Shadow-Aether-040 AI-augmented campaign against Mexican government entities
Campaign
Summary
Hide ▲
Show ▼
The Shadow-Aether-040 campaign used AI agents and custom tooling to compromise six government entities in Mexico, increasing the risk of follow-on intrusion and data theft across Latin American public-sector networks. The operation ran from Dec. 27 to Jan. 4 and also touched financial services, aviation, and retail targets. Its use of agentic tooling, web shells, and traffic-tunneling methods shows a coordinated intrusion effort with broad regional relevance.
Related Happenings
China-nexus agentic tools attack campaign targeting Japanese technology and East Asian cybersecurity organizations
Campaign
First: 11.05.2026 16:00
Last: 11.05.2026 16:00
Sources 1
About this happening:
A **China-nexus actor** used **agentic tools** in a targeted attack against a **Japanese technology firm** and an **East Asian cybersecurity platform**, showing how AI-driven orch...
China-nexus agentic tools attack campaign targeting Japanese technology and East Asian cybersecurity organizations
CampaignAbout this happening: A **China-nexus actor** used **agentic tools** in a targeted attack against a **Japanese technology firm** and an **East Asian cybersecurity platform**, showing how AI-driven orch...
Google GTIG analysis of adversary AI use for exploit development and attack orchestration
Technical Analysis
First: 11.05.2026 16:00
Last: 11.05.2026 16:00
Sources 1
About this happening:
**Google Threat Intelligence Group** published findings showing **adversaries using AI** for **exploit development** and **attack orchestration**, signaling that model-assisted tr...
Google GTIG analysis of adversary AI use for exploit development and attack orchestration
Technical AnalysisAbout this happening: **Google Threat Intelligence Group** published findings showing **adversaries using AI** for **exploit development** and **attack orchestration**, signaling that model-assisted tr...
Municipal water and drainage utility provider in Mexico hit by network compromise
Incident
First: 07.05.2026 17:00
Last: 07.05.2026 17:00
Sources 1
About this happening:
A **municipal water and drainage utility provider in Mexico** suffered a **significant IT compromise** that escalated into an attempted attack against **OT infrastructure**, raisi...
Municipal water and drainage utility provider in Mexico hit by network compromise
IncidentAbout this happening: A **municipal water and drainage utility provider in Mexico** suffered a **significant IT compromise** that escalated into an attempted attack against **OT infrastructure**, raisi...
UAT-8302 government-targeting campaign across South America and southeastern Europe
Campaign
First: 05.05.2026 17:19
Last: 05.05.2026 17:19
Sources 1
About this happening:
The **UAT-8302** campaign has been tied to attacks on **government entities** in **South America** and **southeastern Europe**, showing a multi-region operation with post-exploita...
UAT-8302 government-targeting campaign across South America and southeastern Europe
CampaignAbout this happening: The **UAT-8302** campaign has been tied to attacks on **government entities** in **South America** and **southeastern Europe**, showing a multi-region operation with post-exploita...
Widespread exposure and misconfiguration in self-hosted AI infrastructure
Target Trend
First: 05.05.2026 13:30
Last: 05.05.2026 13:30
Sources 1
About this happening:
A large-scale measurement found **self-hosted AI infrastructure** was being deployed with **widespread exposure and no authentication**, creating a broad risk of data theft, workf...
Widespread exposure and misconfiguration in self-hosted AI infrastructure
Target TrendAbout this happening: A large-scale measurement found **self-hosted AI infrastructure** was being deployed with **widespread exposure and no authentication**, creating a broad risk of data theft, workf...
Timeline
-
13.05.2026 16:00 2 articles · 14d ago
Shadow-Aether-040 compromises six Mexican government entities with AI agents
Initial DisclosureShadow-Aether-040 used AI agents and an agentic CLI with Anthropic's Claude to support vulnerability discovery, web-shell deployment, persistence, and workflow documentation while compromising six government entities in Mexico between Dec. 27 and Jan. 4; some intrusions led to data theft.
Show sources
- LatAm Vibe Hackers Generate Custom Hacking Tools on the Fly — www.darkreading.com — 13.05.2026 16:00
- LatAm Vibe Hackers Generate Custom Hacking Tools on the Fly — www.darkreading.com — 13.05.2026 16:00