\u2019t opportunistic cybercrime. It was industrialized credential abuse.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"What_Made_the_TruffleNet_Attack_Different\"><\/span>What Made the TruffleNet Attack Different<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"740\" height=\"420\" src=\"https:\/\/d1jxermyrliwoo.cloudfront.net\/wp-content\/uploads\/2025\/11\/07122727\/image-3-20.png\" alt=\"Illustration comparing typical cloud breaches with TruffleNet\u2019s credential-based attack using valid logins, trusted AWS infrastructure, distributed systems, and persistent access.\n\" class=\"wp-image-5450\" srcset=\"https:\/\/d1jxermyrliwoo.cloudfront.net\/wp-content\/uploads\/2025\/11\/07122727\/image-3-20.png 740w, https:\/\/d1jxermyrliwoo.cloudfront.net\/wp-content\/uploads\/2025\/11\/07122727\/image-3-20-705x400.png 705w\" sizes=\"auto, (max-width: 740px) 100vw, 740px\" \/><\/figure>\n\n\n\n<p>Most security incidents rely on exploiting software flaws. The TruffleNet attack exploited trust, the trust placed in cloud credentials, identity services, and legitimate infrastructure.<\/p>\n\n\n\n<p>Here\u2019s what separated it from typical cloud compromises:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>No malware was required.<\/strong> Every API call came from valid, authorized credentials.<br><\/li>\n\n\n\n<li><strong>Legitimate infrastructure was used.<\/strong> AWS SES handled email delivery, giving attackers instant legitimacy.<br><\/li>\n\n\n\n<li><strong>Distributed execution.<\/strong> Hundreds of geographically dispersed systems performed specific roles, making takedown nearly impossible.<br><\/li>\n\n\n\n<li><strong>Persistent access.<\/strong> Compromised credentials often stayed active for weeks before detection, allowing repeated abuse.<br><\/li>\n<\/ul>\n\n\n\n<p>It showed how attackers no longer need to <a href=\"https:\/\/www.purevpn.com\/white-label\/how-to-analyze-email-traffic-for-sensitive-data\/\" target=\"_blank\" rel=\"noreferrer noopener\">breach <\/a>the cloud itself, they only need to borrow its keys.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Why_Stolen_AWS_Credentials_are_the_Perfect_Weapon\"><\/span>Why Stolen AWS Credentials are the Perfect Weapon<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"740\" height=\"420\" src=\"https:\/\/d1jxermyrliwoo.cloudfront.net\/wp-content\/uploads\/2025\/11\/07122725\/image-3-18.png\" alt=\"Graphic showing TruffleNet attackers\u2019 advantages, instant authentication, legitimate access, and automated scalability for continuous credential abuse.\n\" class=\"wp-image-5447\" srcset=\"https:\/\/d1jxermyrliwoo.cloudfront.net\/wp-content\/uploads\/2025\/11\/07122725\/image-3-18.png 740w, https:\/\/d1jxermyrliwoo.cloudfront.net\/wp-content\/uploads\/2025\/11\/07122725\/image-3-18-705x400.png 705w\" sizes=\"auto, (max-width: 740px) 100vw, 740px\" \/><\/figure>\n\n\n\n<p>The appeal is simple: AWS credentials unlock a vast ecosystem. From data storage to compute resources to email infrastructure, one exposed key can open doors across an entire organization.<\/p>\n\n\n\n<p>A recent report found that <a href=\"https:\/\/www.beyondtrust.com\/blog\/entry\/the-state-of-identity-security-identity-based-threats-breaches-security-best-practices\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">33% of breaches <\/a>involved compromised privileged identities, highlighting just how often identity, not malware, is the first domino to fall.<\/p>\n\n\n\n<p>For the attackers behind TruffleNet, stolen AWS credentials offered several advantages:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Speed:<\/strong> They could authenticate and act instantly, skipping traditional exploit phases.<br><\/li>\n\n\n\n<li><strong>Legitimacy:<\/strong> Valid access avoids triggering intrusion alerts that rely on brute force or signature-based detection.<br><\/li>\n\n\n\n<li><strong>Scalability:<\/strong> Once automated, credential testing and abuse could operate continuously, discovering new targets around the clock.