In the current geopolitical scenario, cyberwar has become a central component of conflicts and disputes between nations. States are employing offensive cyber operations for espionage, sabotage, and political influence on a global scale.
Attacks coordinated by governments – often through advanced groups known as APTs (persistent advanced threats) – have evolved in sophistication and reach. This context of global cyber threats directly affects Brazil’s digital security, exposing strategic sectors to significant risks and demanding responses to the technical level of opponents.
Evolution of cyberwar in the global scenario
In the last two decades, cyberwar has gone from an isolated phenomenon to a global pandemic. At this turn, there was an important milestone: the 2017 Notpetya attack, a malware with an unprecedented destruction power at the time, and which inaugurated a new era of cyber warfare.
Since then, traditional conflicts have had a strong digital component: for example, the Russian campaign in Ukraine has included a series of cyber attacks against electrical networks, communications and government agencies, while hacktivist groups and criminals have aligned themselves with state interests. The integration between conventional and digital warfare became clear, and the boundaries between state attacks and common cyber crimes became diffuse.
The main state agents of the global cyberwar include powers such as China, Russia, the United States, Iran and North Korea, among others. Each employs specific strategies: cybernetic espionage for theft of industrial and government secrets, sabotage against enemy critical infrastructure, and influence attacks (such as invasions followed by leaking confidential data to interfere with political processes). A worrying feature is the growing collaboration (or tolerance) between states and criminal groups.
Examples include ransomware gangs based in countries that do not repress them, using financial extortion to cause strategic damage. In 2021, the Ransomware attack on the colonial pipeline in the US (attributed to a Russian-language group) exposed the lack of preparation of infrastructure companies in the face of threats of this type. These attacks on critical infrastructure give notoriety to aggressors and often financial returns, which makes them more and more frequent and sophisticated.
China’s growing influence
China has emerged as one of the most influential and active cybernetic powers. Recent reports indicate an aggressive expansion of Chinese digital espionage operations around the world. In 2024, there was an average increase of 150% in intrusions led by hackers linked to China, affecting organizations in practically all sectors of the economy. In 2024 alone, seven new Chinese cyberespionage groups were identified, many specialized in specific sectors or technologies.
The cyber campaigns carried out by Chinese hackers have a global reach and do not spare Latin America. Research shows that in 2023, most cyber attacks in Latin America originated from agents linked to China and Russia.
This coordinated effort reflects not only geopolitical objectives (such as monitoring diplomatic positions or foreign investments), but also economic interests. Brazil, for example, is today the biggest destination for Chinese investments in Latin America, especially in energy, telecommunications and mining. Coincidentally (or not), cyberespionage originating in China against Brazilian targets grew similarly to that seen in other high-end Chinese regions, such as countries participating in the Belt and Road Initiative – a group that brings together countries in Asia, Europe, Africa, and Latin America.
Impact of global threats in Brazil: strategic sectors under attack
Several Brazilian strategic sectors already suffer attempts at intrusion by foreign malicious actors, whether groups supported by sophisticated criminal organizations or organizations. Major vectors include targeted phishing campaigns, advanced malware inserted in critical networks, and exploitation of vulnerabilities in widely used systems
Several installations of the Brazilian critical infrastructure – such as electricity, oil and gas networks, telecommunications, water and transport – have become a frequent target in cyberwar, given the potential to cause large-scale damage if compromised. In February 2021, two of the largest companies in the Brazilian electricity sector suffered ransomware attacks that forced them to temporarily suspend part of their operations.
The financial sector is also not left out. North Korean groups have shown great interest in Brazilian cryptocurrency targets, financial institutions and even defense sectors. These criminals seek to steal digital assets to finance US government programs, bypassing sanctions – it is a form of cyberwar of economic motivation. In addition, international cybercriminals (often linked to Eastern European networks) see Brazilian banks and their millions of customers as profitable targets. Banking malware campaigns, phishing networks and card data theft hit Brazil on an industrial scale. It is not by chance that a recent report indicated that Brazil is the second most attacked country in the world in cyber crimes, suffering more than 700 million attacks in 12 months (average of 1,379 attacks per minute) – many of which target fraud financial.
government and public institutions
Brazilian government institutions – including federal agencies, armed forces, judiciary and state governments – have become priority targets in cyberwar, attracting espionage and sabotage attacks from several countries. Groups associated with China, Russia and North Korea have directed operations against Brazil in recent years.
The motivation ranges from the interest in diplomatic and commercial secrets to obtaining a strategic advantage in international negotiations. A Google report in 2023 revealed that since 2020, more than a dozen foreign cyberespionage groups have targeted users in Brazil – 85% of the phishing activities assigned to governments originated from groups in China, North Korea and Russia.
This intense activity reflects Brazil’s position as a regional leader and an influential actor in the global scenario, making it an attractive target for opponents in search of privileged information.
How Brazil has mitigated the risks of cyberwar
In the face of the escalation of global cyber threats, Brazil has been adopting – and should continue to improve – several measures to mitigate risks and strengthen your cybersecurity. The lessons learned from the incidents and the recommendations of experts converge in some key points, such as the strengthening of government cyber defense structures – Brazil approved, in 2021, the National Cyber Security Strategy (E-Ciber), which emphasizes the need to strengthen national protection capabilities, improve international cooperation and encourage the development of national technologies.
But there is still much to be done. The country needs to implement additional layers of defense in the energy, telecommunications, financial, transport, sanitation and other essential services sectors. This includes adopting international security standards (for example, ISO 27001 standards, NIST Framework) and requiring infrastructure operators to meet minimum cybersecurity requirements. It is also necessary to reduce the attack surface of these organizations, increase their resilience and establish robust protocols for preventing, monitoring and responding to incidents.
In particular, the security of the backbone of the Internet in Brazil should be improved – protecting data centers, large servers, traffic exchange points and other assets that support various critical sectors.
In the field of private companies, there is a greater maturity, depending on the segment. The financial sector, for example, has one of the most advanced cybersecurity ecosystems in Brazil, driven by strict regulations by the Central Bank, continuous investments in anti-fraud technology and the need to protect high-value transactions against increasingly sophisticated threats..
In conclusion, the global cyberwar imposes complex challenges on Brazil, but manageable with adequate planning and investments. The country has already shown advances – it is considered the most mature stance in cybersecurity in Latin America – but the pace of the threat requires constant improvement.
In the invisible theater of cyberspace, where attacks take place in microseconds, preparing in advance is essential. Strengthening Brazilian cyber resilience will not only mitigate the risks of cyberwar, but will also ensure that Brazil can safely take advantage of the opportunities of global digital transformation, without having its sovereignty or strategic assets hostage to occult opponents. In short, cybersecurity is national security, and it should be a priority in times of peace and conflict, today and always.
