');mask-image:url('data:image/svg+xml;utf8, ');content:'';margin:0 .4rem;display:inline-block;vertical-align:middle;line-height:1}.breadcrumb-trail .trail-items li:last-child:after{display:none}.bloghash-breadcrumbs{font-size:1.4rem;border-width:0}#page .page-header .bloghash-breadcrumbs a>span{color:inherit}#bloghash-copyright .bloghash-flex-row>div:empty{display:none}#bloghash-copyright>.bloghash-container>.bloghash-flex-row>div{width:auto;padding-top:.6rem;padding-bottom:.6rem}.bloghash-copyright-layout-1 #bloghash-copyright>.bloghash-container>.bloghash-flex-row>div{-ms-flex-preferred-size:100%;flex-basis:100%;-ms-flex-negative:0;flex-shrink:0;-webkit-box-pack:center;-ms-flex-pack:center;justify-content:center}#bloghash-scroll-top{-webkit-box-align:center;-ms-flex-align:center;align-items:center;-webkit-box-pack:center;-ms-flex-pack:center;justify-content:center;position:fixed;bottom:2.5rem;right:2rem;z-index:997;width:4rem;height:4rem;opacity:0;-webkit-transform:translate3d(0,3rem,0);transform:translate3d(0,3rem,0)}#bloghash-scroll-top .bloghash-scroll-icon{overflow:hidden;z-index:2}#bloghash-scroll-top .bloghash-icon{-webkit-box-align:center;-ms-flex-align:center;align-items:center;-webkit-box-pack:center;-ms-flex-pack:center;justify-content:center;height:2rem;color:var(--bloghash-white);-webkit-transform:translateY(1.1rem);-ms-transform:translateY(1.1rem);transform:translateY(1.1rem)}#bloghash-scroll-top:before{content:'';z-index:1;border-radius:10rem;background-color:var(--bloghash-primary);-webkit-transform:scale(1);-ms-transform:scale(1);transform:scale(1);border:.1rem solid rgba(185,185,185,.4)}#bloghash-scroll-top svg{fill:var(--bloghash-white)}.bloghash-widget.widget:not(.widget_text):not(.hester-core-custom-list-widget) ol{list-style:none;margin-left:0;margin-right:0}#main .bloghash-widget{overflow:hidden}#main .bloghash-widget{margin-bottom:4rem}.widget ol{line-height:1.5}.widget ol:last-child{margin-bottom:0}.widget ol li{margin-bottom:1rem}.widget.bloghash-entry p{margin-top:1.6rem;margin-bottom:1.6rem}.widget.bloghash-entry p:last-child{margin-bottom:0}.widget.widget_block li a{position:relative;z-index:0}.widget.widget_recent_comments li{margin-bottom:1.6rem}.bloghash-entry>:first-child{margin-top:0}.bloghash-entry>:last-child{margin-bottom:0}.entry-content ul:not(.wp-block-latest-posts) li{margin-bottom:.64rem}.bloghash-entry ul:not(.wp-block-latest-posts){list-style:disc}.bloghash-entry ul ul{list-style:circle}.bloghash-entry ol,.bloghash-entry ul:not(.wp-block-latest-posts){margin-left:4rem}.bloghash-entry ul:not(.wp-block-social-links) li:not(.blocks-gallery-item):last-child{margin-bottom:0}.bloghash-entry ul ul{margin-top:.64rem;margin-bottom:0}.bloghash-entry ol,.bloghash-entry ul:not(.wp-block-latest-posts){margin-bottom:2rem;margin-top:2rem}.bloghash-entry p{margin-bottom:1.5rem;margin-top:1.5rem}.bloghash-entry figure{margin-top:2rem;margin-bottom:2rem}.author-avatar img{border-radius:var(--bloghash-full-radius);width:3rem;vertical-align:middle;margin-right:.8rem;display:inline-block;outline:1px solid rgba(185,185,185,.4)}#main .content-area .entry-meta a{color:inherit}.entry-meta{font-size:1.3rem;font-weight:600;margin-top:1.2rem}.entry-meta .bloghash-icon{height:1.827rem;margin-right:.7rem;vertical-align:text-bottom}.entry-meta .entry-meta-elements>span{padding:0 1rem;line-height:1.2}.entry-meta .entry-meta-elements>span.posted-on{line-height:1.5}.entry-meta .entry-meta-elements>span,.entry-meta .entry-meta-elements>span .posted-by{-js-display:inline-flex;display:-webkit-inline-box;display:-ms-inline-flexbox;display:inline-flex;-webkit-box-align:center;-ms-flex-align:center;align-items:center}.entry-meta .entry-meta-elements>span:first-child{padding-left:0}.entry-meta .entry-meta-elements>span:last-child{margin-right:0;padding-right:0}.entry-meta .entry-meta-elements>span:before{content:'';position:relative;left:-1.1rem;width:4px;height:4px;border-radius:100%;background-color:var(--bloghash-primary)}.entry-meta .entry-meta-elements>span:first-child:before{display:none}.entry-media{margin-bottom:2.5rem}.entry-media img{margin:0 auto;display:block}.single-post .entry-content{margin-top:4rem}.single-post .entry-media{margin-bottom:4rem}.single .post-category{margin-bottom:.3rem;font-size:1.4rem}.single .post-category a{-js-display:inline-flex;display:-webkit-inline-box;display:-ms-inline-flexbox;display:inline-flex;margin:0 .4rem .8rem}.single .entry-header{text-align:start;margin-bottom:1rem}.single .entry-meta{text-align:start;margin-top:1.6rem}.single .entry-content{margin-bottom:5rem}.single .post-nav .nav-previous .nav-content span{padding-right:2rem}.single .post-nav .nav-next .nav-content span:not(.ss-on-media-image-wrap){text-align:end;padding-left:2rem}.single.bloghash-page-title-align-left .bloghash-article>.entry-header,.single.bloghash-page-title-align-left .bloghash-article>.post-category{text-align:start}.single.bloghash-page-title-align-left .bloghash-article>.entry-meta>.entry-meta-elements{-webkit-box-pack:start;-ms-flex-pack:start;justify-content:flex-start}#cancel-comment-reply-link{font-size:1.3rem;border-radius:var(--bloghash-normal-radius);border:.2rem solid currentColor;font-weight:500;padding:.4rem .7rem;line-height:1;text-decoration:none;text-transform:capitalize;margin-left:1.4rem;color:inherit}button.bloghash-animate-arrow{-webkit-appearance:none;border:none;-webkit-box-shadow:none;box-shadow:none;background:0 0;outline:none}.bloghash-animate-arrow .arrow-bar{-webkit-transform:scaleX(0);-ms-transform:scaleX(0);transform:scaleX(0)}.bloghash-animate-arrow svg{vertical-align:middle}.bloghash-animate-arrow.right-arrow svg{-webkit-transform:rotate(180deg);-ms-transform:rotate(180deg);transform:rotate(180deg)}.bloghash-animate-arrow.right-arrow .arrow-bar{-webkit-transform-origin:100% 0;-ms-transform-origin:100% 0;transform-origin:100% 0}.bloghash-animate-arrow.right-arrow .arrow-handle{-webkit-transform:translateX(.6rem);-ms-transform:translateX(.6rem);transform:translateX(.6rem)}.bloghash-hamburger{padding:0;display:inline-block;font:inherit;color:inherit;text-transform:none;background-color:transparent;border:0;margin:0;overflow:visible}.hamburger-box{width:2.5rem;height:1.4rem;display:inline-block;position:relative}.hamburger-inner{display:block;top:50%;margin-top:-.1rem}.hamburger-inner,.hamburger-inner:before,.hamburger-inner:after{width:2.8rem;height:2px;background-color:#111827;border-radius:var(--bloghash-normal-radius);position:absolute}.hamburger-inner:before,.hamburger-inner:after{content:"";display:block}.hamburger-inner:before{top:-5px}.hamburger-inner:after{bottom:-5px}.bloghash-mobile-nav{order:1;display:none;margin-left:2.4rem}.bloghash-hamburger,.bloghash-mobile-nav{-webkit-box-align:center;-ms-flex-align:center;align-items:center}body:not(.is-mobile-menu-active) .bloghash-hamburger .hamburger-box .hamburger-inner:before{width:1.5rem}.bloghash-hamburger{-js-display:inline-flex;display:-webkit-inline-box;display:-ms-inline-flexbox;display:inline-flex;border-radius:var(--bloghash-normal-radius)}.bloghash-hamburger .hamburger-inner,.bloghash-hamburger .hamburger-inner:before,.bloghash-hamburger .hamburger-inner:after{background-color:currentColor}#bloghash-header:after{content:'';position:fixed;top:100%;left:0;right:0;height:100vh;background-color:rgba(255,255,255,.85);z-index:991;opacity:0;visibility:hidden;will-change:opacity,visibility;-webkit-transform:translate3d(0,0,0);transform:translate3d(0,0,0)}@media only screen and (min-width:600px){.site .bloghash-flex-row .start-sm{-webkit-box-pack:start;-ms-flex-pack:start;justify-content:flex-start;text-align:start}.site .bloghash-flex-row .end-sm{-webkit-box-pack:end;-ms-flex-pack:end;justify-content:flex-end;text-align:end;margin-left:auto}}@media only screen and (min-width:782px){.site .bloghash-flex-row .col-md{-webkit-box-flex:1;-ms-flex-positive:1;flex-grow:1;-ms-flex-negative:1;flex-shrink:1;max-width:100%;-ms-flex-preferred-size:0;flex-basis:0}.site .bloghash-flex-row .col-md.flex-basis-auto{-ms-flex-preferred-size:auto;flex-basis:auto}.site .bloghash-flex-row .end-md{-webkit-box-pack:end;-ms-flex-pack:end;justify-content:flex-end;text-align:end;margin-left:auto}}@media only screen and (max-width:868px){.bloghash-hide-mobile-tablet{display:none!important}.bloghash-container{padding:0 3rem}.bloghash-header-widgets .bloghash-header-widget,.bloghash-header-widgets .bloghash-header-widget.bloghash-header-widget__button{padding-left:1rem;padding-right:1rem}.bloghash-mobile-nav{margin-left:1.6rem}}@media only screen and (max-width:599px){#bloghash-header-inner .bloghash-widget-wrapper,.bloghash-header-element,.bloghash-header-widgets .bloghash-header-widget{position:static}.bloghash-header-widgets .dropdown-item:after{display:none}.page-header>.bloghash-container{-webkit-box-align:start;-ms-flex-align:start;align-items:flex-start;-webkit-box-orient:vertical;-webkit-box-direction:normal;-ms-flex-direction:column;flex-direction:column}.author-avatar img{display:none}}@media only screen and (max-width:480px){#page{min-height:-webkit-fill-available}}@media only screen and (max-width:960px){#bloghash-topbar>.bloghash-container>.bloghash-flex-row>div .bloghash-topbar-widget{padding-top:.6rem;padding-bottom:.6rem}#bloghash-topbar .bloghash-topbar-widget{padding-left:.8rem;padding-right:.8rem}.bloghash-topbar__separators-regular #bloghash-topbar .bloghash-topbar-widget:after{margin-left:.8rem}#main>.bloghash-container{display:block}#primary{max-width:100%!important;padding-left:0!important;padding-right:0!important;margin-top:4rem}.site-main #secondary{width:100%;margin-top:4rem}}@media all and (-ms-high-contrast:none),(-ms-high-contrast:active){.site .bloghash-flex-row:after{content:'';display:block;min-height:inherit;font-size:0}.bloghash-btn{height:1rem}#main>.bloghash-container #primary{-ms-flex-preferred-size:0%;flex-basis:0%}}.bloghash-btn{background-color:var(--bloghash-primary)}#bloghash-topbar .bloghash-topbar-widget__text .bloghash-icon{color:var(--bloghash-primary)}#masthead .bloghash-header-widgets .dropdown-item:after,.bloghash-nav>ul .sub-menu:after{border-bottom-color:var(--bloghash-primary);outline:none!important}.bloghash-header-widgets .dropdown-item,.bloghash-nav .sub-menu{border-top-color:var(--bloghash-primary)}::-webkit-selection{background-color:var(--bloghash-primary);color:var(--bloghash-white)}::-webkit-scrollbar-thumb{background:rgba(0,0,0,.2)}::-webkit-scrollbar-thumb:hover{background:rgba(0,0,0,.4)}.mr-1{margin-right:.4rem}.mt-3{margin-top:1.6rem}.d-none{display:none}a.bloghash-btn i{font-size:105%;vertical-align:baseline}a.bloghash-btn i:before{display:inline-block;vertical-align:middle}a.bloghash-btn span{vertical-align:baseline;line-height:normal}@media (prefers-reduced-motion:reduce){*{animation-duration:0s!important}}.bloghash-glassmorphism{position:fixed;right:0;left:0;bottom:0;display:flex;overflow:hidden;z-index:-1}.bloghash-glassmorphism .block{width:28.8rem;height:28.8rem;filter:blur(64px);mix-blend-mode:multiply;border-radius:999px;display:block;opacity:.1}.bloghash-glassmorphism .block.one{margin-top:5rem;background-color:rgba(239,35,60)}.bloghash-glassmorphism .block.two{margin-top:16rem;margin-left:-8rem;background-color:rgba(4,134,139)}@media only screen and (min-width:768px){.bloghash-glassmorphism{top:4rem}}@media only screen and (min-width:1024px){.bloghash-glassmorphism .block{width:38.4rem;height:38.4rem}}@media only screen and (min-width:1280px){.bloghash-glassmorphism{top:8rem}}.post-category .cat-links a.cat-2899{color:#f43676;background:#fdd7e4}:root{--bloghash-primary:#f43676;--bloghash-primary_80:#fdd7e4;--bloghash-primary_15:#f6558b;--bloghash-primary_27:rgba(244,54,118,.27);--bloghash-primary_10:rgba(244,54,118,.1)}#bloghash-topbar{background:#f43676;background:-webkit-linear-gradient(45deg,#f43676 0,rgba(226,181,181,.39) 100%);background:-o-linear-gradient(45deg,#f43676 0,rgba(226,181,181,.39) 100%);background:linear-gradient(45deg,#f43676 0,rgba(226,181,181,.39) 100%)}#bloghash-topbar{border-style:solid}.bloghash-topbar-widget:after{background-color:#ccc}#bloghash-topbar{color:#002050}.bloghash-topbar-widget .bloghash-nav>ul>li>a,#bloghash-topbar .bloghash-topbar-widget__text .bloghash-icon{color:#302d55}#bloghash-header-inner{background:#fff}#bloghash-header,.bloghash-header-widgets a:not(.bloghash-btn),.bloghash-logo a,.bloghash-hamburger{color:#131315}#bloghash-header-inner{border-color:rgba(185,185,185,.4);border-bottom-width:1px}.bloghash-header-widget:after{background-color:#ccc}@media screen and (max-width:960px){#bloghash-header-inner .bloghash-nav{display:none;color:#000}.bloghash-mobile-toggen,.bloghash-mobile-nav{display:inline-flex}#bloghash-header-inner{position:relative}#bloghash-header-inner .bloghash-nav>ul>li>a{color:inherit}#bloghash-header-inner .site-navigation{display:none;position:absolute;top:100%;width:100%;height:100%;min-height:100vh;left:0;right:0;margin:-1px 0 0;background:#fff;border-top:1px solid #eaeaea;box-shadow:0 15px 25px -10px rgba(50,52,54,.125);z-index:999;font-size:1.7rem;padding:0}#bloghash-header-inner .site-navigation>ul{overflow-y:auto;max-height:68vh;display:block}#bloghash-header-inner .site-navigation>ul>li>a{padding:0!important}#bloghash-header-inner .site-navigation>ul li{display:block;width:100%;padding:0;margin:0;margin-left:0!important}#bloghash-header-inner .site-navigation>ul .sub-menu{position:static;display:none;border:none;box-shadow:none;border:0;opacity:1;visibility:visible;font-size:1.7rem;transform:none;background:#f8f8f8;min-width:initial;left:0;padding:0;margin:0;border-radius:0;line-height:inherit}#bloghash-header-inner .site-navigation>ul .sub-menu>li>a>span{padding-left:50px!important}#bloghash-header-inner .site-navigation>ul .sub-menu a>span{padding:10px 30px 10px 50px}#bloghash-header-inner .site-navigation>ul a{padding:0;position:relative;background:0 0}#bloghash-header-inner .site-navigation>ul li{border-bottom:1px solid #eaeaea}#bloghash-header-inner .site-navigation>ul>li:last-child{border-bottom:0}#bloghash-header-inner .site-navigation>ul a>span{padding:10px 30px!important;width:100%;display:block}#bloghash-header-inner .site-navigation>ul a>span:after,#bloghash-header-inner .site-navigation>ul a>span:before{display:none!important}#bloghash-header-inner .site-navigation>ul .menu-item-has-children>a{display:inline-flex;width:100%;max-width:calc(100% - 50px)}#bloghash-header-inner .bloghash-nav .menu-item-has-children>a>span{border-right:1px solid rgba(185,185,185,.4)}#bloghash-header-inner .bloghash-nav .menu-item-has-children>a>.bloghash-icon{transform:none;width:50px;margin:0;position:absolute;right:0;height:1em;display:none}.bloghash-mobile-toggen{width:50px;height:1em;background:0 0;border:none}.bloghash-mobile-toggen .bloghash-icon{transform:none;width:50px;margin:0;position:absolute;right:0;height:1em}}.bloghash-nav.bloghash-header-element,.bloghash-header-layout-1 .bloghash-header-widgets{font-weight:600;font-family:"Inter