Summary
Key Points:
- A coordinated cyber campaign, dubbed Operation Escaneo, targeted government and financial sectors across Latin America, exploiting vulnerabilities in Fortinet and Ivanti products.
- The attackers accessed critical infrastructure in Mexico and other countries, leading to significant data theft, including over 1.3 million personal records and sensitive system credentials.
- Immediate actions recommended include patching vulnerabilities in Fortinet (CVE-2022-42475, CVE-2024-21762) and Ivanti (CVE-2023-46805, CVE-2024-21887, CVE-2025-0282) appliances, along with monitoring for unusual network traffic patterns.
Technical Details: Attackers exploited multiple vulnerabilities in internet-facing security appliances to gain access. They utilized a custom reconnaissance tool named Kimera to identify targets rapidly and employed various exploits including those for Apache Tomcat's GhostCat flaw and Windows vulnerabilities like EternalBlue.
MITRE ATT&CK Techniques:
- T1190 - Exploit Public-Facing Application (Initial Access)
- T1071.001 - Application Layer Protocol: Web Protocols (Command and Control)
- T1041 - Exfiltration Over Command and Control Channel (Exfiltration)
- T1070.001 - Indicator Removal on Host: File Deletion (Defense Evasion)
IOCs Mentioned: None mentioned.
Join the discussion — sign up to comment, upvote, and save articles.