LatAm Vibe Hackers Generate Custom Hacking Tools on the Fly

Trend Micro's TrendAI Research describes two Latin American campaigns — Shadow-Aether-040 and Shadow-Aether-064 — where threat actors used AI agents (via Anthropic's Claude) to automate reconnaissance, exploit vulnerable servers with web shells, generate custom backdoors and tunneling tools, and exfiltrate data from government and financial organizations; dynamically generated tooling increased detection difficulty but some compromises (six Mexican government entities) were observed.