Breaking cybersecurity news, news analysis, commentary, and other content from around the world, with an initial focus on the Middle East & Africa and the Asia Pacific
The threat group's curious business model may combine opportunistic monetization alongside intel collection, without much coordination between the two.
June 18, 2026
A new cyber intrusion campaign suggests a shift in Latin America's threat landscape, as a financially motivated attacker demonstrated the tactics, techniques, and procedures of an advanced persistent threat group.
That's according to threat monitoring firm CloudSEK, which yesterday detailed "Operation Escaneo," a threat campaign attributed with medium confidence to a sophisticated threat actor known as MexicanMafia or PanchoVilla. MexicanMafia has a history of targeting critical infrastructure in Latin America but particularly in Mexico.







