A threat actor previously linked to an alleged compromise of Ecuador’s electoral infrastructure is now claiming access to a Fortinet SSL VPN environment purportedly associated with the Argentine Army.
The claim was posted on a cybercrime forum on June 6, where the actor advertised what they described as full SSL VPN access to an internal military network. BreachNews has not independently verified the authenticity of the claim, the alleged access, or whether the environment shown in the screenshots belongs to the Argentine Army.
Screenshots published alongside the listing appear to show a Fortinet SSL VPN portal and an active authenticated session. BreachNews has redacted sensitive information and is not publishing technical details that could facilitate unauthorized access.
Actor advertises alleged military network access
According to the forum post, the advertised access would allow a user to connect to internal systems through the organization’s SSL VPN environment and interact with resources normally restricted to authorized personnel.
The threat actor claims the access could be used to browse internal web applications, access remote desktop services, connect to internal servers, view shared files, and potentially reach internal databases depending on the privileges associated with the account.
The post specifically references functionality commonly available through Fortinet SSL VPN deployments, including access to web services, remote administration tools, file shares, and internal network resources.
While screenshots were provided as evidence, BreachNews has not independently verified the authenticity of the images or the level of access allegedly available through the account.
Latest claim follows Ecuador electoral access allegations
The post appears to originate from the same threat actor previously covered by BreachNews in connection with an alleged compromise of Ecuador’s National Electoral Council infrastructure. In that case, the actor claimed access to voter registration systems and alleged the theft of approximately 13.5 million voter records.
Readers can review BreachNews’ previous coverage of those allegations here: Threat Actor Claims Access to Ecuador Electoral Registry Systems.
As with the Ecuador claims, BreachNews has not independently verified the authenticity of the alleged Argentine Army access.
Military organizations remain attractive targets
Military and defense organizations remain high-value targets for cybercriminals, hacktivist groups, and nation-state actors due to the potential intelligence value of internal communications, operational documents, personnel information, and network architecture data.
Even when threat actors advertise access rather than stolen data, the sale of valid VPN credentials or authenticated remote access can create significant security risks. Such access may allow additional actors to conduct reconnaissance, steal sensitive information, move laterally through internal environments, or deploy malware depending on the permissions available.
The claim emerges amid continued cyber activity targeting government and critical infrastructure organizations worldwide, with threat actors increasingly attempting to monetize access to sensitive networks rather than immediately releasing stolen data.
At time of publication, the Argentine Army had not issued any public statement regarding the allegations.
