← Back to news

LATAM Infrastructure Hit by Fortinet and Ivanti Exploits

Infosecurity Magazine18/06/2026, 11:30
Read full article →

Summary

AI-Generated

Key Points:

  • A coordinated cyber campaign, dubbed Operation Escaneo, targeted government and financial sectors across Latin America, exploiting vulnerabilities in Fortinet and Ivanti products.
  • The attackers accessed critical infrastructure in Mexico and other countries, leading to significant data theft, including over 1.3 million personal records and sensitive system credentials.
  • Immediate actions recommended include patching vulnerabilities in Fortinet (CVE-2022-42475, CVE-2024-21762) and Ivanti (CVE-2023-46805, CVE-2024-21887, CVE-2025-0282) appliances, along with monitoring for unusual network traffic patterns.

Technical Details: Attackers exploited multiple vulnerabilities in internet-facing security appliances to gain access. They utilized a custom reconnaissance tool named Kimera to identify targets rapidly and employed various exploits including those for Apache Tomcat's GhostCat flaw and Windows vulnerabilities like EternalBlue.

MITRE ATT&CK Techniques:

  • T1190 - Exploit Public-Facing Application (Initial Access)
  • T1071.001 - Application Layer Protocol: Web Protocols (Command and Control)
  • T1041 - Exfiltration Over Command and Control Channel (Exfiltration)
  • T1070.001 - Indicator Removal on Host: File Deletion (Defense Evasion)

IOCs Mentioned: None mentioned.

Join the discussion — sign up to comment, upvote, and save articles.

Discussion

or to comment
Loading...

Loading comments...

Join 5,000+ security professionals

Get access to curated threat intel, upvote articles, join discussions, and build your karma in the SOC community.