<br><\/li>\n<\/ul>\n\n\n\n<p>It was efficiency, not sophistication, that made the TruffleNet attack so destructive.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"The_Global_Impact\"><\/span>The Global Impact<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>The TruffleNet attack wasn\u2019t contained to one region or industry. Its operators sent fraudulent invoices, supplier updates, and tax forms to companies worldwide, part of a growing wave of business email compromise (BEC) scams.<\/p>\n\n\n\n<p>In one confirmed case, an organization received what appeared to be a vendor payment request from a known supplier domain. Everything about the message looked authentic. But the reply-to field had been swapped with a typosquatted domain ending in \u201c-impactaction.com,\u201d leading payments directly to attacker-controlled accounts.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Key_Findings_from_the_TruffleNet_Campaign\"><\/span>Key Findings from the TruffleNet Campaign<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>These are the main findings from the attack:&nbsp;<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><tbody><tr><td><strong>Threat Element<\/strong><\/td><td><strong>Observed Behavior<\/strong><\/td><td><strong>Security Implication<\/strong><\/td><\/tr><tr><td><strong>Credential Source<\/strong><\/td><td>Leaked AWS keys from GitHub, code archives, and developer systems<\/td><td>Poor secret management practices remain a primary risk vector<\/td><\/tr><tr><td><strong>Reconnaissance Activity<\/strong><\/td><td>Over 800 hosts validating credentials via AWS APIs<\/td><td>Highly distributed infrastructure reduces traceability<\/td><\/tr><tr><td><strong>Abused Service<\/strong><\/td><td>Amazon Simple Email Service (SES)<\/td><td>Trusted cloud infrastructure used for large-scale phishing and fraud<\/td><\/tr><tr><td><strong>Primary Attack Outcome<\/strong><\/td><td>Business Email Compromise (BEC) and vendor payment fraud<\/td><td>Financial and reputational loss for affected companies<\/td><\/tr><tr><td><strong>Detection Challenge<\/strong><\/td><td>API calls appeared legitimate<\/td><td>Traditional intrusion systems often failed to flag activity<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Lessons_for_IT_Leaders_and_Cloud_Administrators\"><\/span>Lessons for IT Leaders and Cloud Administrators<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"740\" height=\"420\" src=\"https:\/\/d1jxermyrliwoo.cloudfront.net\/wp-content\/uploads\/2025\/11\/07122726\/image-25.png\" alt=\"Visual checklist highlighting key lessons from the TruffleNet attack, rotate credentials, apply least privilege, monitor API calls, use secret scanning, train developers, and segment remote access.\n\" class=\"wp-image-5449\" srcset=\"https:\/\/d1jxermyrliwoo.cloudfront.net\/wp-content\/uploads\/2025\/11\/07122726\/image-25.png 740w, https:\/\/d1jxermyrliwoo.cloudfront.net\/wp-content\/uploads\/2025\/11\/07122726\/image-25-705x400.png 705w\" sizes=\"auto, (max-width: 740px) 100vw, 740px\" \/><\/figure>\n\n\n\n<p>The TruffleNet attack is a wake-up call for organizations relying on cloud infrastructure, especially those supporting remote or hybrid teams. Protecting cloud accounts now requires as much discipline as protecting physical networks once did.<\/p>\n\n\n\n<p>Here are the immediate lessons:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Rotate credentials regularly.<\/strong> Any static access key is a liability. Use short-lived tokens wherever possible.<br><\/li>\n\n\n\n<li><strong>Apply least privilege.<\/strong> Most compromised keys in TruffleNet had permissions far beyond their intended scope.<br><\/li>\n\n\n\n<li><strong>Monitor for unusual API calls.<\/strong> Requests like GetSendQuota or CreateEmailIdentity can indicate SES abuse attempts.<br><\/li>\n\n\n\n<li><strong>Use secret scanning tools.<\/strong> Automated detection of exposed AWS keys in repositories or logs can prevent exploitation.<br><\/li>\n\n\n\n<li><strong>Educate developers.<\/strong> A single overlooked environment variable can trigger massive exposure.