\n<\/p>\n
## Trends<\/p>\n
**Relative stability from quarter to quarter.** The percentage of ICS computers on which malicious objects were blocked remained unchanged from Q4 2024 at 21.9%. Over the last three quarters, the value has ranged from 22.0% to 21.9%.<\/p>\n
**The quarterly figures are decreasing from year to year.** Since Q2 2023, the percentage of ICS computers on which malicious objects were blocked has been lower than the indicator of the same quarter of the previous year. Compared to Q1 2024, the figure decreased by 2.5 pp.<\/p>\n
<\/p>\n
Percentage of ICS computers on which malicious objects were blocked, Q1 2022\u2013Q1 2025<\/p>\n
In January\u2013March 2025, the figures were the lowest compared to the same months of the previous four years.<\/p>\n
<\/p>\n
Percentage of ICS computers on which malicious objects were blocked, Jan 2021\u2013Mar 2025<\/p>\n
**The biometrics sector continues to lead the selected industries \/ OT infrastructure types.** This is the only OT infrastructure type where the percentage of ICS computers on which malicious objects were blocked increased during the quarter.<\/p>\n
**Threat levels in different regions still vary.** In Q1 2025, the percentage of affected ICS computers ranged from 10.7% in Northern Europe to 29.6% in Africa. In eight out of 13 regions, the figures ranged from 19.0% to 25.0%.<\/p>\n
**The percentage of ICS computers on which denylisted internet resources were blocked continues to decrease.** It reached its lowest level since the beginning of 2022. In the first three months of 2025, the corresponding figures were lower than those in January\u2013March of the previous three years.<\/p>\n
<\/p>\n
Percentage of ICS computers on which denylisted internet resources were blocked, Jan 2022\u2013Mar 2025<\/p>\n
**Changes in the percentage of ICS computers on which initial-infection malware was blocked lead to changes in the percentage of next-stage malware.** In Q1 2025, the percentage of ICS computers on which various types of malware spread via the internet and email were blocked increased for the first time since the beginning of 2023.<\/p>\n
The internet is the primary source of threats to ICS computers. The main categories of threats from the internet are denylisted internet resources, malicious scripts and phishing pages.<\/p>\n
The main categories of threats spreading via email are malicious documents, spyware, malicious scripts and phishing pages.<\/p>\n
The percentage of ICS computers on which malicious scripts and phishing pages, and malicious documents were blocked increased in Q1 2025. In January\u2013March, the monthly values in these two categories of threats were higher than in the same months of 2024.<\/p>\n
<\/p>\n
<\/p>\n
Percentage of ICS computers on which malicious objects were blocked, Jan 2022\u2013Mar 2025<\/p>\n
The leading category of malware used for initial infection of ICS computers (see below) is malicious scripts and phishing pages.<\/p>\n
Most malicious scripts and phishing pages act as droppers or loaders of next-stage malware (spyware, crypto miners and ransomware). The strong correlation between the values for malicious scripts and phishing pages, and spyware is clearly visible in the graph below.<\/p>\n
<\/p>\n
Percentage of ICS computers on which malicious objects were blocked, Jan 2023\u2013Mar 2025<\/p>\n
Similar to malicious scripts and phishing pages, the percentage of ICS computers on which spyware was blocked was higher in the first three months of 2025 than in the same months of 2024.<\/p>\n
<\/p>\n
Percentage of ICS computers on which spyware was blocked, Jan 2022\u2013Mar 2025<\/p>\n
The percentage of ICS computers on which miners (web miners and miners in the form of executable files for Windows) were blocked in Q1 2025 also increased.<\/p>\n
## Statistics across all threats<\/p>\n
In Q1 2025, the percentage of ICS computers on which malicious objects were blocked remained at the same level as in the previous quarter: 21.9%.<\/p>\n
<\/p>\n
Percentage of ICS computers on which malicious objects were blocked, Q1 2022\u2013Q1 2025<\/p>\n
Compared to Q1 2024, the percentage of ICS computers on which malicious objects were blocked decreased by 2.5 pp. However, it increased from January to March of 2025 when it reached its highest value in the quarter.<\/p>\n
<\/p>\n
Percentage of ICS computers on which malicious objects were blocked, Jan 2023\u2013Mar 2025<\/p>\n
Regionally, the percentage of ICS computers on which malicious objects were blocked ranged from 10.7% in Northern Europe to 29.6% in Africa.<\/p>\n
<\/p>\n
Regions ranked by percentage of ICS computers on which malicious objects were blocked, Q1 2025<\/p>\n