Tight",Helvetica,Arial,sans-serif;font-size:1.7rem;line-height:1.5}#secondary{width:30%}body:not(.bloghash-no-sidebar) #primary{max-width:70%}.bloghash-layout__boxed-separated #content>article,.bloghash-layout__boxed-separated.bloghash-sidebar-style-2 #secondary .bloghash-widget{background-color:#fff}body{color:#002050}h1,a,.entry-meta{color:#302d55}:root{--bloghash-secondary:#302d55}.bloghash-container{max-width:1480px}.bloghash-logo img{max-height:45px}.bloghash-logo .logo-inner{margin-top:27px;margin-right:10px;margin-bottom:27px;margin-left:10px}@media only screen and (max-width:768px){.bloghash-logo .logo-inner{margin-top:25px;margin-right:1px;margin-bottom:25px}}.page-header{background:rgba(244,54,118,.1)}.page-header{border-color:rgba(0,0,0,.062);border-style:solid;border-bottom-width:1px}.bloghash-breadcrumbs{padding-top:15px;padding-bottom:15px}html{font-size:62.5%}@media only screen and (max-width:768px){html{font-size:53%}}@media only screen and (max-width:480px){html{font-size:50%}}*{-moz-osx-font-smoothing:grayscale;-webkit-font-smoothing:antialiased}body{font-weight:400;font-family:"Be Vietnam Pro",Helvetica,Arial,sans-serif;font-size:1.7rem;line-height:1.75}h1{font-weight:700;font-style:normal;text-transform:none;text-decoration:none;font-family:"Be Vietnam Pro",Helvetica,Arial,sans-serif}h1{font-weight:700;font-size:4rem;line-height:1.4}.single-post .entry-content{font-size:1.6rem}.bloghash-btn{color:#fff;border-color:rgba(0,0,0,.12);border-width:.1rem;border-top-left-radius:.8rem;border-top-right-radius:.8rem;border-bottom-right-radius:.8rem;border-bottom-left-radius:.8rem}.bloghash-btn{font-weight:500;font-family:"Be Vietnam Pro",Helvetica,Arial,sans-serif;font-size:1.8rem}.ss-on-media-wrapper .ss-social-icons-container>li>.ss-ss-on-media-button,.ss-popup-overlay .ss-copy-action .ss-button,.ss-popup-overlay .ss-popup .ss-close-modal,.ss-popup-overlay .ss-popup .ss-popup-networks .ss-popup-network>a{border:0;text-shadow:none;-webkit-box-shadow:none;box-shadow:none;outline:0;text-decoration:none;text-transform:none;letter-spacing:0}.ss-on-media-wrapper .ss-social-icons-container>li>.ss-pinit-button,.ss-social-icons-container>li .ss-ss-on-media-button:after{outline:0}.ss-svg-icon{height:16px;width:auto;vertical-align:text-bottom;fill:currentColor}.ss-envelope-color{background-color:#323b43}.ss-facebook-color{background-color:#1877f2}.ss-twitter-color{background-color:#000}.ss-linkedin-color{background-color:#2867b2}.ss-pinterest-color{background-color:#bd081c}.ss-copy-color{background-color:#323b43}.ss-print-color{background-color:#323b43}.ss-mix-color{background-color:#ff8226}.ss-clearfix:after{content:"";display:table;clear:both}:root{--ss-wpadminbar-height:0px}.ss-on-media-image-wrap{display:inline-block!important;position:relative!important;line-height:0}.ss-on-media-image-wrap>img{margin:0!important}.ss-on-media-container{position:relative;margin:0!important;line-height:0}.ss-on-media-container.wp-post-image{text-align:center}.ss-on-media-wrapper{display:none}.ss-on-media-wrapper.ss-on-media-always-visible .ss-social-icons-container{opacity:1}.ss-on-media-wrapper .ss-social-icons-container{opacity:0;position:absolute;z-index:1;display:-webkit-box;display:-ms-flexbox;display:flex;padding:0!important;max-width:initial!important}.ss-on-media-wrapper .ss-social-icons-container>li{display:inline-block;float:left}.ss-on-media-wrapper .ss-social-icons-container>li>.ss-ss-on-media-button{display:-webkit-inline-box;display:-ms-inline-flexbox;display:inline-flex}.ss-on-media-wrapper .ss-social-icons-container>li>.ss-ss-on-media-button span{position:relative}.ss-on-media-wrapper .ss-social-icons-container>li>.ss-pinit-button{-webkit-box-orient:horizontal;-webkit-box-direction:normal;-ms-flex-direction:row;flex-direction:row;white-space:nowrap;font-family:-apple-system,BlinkMacSystemFont,"Segoe