<br><\/li>\n\n\n\n<li><strong>Segment remote access.<\/strong> Limit who can reach production credentials from outside the corporate network.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"The_Role_of_Secure_Remote_Access_in_Prevention\"><\/span>The Role of Secure Remote Access in Prevention<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>While TruffleNet operated at the cloud level, many credential leaks originate from endpoint mismanagement and insecure remote access. Developers or contractors logging into cloud dashboards from unprotected networks often become the weak link.<\/p>\n\n\n\n<p>In hybrid or globally distributed setups, ensuring that every remote connection to the cloud is secure and traceable is critical. This is where network-layer controls complement cloud-layer security. A compromised laptop shouldn\u2019t equal compromised credentials.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Strengthening_Cloud_Identity_with_PureVPN_White_Label_VPN_Solution\"><\/span>Strengthening Cloud Identity with PureVPN White Label VPN Solution<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>This is where network security meets identity protection. A <strong>white-label VPN solution<\/strong> gives organizations control over cloud access without adding complexity.&nbsp;<\/p>\n\n\n\n<p><a href=\"https:\/\/www.purevpn.com\/white-label\/white-label-solutions\/\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>PureVPN White Label VPN Solution<\/strong><\/a> enables businesses to create encrypted, authenticated tunnels for remote teams and contractors accessing sensitive cloud systems, routing AWS and development traffic through verified VPN endpoints for complete visibility.<\/p>\n\n\n\n<p>It allows service providers and MSPs to deploy a VPN under their own brand while ensuring encrypted sessions, controlled access to AWS, centralized IP management, and reduced credential theft risks. By combining network-level protection with identity hygiene, organizations ensure credentials are only used from trusted, authorized endpoints.<\/p>\n\n\n\n<div class=\"wp-block-buttons text-center is-content-justification-center is-layout-flex wp-container-core-buttons-is-layout-1 wp-block-buttons-is-layout-flex\">\n<div class=\"wp-block-button\"><a class=\"wp-block-button__link has-text-color has-background has-link-color wp-element-button\" href=\"https:\/\/www.purevpn.com\/white-label\" style=\"color:#fdfafa;background-color:#b15aff\">Join PureVPN&#8217;s White Label Program<\/a><\/div>\n<\/div>\n\n\n\n<link href=\"https:\/\/fonts.googleapis.com\/css2?family=Poppins:wght@500;600&#038;display=swap\" rel=\"stylesheet\">\n\n<style>\n  .faq-container {\n    font-family: 'Poppins', sans-serif;\n    max-width: 700px;\n    margin: 40px auto;\n    background: #F9F7FF;\n    border: 1px solid #D9D2F5;\n    border-radius: 18px;\n    box-shadow: 0 10px 30px rgba(166, 143, 239, 0.12);\n    padding: 30px;\n  }\n\n  .faq-title {\n    font-size: 20px;\n    font-weight: 600;\n    color: #4D3B7A;\n    margin-bottom: 20px;\n    text-align: center;\n  }\n\n  .faq-item {\n    background: #FFFFFF;\n    border: 1px solid #E2DAFA;\n    border-radius: 12px;\n    margin-bottom: 12px;\n    overflow: hidden;\n    box-shadow: 0 5px 20px rgba(166, 143, 239, 0.08);\n  }\n\n  .faq-question {\n    background: #F3EEFF;\n    padding: 15px;\n    cursor: pointer;\n    font-weight: 500;\n    color: #4D3B7A;\n    display: flex;\n    justify-content: space-between;\n    align-items: center;\n    font-size: 15px;\n  }\n\n  .faq-question:hover {\n    background: #EDE6FF;\n  }\n\n  .faq-answer {\n    display: none;\n    padding: 15px;\n    color: #5a4b85;\n    font-size: 14px;\n    line-height: 1.6;\n    border-top: 1px solid #E2DAFA;\n  }\n\n  .faq-icon {\n    font-weight: 600;\n    font-size: 18px;\n    transition: transform 0.3s ease;\n  }\n\n  .faq-item.active .faq-icon {\n    transform: rotate(45deg);\n  }\n<\/style>\n\n<div class=\"faq-container\">\n  <div class=\"faq-title\">Frequently Asked Questions<\/div>\n\n  <div class=\"faq-item\">\n    <div class=\"faq-question\">\n      What was the TruffleNet attack?