FILTERING BY: CLEAR FILTER

Operation Escaneo: Hybrid Cybercrime and Espionage Targeting LATAM Critical Infrastructure

Operation Escaneo is a sophisticated hybrid threat campaign targeting critical infrastructure, government entities (notably in Mexico), and financial institutions across Latin America. The campaign utilizes a dual-purpose operational model where financially motivated cybercrime activities appear to subsidize strategic intelligence-gathering operations. Threat actors establish initial access through the exploitation of exposed edge devices and network tunnels, subsequently leveraging privileged service account abuse to facilitate lateral movement and persistent access. This shift from opportunistic attacks to structured intrusion chains represents a heightened risk to regional sovereignty and economic stability, necessitating urgent defensive hardening of perimeter assets.

APT28 Exploitation of Edge Device Vulnerabilities and EOL Hardware

Russian-linked threat actor APT28 is strategically targeting network edge devices—including VPN concentrators, firewalls, and gateways—to establish persistence and bypass host-based security controls such as EDR and MFA. By exploiting vulnerabilities in unpatched or End-of-Life (EOL) firmware, APT28 implements perimeter traversal chains that remain invisible to standard endpoint monitoring. This campaign specifically targets US Federal agencies and critical infrastructure, creating high-risk entry points into Cyber-Physical Systems (CPS). Remediation is mandated via CISA advisory AA26-097A, requiring the immediate replacement or patching of unsupported edge hardware to eliminate unpatchable attack surfaces.

Edge-to-Core Escalation: Nation-State Actors Weaponize EOL F5 BIG-IP Appliances

Nation-state threat actors are pivoting from traditional endpoint attacks to "Edge-to-Core" escalation, weaponizing unpatched or End-of-Life (EOL) F5 BIG-IP appliances to bypass perimeter defenses. By exploiting the implicit trust between edge devices and internal infrastructure, attackers are successfully pivoting through internal SaaS applications to achieve full Identity and Active Directory compromise.


LINK COPIED TO CLIPBOARD