UI",Roboto,Oxygen-Sans,Ubuntu,Cantarell,Arial,"Helvetica Neue",sans-serif;font-weight:400;height:auto!important;width:auto!important;line-height:1!important;padding:10px 16px}.ss-on-media-wrapper .ss-social-icons-container>li>.ss-pinit-button .ss-on-media-content{display:-webkit-box;display:-ms-flexbox;display:flex}.ss-on-media-wrapper .ss-social-icons-container>li>.ss-pinit-button svg{width:auto;margin-right:6px}.ss-on-media-wrapper.ss-top-left-on-media .ss-social-icons-container{top:15px;left:15px}.ss-on-media-wrapper.ss-with-spacing.ss-top-left-on-media .ss-social-icons-container{left:12px}.ss-on-media-wrapper.ss-regular-icons .ss-social-icons-container>li>.ss-pinit-button{padding:12px 18px}.ss-popup-overlay{display:none;font-family:-apple-system,BlinkMacSystemFont,"Segoe UI",Roboto,Oxygen-Sans,Ubuntu,Cantarell,Arial,"Helvetica Neue",sans-serif;-webkit-font-smoothing:initial;content:"";position:fixed;top:0;bottom:0;left:0;right:0;z-index:99999;background:rgba(202,202,202,.75);opacity:0}.ss-popup-overlay .ss-copy-action{position:relative;display:none}.ss-popup-overlay .ss-copy-action .ss-copy-action-field{border:1px solid rgba(0,0,0,.1);border-radius:2px;color:#323b43;font-family:inherit;font-size:16px;-webkit-box-sizing:border-box;box-sizing:border-box;width:100%;height:48px!important;line-height:48px!important;padding:0 120px 0 50px!important;text-shadow:none;-webkit-box-shadow:none;box-shadow:none;outline:0;background-color:#fff;margin:0}.ss-popup-overlay .ss-copy-action .ss-button{font-weight:400;font-family:inherit;position:absolute;right:6px;top:5px;background-color:#557ceb;color:#fff;padding:0;line-height:38px;height:38px;width:105px;font-size:16px;z-index:9;border-radius:2px}.ss-popup-overlay .ss-copy-action svg{position:absolute;height:24px;width:24px;top:50%;left:15px;margin-top:-12px;fill:#dadada}.ss-popup-overlay .ss-popup{opacity:0;border-radius:2px;max-width:90%;max-height:90%;width:720px;height:auto}.ss-popup-overlay .ss-popup .ss-popup-heading{display:block;display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-align:center;-ms-flex-align:center;align-items:center;font-size:16px;font-weight:300;color:#323b43;background-color:#fff;line-height:58px;height:58px;padding:0 0 0 24px;margin:0;border-top-left-radius:4px;border-top-right-radius:4px}.ss-popup-overlay .ss-popup .ss-close-modal{margin-left:auto;padding:0 24px;height:100%;display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-align:center;-ms-flex-align:center;align-items:center;color:#a9a9a9}.ss-popup-overlay .ss-popup .ss-close-modal svg{width:16px;height:16px}.ss-popup-overlay .ss-popup .ss-popup-content{position:relative;top:3px;left:0;right:0;bottom:0;max-height:70vh;background-color:#fff;overflow-y:scroll;padding:24px 24px 20px;border-bottom-left-radius:4px;border-bottom-right-radius:4px}.ss-popup-overlay .ss-popup .ss-popup-networks{display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-orient:horizontal;-webkit-box-direction:normal;-ms-flex-direction:row;flex-direction:row;-ms-flex-wrap:wrap;flex-wrap:wrap;margin:0 -6px}.ss-popup-overlay .ss-popup .ss-popup-networks .ss-popup-network{-webkit-box-sizing:border-box;box-sizing:border-box;width:33.33%;padding:0 6px 6px;-ms-flex-negative:0;flex-shrink:0;float:left;display:inline-block}.ss-popup-overlay .ss-popup .ss-popup-networks .ss-popup-network>a{position:relative;-webkit-box-sizing:border-box;box-sizing:border-box;height:40px;padding:0 15px 0 0;display:-webkit-box;display:-ms-flexbox;display:flex;line-height:40px;-webkit-box-align:center;-ms-flex-align:center;align-items:center;-webkit-box-orient:horizontal;-webkit-box-direction:normal;-ms-flex-direction:row;flex-direction:row;color:#fff;border-radius:2px;font-weight:500;font-size:13px;vertical-align:middle;-webkit-backface-visibility:hidden;white-space:nowrap;text-overflow:ellipsis}.ss-popup-overlay .ss-popup .ss-popup-networks .ss-popup-network>a span:first-child{position:relative;z-index:2;height:40px;width:40px;text-align:center;line-height:40px;font-size:16px;margin-right:10px;background-color:rgba(0,0,0,.15);display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-align:center;-ms-flex-align:center;align-items:center}.ss-popup-overlay .ss-popup .ss-popup-networks .ss-popup-network>a svg{fill:#fff;height:16px;width:inherit;z-index:1}.ss-popup-overlay .ss-popup .ss-popup-networks .ss-popup-network>a span:first-child:before{content:"";position:absolute;left:0;top:0;background-color:rgba(0,0,0,.1)}.ss-popup-overlay .ss-popup .ss-popup-networks .ss-popup-network>a span{position:relative;z-index:3}.ss-popup-overlay .ss-popup .ss-popup-networks .ss-popup-network>a:before{position:absolute;content:"";background-color:rgba(255,255,255,0);top:0;left:0;bottom:0;right:0;z-index:1}.ss-share-network-tooltip{font-family:-apple-system,BlinkMacSystemFont,"Segoe UI",Roboto,Oxygen-Sans,Ubuntu,Cantarell,Arial,"Helvetica Neue",sans-serif;-webkit-font-smoothing:initial;position:absolute;line-height:1;left:100%;margin-left:12px;background-color:rgba(56,70,84,.85);top:50%;width:auto;white-space:nowrap;padding:8px 10px;border-radius:2px;font-size:12px;color:rgba(255,255,255,.9);z-index:2;opacity:0;-webkit-transform:translateX(-7px) translateY(-50%);-ms-transform:translateX(-7px) translateY(-50%);transform:translateX(-7px) translateY(-50%)}.ss-copy-action .ss-share-network-tooltip{left:auto;margin-left:0;right:100%;margin-right:12px;-webkit-transform:translateX(7px) translateY(-50%);-ms-transform:translateX(7px) translateY(-50%);transform:translateX(7px) translateY(-50%)}.ss-social-icons-container>li .ss-ss-on-media-button:after{content:"";background-color:rgba(0,0,0,0);position:absolute;top:0;left:0;right:0;bottom:0;z-index:1}.ss-on-media-wrapper.ss-circle-icons .ss-social-icons-container>li>.ss-ss-on-media-button{border-radius:52px}.ss-on-media-wrapper.ss-with-spacing .ss-social-icons-container>li{padding:0 3px!important}.ss-on-media-wrapper{font-family:-apple-system,BlinkMacSystemFont,"Segoe UI",Roboto,Oxygen-Sans,Ubuntu,Cantarell,Arial,"Helvetica Neue",sans-serif}.ss-on-media-wrapper .ss-social-icons-container{margin:0!important;padding:0;list-style:none}.ss-on-media-wrapper .ss-social-icons-container>li{position:relative;list-style:none;margin:0;padding:0}.ss-on-media-wrapper .ss-social-icons-container>li:before{display:none}.ss-on-media-wrapper .ss-social-icons-container>li>.ss-ss-on-media-button{position:relative;-webkit-box-sizing:border-box;box-sizing:border-box;-webkit-box-align:center;-ms-flex-align:center;align-items:center;-webkit-box-pack:center;-ms-flex-pack:center;justify-content:center;text-align:center;width:52px;height:52px;line-height:52px;color:#fff;overflow:hidden;vertical-align:middle;font-size:16px;text-decoration:none!important}.ss-on-media-wrapper .ss-social-icons-container>li>.ss-ss-on-media-button svg{height:16px;width:inherit;z-index:1}@media screen and (max-width:782px){.ss-popup-overlay .ss-popup .ss-popup-networks .ss-popup-network{width:50%}}@media screen and (max-width:500px){.ss-popup-overlay .ss-popup .ss-popup-networks .ss-popup-network{width:100%}}
Iranian APT caught acting as access broker for ransomware crews by StuffsEarth - StuffsEarth
Skip to content
Posted by
Alienx
August 29, 2024
Hackers sponsored by the Iranian government are acting as go-betweens and initial access brokers to target environments on behalf of financially motivated ransomware gangs, including big names such as ALPHV/BlackCat, the US Cybersecurity and Infrastructure Security Agency (CISA) has warned.
