Operation Escaneo Latin America intrusion campaign targeting government and finance
Campaign
Summary
Hide ▲
Show ▼
The Operation Escaneo campaign exposed a coordinated intrusion effort against government and financial targets across Latin America, with confirmed victim access and data theft. The operation reached critical infrastructure in Mexico, with additional activity in Ecuador and Portugal. Attackers used Fortinet FortiOS SSL-VPN and Ivanti Connect Secure flaws, plus Apache Tomcat, EternalBlue, Zerologon, and Log4Shell, to penetrate perimeter systems. The exposed tooling and access paths show an active cross-border campaign rather than isolated scans.
Related Happenings
Earth Lusca Operation FishMedley espionage campaign
Campaign
H score38
First: 16.06.2026 12:44
Last: 16.06.2026 12:44
Sources 1
About this happening:
A **multi-country espionage campaign** tied to **Earth Lusca / FishMonger** is now linked to **Operation FishMedley**, a **January–October 2022** effort that reached **seven organ...
Earth Lusca Operation FishMedley espionage campaign
CampaignAbout this happening: A **multi-country espionage campaign** tied to **Earth Lusca / FishMonger** is now linked to **Operation FishMedley**, a **January–October 2022** effort that reached **seven organ...
Shadow-Aether-040 AI-augmented campaign against Mexican government entities
Campaign
H score41
First: 13.05.2026 16:00
Last: 13.05.2026 16:00
Sources 1
About this happening:
The **Shadow-Aether-040** campaign used **AI agents** and custom tooling to compromise **six government entities in Mexico**, increasing the risk of follow-on intrusion and **data...
Shadow-Aether-040 AI-augmented campaign against Mexican government entities
CampaignAbout this happening: The **Shadow-Aether-040** campaign used **AI agents** and custom tooling to compromise **six government entities in Mexico**, increasing the risk of follow-on intrusion and **data...
Timeline
-
18.06.2026 14:30 2 articles · 1h ago
CloudSEK exposes Operation Escaneo campaign against Latin American government and financial targets
Initial DisclosureCloudSEK's analysis of Operation Escaneo mapped a coordinated intrusion campaign against government and financial targets across Latin America, with activity in Mexico and smaller activity in Ecuador and Portugal. The operation used exposed perimeter appliances and tuned exploits for Fortinet FortiOS SSL-VPN and Ivanti Connect Secure flaws, plus Apache Tomcat, EternalBlue, Zerologon, and Log4Shell, then maintained access with Neo-reGeorg webshells, Chisel reverse tunnels, and a compromised Cisco router fitted with a GRE tunnel. CloudSEK confirmed beacons from at least five victims and large-scale data theft, including access to SAP and Oracle systems and sensitive data such as SAP service-account hashes and browser-stored passwords.
Show sources
- LATAM Infrastructure Hit by Fortinet and Ivanti Exploits — www.infosecurity-magazine.com — 18.06.2026 14:30
- LATAM Infrastructure Hit by Fortinet and Ivanti Exploits — www.infosecurity-magazine.com — 18.06.2026 14:30