\n      <span class=\"faq-icon\">+<\/span>\n    <\/div>\n    <div class=\"faq-answer\">\n      The TruffleNet attack was a global campaign discovered in October 2025 that used stolen AWS credentials to abuse cloud services like Amazon SES for large-scale email and credential-based attacks.\n    <\/div>\n  <\/div>\n\n  <div class=\"faq-item\">\n    <div class=\"faq-question\">\n      How did attackers execute the TruffleNet attack?\n      <span class=\"faq-icon\">+<\/span>\n    <\/div>\n    <div class=\"faq-answer\">\n      They used compromised AWS accounts to run commands such as <strong>GetSendQuota<\/strong>, testing how much email each account could send before launching BEC and spam campaigns.\n    <\/div>\n  <\/div>\n\n  <div class=\"faq-item\">\n    <div class=\"faq-question\">\n      Why is the TruffleNet attack significant for cloud security?\n      <span class=\"faq-icon\">+<\/span>\n    <\/div>\n    <div class=\"faq-answer\">\n      It showed how identity compromise can weaponize legitimate cloud infrastructure without using traditional malware.\n    <\/div>\n  <\/div>\n\n  <div class=\"faq-item\">\n    <div class=\"faq-question\">\n      How can businesses prevent similar attacks?\n      <span class=\"faq-icon\">+<\/span>\n    <\/div>\n    <div class=\"faq-answer\">\n      Businesses can prevent similar attacks by enforcing centralized access control, using multi-factor authentication, and securing cloud logins through verified VPN endpoints.\n    <\/div>\n  <\/div>\n\n  <div class=\"faq-item\">\n    <div class=\"faq-question\">\n      How does PureVPN White Label VPN Solution help against such threats?\n      <span class=\"faq-icon\">+<\/span>\n    <\/div>\n    <div class=\"faq-answer\">\n      It provides encrypted, authenticated access to cloud environments, ensuring credentials are only used from authorized and monitored networks.\n    <\/div>\n  <\/div>\n<\/div>\n\n<script>\n  document.querySelectorAll('.faq-question').forEach(question => {\n    question.addEventListener('click', () => {\n      const item = question.parentElement;\n      const answer = question.nextElementSibling;\n      item.classList.toggle('active');\n\n      if (answer.style.display === 'block') {\n        answer.style.display = 'none';\n      } else {\n        document.querySelectorAll('.faq-answer').forEach(ans => ans.style.display = 'none');\n        document.querySelectorAll('.faq-item').forEach(it => it.classList.remove('active'));\n        item.classList.add('active');\n        answer.style.display = 'block';\n      }\n    });\n  });\n<\/script>\n\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Final_Thoughts\"><\/span>Final Thoughts<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>The lesson is clear: the TruffleNet attack wasn\u2019t a failure of AWS or cloud computing. It was a failure of control, of knowing who is connecting, from where, and with what level of privilege. The future of<a href=\"https:\/\/www.purevpn.com\/white-label\/white-label-cybersecurity-market-report\/\" target=\"_blank\" rel=\"noreferrer noopener\"> cybersecurity <\/a>belongs to those who treat identity and network access as inseparable parts of the same defense.<\/p>\n\n\n\n<div class=\"wp-block-buttons text-center is-content-justification-center is-layout-flex wp-container-core-buttons-is-layout-2 wp-block-buttons-is-layout-flex\">\n<div class=\"wp-block-button\"><a class=\"wp-block-button__link has-text-color has-background has-link-color wp-element-button\" href=\"https:\/\/www.purevpn.com\/white-label\" style=\"color:#fdfafa;background-color:#b15aff\">Join PureVPN&#8217;s White Label Program<\/a><\/div>\n<\/div>\n\n\n\n<script type=\"application\/ld+json\">\n{\n  \"@context\": \"https:\/\/schema.org\",\n  \"@type\": \"FAQPage\",\n  \"mainEntity\": [\n    {\n      \"@type\": \"Question\",\n      \"name\": \"What was the TruffleNet attack?