Vibe Hacking: Two AI-Augmented Campaigns Target Government and Financial Sectors in Latin America

Description

Two distinct threat campaigns, SHADOW-AETHER-040 and SHADOW-AETHER-064, have been identified targeting government entities and financial organizations across Latin America using agentic artificial intelligence to conduct cyber intrusions. SHADOW-AETHER-040, a Spanish-speaking group, compromised six government entities in Mexico between December 2025 and January 2026, while SHADOW-AETHER-064, operating in Portuguese, targeted Brazilian financial institutions starting in April 2026. Both campaigns established SOCKS5 tunnels via ProxyChains and SSH, enabling AI agents to execute commands directly within victim networks. The AI agents dynamically generated hacking tools and scripts on-demand, reducing detection by signature-based security solutions. Despite tactical similarities including shared toolsets like Chisel, Neo-reGeorg, CrackMapExec, and Impacket, the campaigns appear to be separate entities distinguished primarily by language. These operations represent emerging cases of AI agents executing complete...