In six of the 13 regions surveyed in this report, the figures increased from the previous quarter, with the largest change occurring in Russia.<\/p>\n
<\/p>\n
Changes in percentage of ICS computers on which malicious objects were blocked,
Q1 2025<\/p>\n
## Selected industries<\/p>\n
The biometrics sector led the ranking of the industries and OT infrastructures surveyed in this report in terms of the percentage of ICS computers on which malicious objects were blocked.<\/p>\n
<\/p>\n
Ranking of industries and OT infrastructures by percentage of ICS computers on which malicious objects were blocked, Q1 2025<\/p>\n
The biometrics sector was also the only OT infrastructure type where the percentage of ICS computers on which malicious objects were blocked increased slightly. Despite this, the long-term trend is clearly downward.<\/p>\n
<\/p>\n
Percentage of ICS computers on which malicious objects were blocked in selected industries<\/p>\n
## Diversity of detected malicious objects<\/p>\n
In Q1 2025, Kaspersky security solutions blocked malware from 11,679 different malware families in various categories on industrial automation systems.<\/p>\n
<\/p>\n
Percentage of ICS computers on which the activity of malicious objects from various categories was blocked<\/p>\n
The largest proportional increase in Q1 2025 was in the percentage of ICS computers on which web miners (1.4 times more than in the previous quarter) and malicious documents (1.1 times more) were blocked.<\/p>\n
### Main threat sources<\/p>\n
Depending on the threat detection and blocking scenario, it is not always possible to reliably identify the source. The circumstantial evidence for a specific source can be the blocked threat’s type (category).<\/p>\n
The internet (visiting malicious or compromised internet resources; malicious content distributed via messengers; cloud data storage and processing services and CDNs), email clients (phishing emails), and removable storage devices remain the primary sources of threats to computers in an organization’s OT infrastructure.<\/p>\n
In Q1 2025, the percentage of ICS computers on which threats from the internet and email clients were blocked increased for the first time since the end of 2023.<\/p>\n
<\/p>\n
Percentage of ICS computers on which malicious objects from various sources were blocked<\/p>\n
The rates for all threat sources varied across the monitored regions.<\/p>\n
* The percentage of ICS computers on which threats from the internet were blocked ranged from 5.2% in Northern Europe to 12.8% in Africa.
* The percentage of ICS computers on which threats from email clients were blocked ranged from 0.88% in Russia to 6.8% in Southern Europe.
* The percentage of ICS computers on which threats from removable media were blocked ranged from 0.06% in Australia and New Zealand to 2.4% in Africa.<\/p>\n
### Threat categories<\/p>\n
Typical attacks blocked within an OT network are a multi-stage process, where each subsequent step by the attackers is aimed at increasing privileges and gaining access to other systems by exploiting security flaws in industrial enterprises, including OT infrastructures.<\/p>\n
It is worth noting that during the attack, intruders often repeat the same steps (TTP), especially when they use malicious scripts and established communication channels with the management and control infrastructure (C2) to move laterally within the network and advance the attack.<\/p>\n
### Malicious objects used for initial infection<\/p>\n
In Q1 2025, the percentage of ICS computers on which denylisted internet resources were blocked decreased to its lowest value since the beginning of 2022.<\/p>\n
<\/p>\n
Percentage of ICS computers on which denylisted internet resources were blocked, Q1 2022\u2013Q1 2025<\/p>\n
The decline in the percentage of denylisted internet resources since November 2024 was likely influenced not only by proactive threat mitigation at various levels, but also by techniques used by attackers to circumvent the blocking mechanisms based on the resource’s reputation, thus redistributing the protection burden to other detection technologies.<\/p>\n
A detected malicious web resource may not always be added to a denylist because attackers are increasingly using legitimate internet resources and services such as content delivery network (CDN) platforms, messengers, and cloud storage. These services allow malicious code to be distributed through unique links to unique content, making it difficult to use reputation-based blocking tactics. We strongly recommend that industrial organizations implement policy-based blocking of such services, at least for OT networks where the need for such services is extremely rare for objective reasons.<\/p>\n
