In the current geopolitical scenario, cyberwarfare has become a central component of conflicts and disputes between nations. States are employing offensive cyber operations for espionage, sabotage, and political influence on a global scale.
Coordinated attacks by governments—often through advanced groups known as APTs (Advanced Persistent Threats)—have evolved in sophistication and reach. This context of global cyber threats directly affects Brazil’s digital security, exposing strategic sectors to significant risks and demanding responses on par with the technical level of adversaries.
Evolution of cyberwarfare in the global scenario
Over the past two decades, cyberwarfare has evolved from an isolated phenomenon to a global pandemic. A significant milestone in this shift was the 2017 NotPetya attack, malware with unprecedented destructive power at the time, which marked the beginning of a new era in cyber warfare.
Since then, traditional conflicts have gained a strong digital component: for example, Russia’s campaign in Ukraine included a series of cyberattacks against power grids, communications, and government agencies, while hacktivist and criminal groups aligned themselves with state interests. The integration of conventional and digital warfare became clear, and the boundaries between state-sponsored attacks and common cybercrimes became blurred.
The main state actors in global cyberwarfare include powers such as China, Russia, the United States, Iran, and North Korea, among others. Each employs specific strategies: cyber espionage to steal industrial and government secrets, sabotage against enemy critical infrastructure, and influence attacks (such as hacking followed by leaks of confidential data to interfere in political processes). A concerning characteristic is the growing collaboration (or tolerance) between states and criminal groups.
Examples include ransomware gangs based in countries that do not suppress them, using financial extortion to cause strategic damage. In 2021, the ransomware attack on Colonial Pipeline in the U.S. (attributed to a Russian-speaking group) exposed the unpreparedness of infrastructure companies facing such threats. These attacks on critical infrastructure bring notoriety to aggressors and often financial returns, making them increasingly frequent and sophisticated.
The growing influence of China
China has emerged as one of the most influential and active cyber powers. Recent reports indicate an aggressive expansion of Chinese digital espionage operations worldwide. In 2024, there was an average 150% increase in intrusions conducted by China-linked hackers, targeting organizations across virtually all economic sectors. In 2024 alone, seven new Chinese cyber espionage groups were identified, many specializing in specific sectors or technologies.
Cyber campaigns carried out by Chinese hackers have a global reach and do not spare Latin America. Research indicates that in 2023, most cyberattacks in Latin America originated from actors linked to China and Russia.
This coordinated effort reflects not only geopolitical objectives (such as monitoring diplomatic positions or foreign investments) but also economic interests. Brazil, for example, is now the largest destination for Chinese investments in Latin America, especially in energy, telecommunications, and mining. Coincidentally (or not), cyber espionage originating from China against Brazilian targets has grown similarly to what has been observed in other regions of high Chinese investment, such as countries participating in the Belt and Road Initiative—a group that includes countries from Asia, Europe, Africa, and Latin America.
Impact of global threats on Brazil: strategic sectors under attack
Several strategic Brazilian sectors have already faced intrusion attempts by foreign malicious actors, whether state-sponsored groups or sophisticated criminal organizations. The main vectors include targeted phishing campaigns, advanced malware inserted into critical networks, and exploitation of vulnerabilities in widely used systems.
Various facilities of Brazil’s critical infrastructure—such as power grids, oil and gas, telecommunications, water, and transportation—have become frequent targets in cyberwarfare, given their potential to cause large-scale damage if compromised. In February 2021, two of Brazil’s largest electricity sector companies suffered ransomware attacks that forced them to temporarily suspend part of their operations.
The financial sector is not spared either. North Korean groups have shown great interest in Brazilian cryptocurrency targets, financial institutions, and even defense sectors. These criminals seek to steal digital assets to fund North Korean government programs, circumventing sanctions—a form of economically motivated cyberwarfare. Additionally, international cybercriminals (often linked to Eastern European networks) see Brazilian banks and their millions of customers as lucrative targets. Banking malware campaigns, phishing networks, and credit card data theft target Brazil on an industrial scale. Unsurprisingly, a recent report indicated that Brazil is the second most attacked country in the world for cybercrimes, suffering over 700 million attempts in 12 months (an average of 1,379 attacks per minute)—many of which target financial fraud.
Government and public institutions
Brazilian government institutions—including federal agencies, the Armed Forces, Judiciary, and state governments—have become priority targets in cyberwarfare, attracting espionage and sabotage attacks from various countries. Groups associated with China, Russia, and North Korea have directed operations against Brazil in recent years.
Motivations range from interest in diplomatic and commercial secrets to gaining strategic advantage in international negotiations. A 2023 Google report revealed that since 2020, more than a dozen foreign cyber espionage groups have targeted users in Brazil—85% of government-attributed phishing activities originated from groups in China, North Korea, and Russia.
This intense activity reflects Brazil’s position as a regional leader and influential actor on the global stage, making it an attractive target for adversaries seeking privileged information.
How Brazil has mitigated cyberwarfare risks
Faced with the escalation of global cyber threats, Brazil has adopted—and must continue improving—various measures to mitigate risks and strengthen its cybersecurity. Lessons learned from incidents and expert recommendations converge on key points, such as strengthening governmental cyber defense structures—in 2021, Brazil approved the National Cybersecurity Strategy (E-Ciber), which emphasizes the need to enhance national protection capabilities, improve international cooperation, and encourage the development of domestic technologies.
But there is still much to be done. The country needs to implement additional defense layers in energy, telecommunications, finance, transportation, sanitation, and other essential services. This includes adopting international security standards (e.g., ISO 27001 norms, NIST framework) and requiring infrastructure operators to meet minimum cybersecurity requirements. It is also necessary to reduce these organizations’ attack surface, increase their resilience, and establish robust protocols for prevention, monitoring, and incident response.
Particularly, the security of Brazil’s internet backbone must be improved—protecting data centers, large servers, traffic exchange points, and other assets supporting various critical sectors.
In the private sector, maturity varies by segment. Finance, for example, has one of the most advanced cybersecurity ecosystems in Brazil, driven by strict Central Bank regulations, continuous investments in anti-fraud technology, and the need to protect high-value transactions against increasingly sophisticated threats.
In conclusion, global cyberwarfare imposes complex but manageable challenges on Brazil with proper planning and investments. The country has shown progress—it is considered the most mature in cybersecurity in Latin America—but the pace of threats demands constant improvement.
In the invisible theater of cyberspace, where attacks occur in microseconds, preparing in advance is crucial. Strengthening Brazil’s cyber resilience will not only mitigate cyberwarfare risks but also ensure Brazil can safely seize the opportunities of global digital transformation without having its sovereignty or strategic assets held hostage by hidden adversaries. In short, cybersecurity is national security and must be a priority in times of peace and conflict, today and always.