\",\n      \"acceptedAnswer\": {\n        \"@type\": \"Answer\",\n        \"text\": \"The TruffleNet attack was a global campaign discovered in October 2025 that used stolen AWS credentials to abuse cloud services like Amazon SES for large-scale email and credential-based attacks.\"\n      }\n    },\n    {\n      \"@type\": \"Question\",\n      \"name\": \"How did attackers execute the TruffleNet attack?\",\n      \"acceptedAnswer\": {\n        \"@type\": \"Answer\",\n        \"text\": \"They used compromised AWS accounts to run commands such as GetSendQuota, testing how much email each account could send before launching BEC and spam campaigns.\"\n      }\n    },\n    {\n      \"@type\": \"Question\",\n      \"name\": \"Why is the TruffleNet attack significant for cloud security?\",\n      \"acceptedAnswer\": {\n        \"@type\": \"Answer\",\n        \"text\": \"It showed how identity compromise can weaponize legitimate cloud infrastructure without using traditional malware.\"\n      }\n    },\n    {\n      \"@type\": \"Question\",\n      \"name\": \"How can businesses prevent similar attacks?\",\n      \"acceptedAnswer\": {\n        \"@type\": \"Answer\",\n        \"text\": \"Businesses can prevent similar attacks by enforcing centralized access control, using multi-factor authentication, and securing cloud logins through verified VPN endpoints.\"\n      }\n    },\n    {\n      \"@type\": \"Question\",\n      \"name\": \"How does PureVPN White Label VPN Solution help against such threats?\",\n      \"acceptedAnswer\": {\n        \"@type\": \"Answer\",\n        \"text\": \"It provides encrypted, authenticated access to cloud environments, ensuring credentials are only used from authorized and monitored networks.\"\n      }\n    }\n  ]\n}\n<\/script>\n\n","protected":false},"excerpt":{"rendered":"<p>TL;DR The TruffleNet attack began with stolen AWS credentials, not malware, allowing attackers to exploit trusted cloud infrastructure for large-scale fraud. Over 800 hosts were used to validate and abuse AWS SES accounts, turning legitimate email services into phishing and BEC delivery systems. Attackers leveraged automation to test and weaponize leaked credentials, demonstrating how identity&#8230;<\/p>\n","protected":false},"author":3,"featured_media":5451,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"content-type":"","footnotes":""},"categories":[1],"tags":[839],"class_list":["post-5446","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized","tag-trufflenet-attack"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v24.1 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Inside the TruffleNet Attack - Stolen AWS Credentials<\/title>\n<meta name=\"description\" content=\"A clear breakdown of the TruffleNet attack, how AWS credentials were abused, and what IT leaders must do to secure cloud environments.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.purevpn.com\/white-label\/inside-the-trufflenet-attack\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Inside the TruffleNet Attack - Stolen AWS Credentials\" \/>\n<meta property=\"og:description\" content=\"A clear breakdown of the TruffleNet attack, how AWS credentials were abused, and what IT leaders must do to secure cloud environments.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.purevpn.com\/white-label\/inside-the-trufflenet-attack\/\" \/>\n<meta property=\"og:site_name\" content=\"PureVPN White label\" \/>\n<meta property=\"article:published_time\" content=\"2025-11-07T12:43:19+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-11-07T12:43:21+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/d1jxermyrliwoo.cloudfront.net\/wp-content\/uploads\/2025\/11\/07124207\/Featured-Images-2025-11-07T123135.996.png\" \/>\n\t<meta property=\"og:image:width\" content=\"740\" \/>\n\t<meta property=\"og:image:height\" content=\"420\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"duresham\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"duresham\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"8 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.purevpn.com\/white-label\/inside-the-trufflenet-attack\/\",\"url\":\"https:\/\/www.purevpn.com\/white-label\/inside-the-trufflenet-attack\/\",\"name\":\"Inside