The percentage of ICS computers on which malicious documents as well as malicious scripts and phishing pages were blocked increased slightly, to 1.85% (by 0.14 pp) and 7.16% (by 0.05 pp) respectively.<\/p>\n
### Next-stage malware<\/p>\n
Malicious objects used to initially infect computers deliver next-stage malware \u2013 spyware, ransomware, and miners \u2013 to victims’ computers. As a rule, the higher the percentage of ICS computers on which the initial infection malware is blocked, the higher the percentage for next-stage malware.<\/p>\n
In Q1 2025, the percentage of ICS computers on which spyware and ransomware were blocked decreased, reaching 4.20% (by losing 0.1 pp) and 0.16% (by losing 0.05 pp) respectively. Conversely, the indicator for miners increased. The percentage of ICS computers on which miners in the form of executable files for Windows and web miners were blocked increased to 0.78% (by 0.08 pp) and 0.53% (by 0.14 pp), respectively. The latter indicator reached its highest value since Q3 2023.<\/p>\n
<\/p>\n
Percentage of ICS computers on which web miners were blocked, Q1 2022\u2013Q1 2025<\/p>\n
### Self-propagating malware<\/p>\n
Self-propagating malware (worms and viruses) is a category unto itself. Worms and virus-infected files were originally used for initial infection, but as botnet functionality evolved, they took on next-stage characteristics.<\/p>\n
To spread across ICS networks, viruses and worms rely on removable media, network folders, infected files including backups, and network attacks on outdated software, such as Radmin2.<\/p>\n
In Q1 2025, the percentage of ICS computers on which worms and viruses were blocked decreased to 1.31% (by losing 0.06 pp) and 1.53% (by losing 0.08 pp), respectively.<\/p>\n
### AutoCAD malware<\/p>\n
AutoCAD malware is typically a low-level threat, coming last in the malware category rankings in terms of the percentage of ICS computers on which it was blocked.<\/p>\n
In Q1 2025, the percentage of ICS computers on which AutoCAD malware was blocked continued to decrease (by losing 0.04 pp) and reached 0.034%.<\/p>\n
You can find more information on industrial threats in the full version of the report.\n<\/p><\/div>\n
View Advisory Details<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"Security Update News Update Information Title Threat landscape for industrial automation systems in Q1 2025 Update ID SECURELIST:6C8662ADE07B4B42A4EA79A11A153B7D Type securelist Published 2025-05-15T13:07:40 Last Updated 2025-05-15T13:07:40…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[6,8,34,12,13,33,136,7,11,5],"class_list":["post-4569","post","type-post","status-publish","format-standard","hentry","category-category_news","tag-cve","tag-cvss","tag-cvss-00","tag-exploit","tag-news","tag-none","tag-securelist","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n
Threat landscape for industrial automation systems in Q1 2025 - zero redgem<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/zero.redgem.net\/?p=4569\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Threat landscape for industrial automation systems in Q1 2025 - zero redgem\" \/>\n<meta property=\"og:description\" content=\"Security Update News Update Information Title Threat landscape for industrial automation systems in Q1 2025 Update ID SECURELIST:6C8662ADE07B4B42A4EA79A11A153B7D Type securelist Published 2025-05-15T13:07:40 Last Updated 2025-05-15T13:07:40...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/zero.redgem.net\/?p=4569\" \/>\n<meta property=\"og:site_name\" content=\"zero redgem\" \/>\n<meta property=\"article:published_time\" content=\"2025-05-15T09:33:01+00:00\" \/>\n<meta name=\"author\" content=\"invoker\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"invoker\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"10 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=4569#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=4569\"},\"author\":{\"name\":\"invoker\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\"},\"headline\":\"Threat landscape for industrial automation systems in Q1 2025\",\"datePublished\":\"2025-05-15T09:33:01+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=4569\"},\"wordCount\":2078,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"keywords\":[\"CVE\",\"CVSS\",\"CVSS-0.0\",\"exploit\",\"news\",\"NONE\",\"securelist\",\"Security\",\"tapic\",\"Vulnerability\"],\"articleSection\":[\"category_news\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=4569#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=4569\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?p=4569\",\"name\":\"Threat