Shadow-Aether-040 AI-augmented campaign against Mexican government entities
Campaign
Summary
Hide ▲
Show ▼
The Shadow-Aether-040 campaign used AI agents and custom tooling to compromise six government entities in Mexico, increasing the risk of follow-on intrusion and data theft across Latin American public-sector networks. The operation ran from Dec. 27 to Jan. 4 and also touched financial services, aviation, and retail targets. Its use of agentic tooling, web shells, and traffic-tunneling methods shows a coordinated intrusion effort with broad regional relevance.
Related Happenings
Operation Escaneo Latin America intrusion campaign targeting government and finance
Campaign
H score57
First: 18.06.2026 14:30
Last: 18.06.2026 14:30
Sources 1
About this happening:
The **Operation Escaneo** campaign exposed a **coordinated intrusion effort** against **government and financial targets across Latin America**, with confirmed victim access and d...
Operation Escaneo Latin America intrusion campaign targeting government and finance
CampaignAbout this happening: The **Operation Escaneo** campaign exposed a **coordinated intrusion effort** against **government and financial targets across Latin America**, with confirmed victim access and d...
China-nexus agentic tools attack campaign targeting Japanese technology and East Asian cybersecurity organizations
Campaign
H score31
First: 11.05.2026 16:00
Last: 11.05.2026 16:00
Sources 1
About this happening:
A **China-nexus actor** used **agentic tools** in a targeted attack against a **Japanese technology firm** and an **East Asian cybersecurity platform**, showing how AI-driven orch...
China-nexus agentic tools attack campaign targeting Japanese technology and East Asian cybersecurity organizations
CampaignAbout this happening: A **China-nexus actor** used **agentic tools** in a targeted attack against a **Japanese technology firm** and an **East Asian cybersecurity platform**, showing how AI-driven orch...
Google GTIG analysis of adversary AI use for exploit development and attack orchestration
Technical Analysis
H score33
First: 11.05.2026 16:00
Last: 11.05.2026 16:00
Sources 1
About this happening:
**Google Threat Intelligence Group** published findings showing **adversaries using AI** for **exploit development** and **attack orchestration**, signaling that model-assisted tr...
Google GTIG analysis of adversary AI use for exploit development and attack orchestration
Technical AnalysisAbout this happening: **Google Threat Intelligence Group** published findings showing **adversaries using AI** for **exploit development** and **attack orchestration**, signaling that model-assisted tr...
Municipal water and drainage utility provider in Mexico hit by network compromise
Incident
H score29
First: 07.05.2026 17:00
Last: 07.05.2026 17:00
Sources 1
About this happening:
A **municipal water and drainage utility provider in Mexico** suffered a **significant IT compromise** that escalated into an attempted attack against **OT infrastructure**, raisi...
Municipal water and drainage utility provider in Mexico hit by network compromise
IncidentAbout this happening: A **municipal water and drainage utility provider in Mexico** suffered a **significant IT compromise** that escalated into an attempted attack against **OT infrastructure**, raisi...
UAT-8302 government-targeting campaign across South America and southeastern Europe
Campaign
H score28
First: 05.05.2026 17:19
Last: 05.05.2026 17:19
Sources 1
About this happening:
The **UAT-8302** campaign has been tied to attacks on **government entities** in **South America** and **southeastern Europe**, showing a multi-region operation with post-exploita...
UAT-8302 government-targeting campaign across South America and southeastern Europe
CampaignAbout this happening: The **UAT-8302** campaign has been tied to attacks on **government entities** in **South America** and **southeastern Europe**, showing a multi-region operation with post-exploita...
Timeline
-
13.05.2026 16:00 2 articles · 1mo ago
Shadow-Aether-040 compromises six Mexican government entities with AI agents
Initial DisclosureShadow-Aether-040 used AI agents and an agentic CLI with Anthropic's Claude to support vulnerability discovery, web-shell deployment, persistence, and workflow documentation while compromising six government entities in Mexico between Dec. 27 and Jan. 4; some intrusions led to data theft.
Show sources
- LatAm Vibe Hackers Generate Custom Hacking Tools on the Fly — www.darkreading.com — 13.05.2026 16:00
- LatAm Vibe Hackers Generate Custom Hacking Tools on the Fly — www.darkreading.com — 13.05.2026 16:00