the TruffleNet Attack - Stolen AWS Credentials\",\"isPartOf\":{\"@id\":\"https:\/\/www.purevpn.com\/white-label\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.purevpn.com\/white-label\/inside-the-trufflenet-attack\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.purevpn.com\/white-label\/inside-the-trufflenet-attack\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/d1jxermyrliwoo.cloudfront.net\/wp-content\/uploads\/2025\/11\/07124207\/Featured-Images-2025-11-07T123135.996.png\",\"datePublished\":\"2025-11-07T12:43:19+00:00\",\"dateModified\":\"2025-11-07T12:43:21+00:00\",\"author\":{\"@id\":\"https:\/\/www.purevpn.com\/white-label\/#\/schema\/person\/d75943d96d9bdd3277bc60adaf00f44c\"},\"description\":\"A clear breakdown of the TruffleNet attack, how AWS credentials were abused, and what IT leaders must do to secure cloud environments.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.purevpn.com\/white-label\/inside-the-trufflenet-attack\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.purevpn.com\/white-label\/inside-the-trufflenet-attack\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.purevpn.com\/white-label\/inside-the-trufflenet-attack\/#primaryimage\",\"url\":\"https:\/\/d1jxermyrliwoo.cloudfront.net\/wp-content\/uploads\/2025\/11\/07124207\/Featured-Images-2025-11-07T123135.996.png\",\"contentUrl\":\"https:\/\/d1jxermyrliwoo.cloudfront.net\/wp-content\/uploads\/2025\/11\/07124207\/Featured-Images-2025-11-07T123135.996.png\",\"width\":740,\"height\":420,\"caption\":\"A cybercriminal hacking the network to gain access to someone's financial assets against a purple background, highlighting the importance of cybersecurity measures in 2025.\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.purevpn.com\/white-label\/inside-the-trufflenet-attack\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.purevpn.com\/white-label\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Inside the TruffleNet Attack: How Stolen AWS Credentials Fueled a Global Cloud Campaign\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.purevpn.com\/white-label\/#website\",\"url\":\"https:\/\/www.purevpn.com\/white-label\/\",\"name\":\"Purevpn White label\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.purevpn.com\/white-label\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.purevpn.com\/white-label\/#\/schema\/person\/d75943d96d9bdd3277bc60adaf00f44c\",\"name\":\"duresham\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.purevpn.com\/white-label\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/676e150b24efe0726f53fef31f98d1da?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/676e150b24efe0726f53fef31f98d1da?s=96&d=mm&r=g\",\"caption\":\"duresham\"},\"url\":\"https:\/\/www.purevpn.com\/white-label\/author\/duresham\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Inside the TruffleNet Attack - Stolen AWS Credentials","description":"A clear breakdown of the TruffleNet attack, how AWS credentials were abused, and what IT leaders must do to secure cloud environments.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.purevpn.com\/white-label\/inside-the-trufflenet-attack\/","og_locale":"en_US","og_type":"article","og_title":"Inside the TruffleNet Attack - Stolen AWS Credentials","og_description":"A clear breakdown of the TruffleNet attack, how AWS credentials were abused, and what IT leaders must do to secure cloud environments.","og_url":"https:\/\/www.purevpn.com\/white-label\/inside-the-trufflenet-attack\/","og_site_name":"PureVPN White label","article_published_time":"2025-11-07T12:43:19+00:00","article_modified_time":"2025-11-07T12:43:21+00:00","og_image":[{"width":740,"height":420,"url":"https:\/\/d1jxermyrliwoo.cloudfront.net\/wp-content\/uploads\/2025\/11\/07124207\/Featured-Images-2025-11-07T123135.996.png","type":"image\/png"}],"author":"duresham","twitter_card":"summary_large_image","twitter_misc":{"Written by":"duresham","Est. reading time":"8 