landscape for industrial automation systems in Q1 2025 - zero redgem\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\"},\"datePublished\":\"2025-05-15T09:33:01+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=4569#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=4569\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=4569#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/zero.redgem.net\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Threat landscape for industrial automation systems in Q1 2025\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"name\":\"zero redgem\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/zero.redgem.net\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\",\"name\":\"zero redgem\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"\",\"contentUrl\":\"\",\"width\":191,\"height\":188,\"caption\":\"zero redgem\"},\"image\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\",\"name\":\"invoker\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"caption\":\"invoker\"},\"sameAs\":[\"https:\\\/\\\/zero.redgem.net\"],\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?author=1\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Threat landscape for industrial automation systems in Q1 2025 - zero redgem","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/zero.redgem.net\/?p=4569","og_locale":"en_US","og_type":"article","og_title":"Threat landscape for industrial automation systems in Q1 2025 - zero redgem","og_description":"Security Update News Update Information Title Threat landscape for industrial automation systems in Q1 2025 Update ID SECURELIST:6C8662ADE07B4B42A4EA79A11A153B7D Type securelist Published 2025-05-15T13:07:40 Last Updated 2025-05-15T13:07:40...","og_url":"https:\/\/zero.redgem.net\/?p=4569","og_site_name":"zero redgem","article_published_time":"2025-05-15T09:33:01+00:00","author":"invoker","twitter_card":"summary_large_image","twitter_misc":{"Written by":"invoker","Est. reading time":"10 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/zero.redgem.net\/?p=4569#article","isPartOf":{"@id":"https:\/\/zero.redgem.net\/?p=4569"},"author":{"name":"invoker","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca"},"headline":"Threat landscape for industrial automation systems in Q1 2025","datePublished":"2025-05-15T09:33:01+00:00","mainEntityOfPage":{"@id":"https:\/\/zero.redgem.net\/?p=4569"},"wordCount":2078,"commentCount":0,"publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"keywords":["CVE","CVSS","CVSS-0.0","exploit","news","NONE","securelist","Security","tapic","Vulnerability"],"articleSection":["category_news"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/zero.redgem.net\/?p=4569#respond"]}]},{"@type":"WebPage","@id":"https:\/\/zero.redgem.net\/?p=4569","url":"https:\/\/zero.redgem.net\/?p=4569","name":"Threat landscape for industrial automation systems in Q1 2025 - zero redgem","isPartOf":{"@id":"https:\/\/zero.redgem.net\/#website"},"datePublished":"2025-05-15T09:33:01+00:00","breadcrumb":{"@id":"https:\/\/zero.redgem.net\/?p=4569#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/zero.redgem.net\/?p=4569"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/zero.redgem.net\/?p=4569#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/zero.redgem.net\/"},{"@type":"ListItem","position":2,"name":"Threat landscape for industrial automation systems in Q1 2025"}]},{"@type":"WebSite","@id":"https:\/\/zero.redgem.net\/#website","url":"https:\/\/zero.redgem.net\/","name":"zero redgem","description":"","publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/zero.redgem.net\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/zero.redgem.net\/#organization","name":"zero redgem","url":"https:\/\/zero.redgem.net\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/","url":"","contentUrl":"","width":191,"height":188,"caption":"zero redgem"},"image":{"@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca","name":"invoker","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","caption":"invoker"},"sameAs":["https:\/\/zero.redgem.net"],"url":"https:\/\/zero.redgem.net\/?author=1"}]}},"_links":{"self":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/4569","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=4569"}],"version-history":[{"count":0,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/4569\/revisions"}],"wp:attachment":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=4569"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=4569"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=4569"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}