In an advisory published this week, CISA and its law enforcement partners, including the FBI, revealed that the Iranian advanced persistent threat (APT) group tracked variously as Pioneer Kitten, UNC757, Parisite, Rubidium and Lemon Sandstorm has been conducting malicious cyber operations aimed at deploying ransomware attacks to obtain, maintain and develop network access.
“These operations aid malicious cyber actors in further collaborating with affiliate actors to continue deploying ransomware,” the CISA said.
“This advisory outlines activity by a specific group of Iranian cyber actors that has conducted a high volume of computer network intrusion attempts against US organisations since 2017 and as recently as August 2024. Compromised organisations include US-based schools, municipal governments, financial institutions and healthcare facilities.”
The FBI had previously observed the group attempting to monetise their access to victim organisations on underground markets, and now assesses that a “significant percentage” of its activity – at least in the US – is focused on selling this access on to Russian-speaking cyber crime gangs.
But there is now evidence that this relationship seems to run even deeper. Indeed, the Feds now believe Pioneer Kitten has been “collaborating directly” with ransomware affiliates to receive a cut of the ransom payments in exchange for their assistance.
“These actors have collaborated with the ransomware affiliates NoEscape, RansomHouse, and ALPHV (aka BlackCat),” said the CISA.
“The Iranian cyber actors’ involvement in these ransomware attacks goes beyond providing access; they work closely with ransomware affiliates to lock victim networks and strategise on approaches to extort victims.
“The FBI assesses these actors do not disclose their Iran-based location to their ransomware affiliate contacts and are intentionally vague as to their nationality and origin.”
Thwarting the KittenA Pioneer Kitten-enabled ransomware attack generally seems to begin with the exploitation of remote external services on internet-facing assets.
In recent weeks, the gang has been observed using Shodan to identify IP addresses hosting Check Point Security Gateways vulnerable to CVE-2024-24919, but it is also known to have exploited CVE-2024-3400 in Palo Alto Networks PAN-OS and GlobalProtect VPN, as well as older vulnerabilities in Citrix and F5 BIG-IP. Addressing these issues should be priority number one for security teams in at-risk organisations.
Once beyond this first hurdle, the group’s modus operandi is in most regards a fairly standard one – it seeks to further its goals by capturing login credentials on Netscaler devices via a deployed webshell, elevates its privileges by hijacking or creating new accounts, often with exemptions to zero-trust policies, places backdoors to load malware, and tries to disable antivirus software and lower security settings. It also sets up a daily Windows service task for persistence as mitigation occurs.
When it comes to command and control, Pioneer Kitten is known to use the AnyDesk remote access programme and to enable servers to use Windows PowerShell Web Access. It also favours Ligolo, an open source tunnelling tool, and NGROK to create outbound connections.
The full CISA advisory contains more technical details on its attack chain.
Has Pioneer Kitten gone rogue?Interestingly, the US authorities also said Pioneer Kitten’s ransomware activities may not be officially sanctioned by Tehran, and the group’s members themselves – who use the Iranian company name Danesh Novin Sahand as a cover IT company – have occasionally expressed concern that the Iranian government may be monitoring their money-laundering activities.
Pioneer Kitten’s official remit, said CISA, appears to be to conduct hack-and-leak campaigns, stealing data and publicising it, not to make money, but to undermine their victims as part of Iranian information operations. This activity seems to have been largely focused on victims in Israel and other regional powers of interest to Iran, including Azerbaijan and the United Arab Emirates.
Reference :
Reference link
Scroll to Top