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.purevpn.com\/white-label\/inside-the-trufflenet-attack\/","url":"https:\/\/www.purevpn.com\/white-label\/inside-the-trufflenet-attack\/","name":"Inside the TruffleNet Attack - Stolen AWS Credentials","isPartOf":{"@id":"https:\/\/www.purevpn.com\/white-label\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.purevpn.com\/white-label\/inside-the-trufflenet-attack\/#primaryimage"},"image":{"@id":"https:\/\/www.purevpn.com\/white-label\/inside-the-trufflenet-attack\/#primaryimage"},"thumbnailUrl":"https:\/\/d1jxermyrliwoo.cloudfront.net\/wp-content\/uploads\/2025\/11\/07124207\/Featured-Images-2025-11-07T123135.996.png","datePublished":"2025-11-07T12:43:19+00:00","dateModified":"2025-11-07T12:43:21+00:00","author":{"@id":"https:\/\/www.purevpn.com\/white-label\/#\/schema\/person\/d75943d96d9bdd3277bc60adaf00f44c"},"description":"A clear breakdown of the TruffleNet attack, how AWS credentials were abused, and what IT leaders must do to secure cloud environments.","breadcrumb":{"@id":"https:\/\/www.purevpn.com\/white-label\/inside-the-trufflenet-attack\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.purevpn.com\/white-label\/inside-the-trufflenet-attack\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.purevpn.com\/white-label\/inside-the-trufflenet-attack\/#primaryimage","url":"https:\/\/d1jxermyrliwoo.cloudfront.net\/wp-content\/uploads\/2025\/11\/07124207\/Featured-Images-2025-11-07T123135.996.png","contentUrl":"https:\/\/d1jxermyrliwoo.cloudfront.net\/wp-content\/uploads\/2025\/11\/07124207\/Featured-Images-2025-11-07T123135.996.png","width":740,"height":420,"caption":"A cybercriminal hacking the network to gain access to someone's financial assets against a purple background, highlighting the importance of cybersecurity measures in 2025."},{"@type":"BreadcrumbList","@id":"https:\/\/www.purevpn.com\/white-label\/inside-the-trufflenet-attack\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.purevpn.com\/white-label\/"},{"@type":"ListItem","position":2,"name":"Inside the TruffleNet Attack: How Stolen AWS Credentials Fueled a Global Cloud Campaign"}]},{"@type":"WebSite","@id":"https:\/\/www.purevpn.com\/white-label\/#website","url":"https:\/\/www.purevpn.com\/white-label\/","name":"Purevpn White label","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.purevpn.com\/white-label\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.purevpn.com\/white-label\/#\/schema\/person\/d75943d96d9bdd3277bc60adaf00f44c","name":"duresham","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.purevpn.com\/white-label\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/676e150b24efe0726f53fef31f98d1da?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/676e150b24efe0726f53fef31f98d1da?s=96&d=mm&r=g","caption":"duresham"},"url":"https:\/\/www.purevpn.com\/white-label\/author\/duresham\/"}]}},"_links":{"self":[{"href":"https:\/\/www.purevpn.com\/white-label\/wp-json\/wp\/v2\/posts\/5446","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.purevpn.com\/white-label\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.purevpn.com\/white-label\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.purevpn.com\/white-label\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.purevpn.com\/white-label\/wp-json\/wp\/v2\/comments?post=5446"}],"version-history":[{"count":1,"href":"https:\/\/www.purevpn.com\/white-label\/wp-json\/wp\/v2\/posts\/5446\/revisions"}],"predecessor-version":[{"id":5452,"href":"https:\/\/www.purevpn.com\/white-label\/wp-json\/wp\/v2\/posts\/5446\/revisions\/5452"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.purevpn.com\/white-label\/wp-json\/wp\/v2\/media\/5451"}],"wp:attachment":[{"href":"https:\/\/www.purevpn.com\/white-label\/wp-json\/wp\/v2\/media?parent=5446"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.purevpn.com\/white-label\/wp-json\/wp\/v2\/categories?post=5446"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.purevpn.com\/white-label\/wp-json\/wp\/v2\/tags?post=5446"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}