How global cyberwarfare will impact security in Brazil

In the current geopolitical landscape, cyberwarfare has become a central component of conflicts and disputes between nations. States are employing offensive cyber operations for espionage, sabotage, and political influence on a global scale. 

Government-coordinated attacks – often through advanced groups known as APTs (advanced persistent threats) – have evolved in sophistication and reach. This context of global cyber threats directly affects Brazil's digital security, exposing strategic sectors to significant risks and demanding responses commensurate with the technical level of adversaries.

Evolution of cyberwarfare in the global scenario

In the last two decades, cyber warfare has evolved from an isolated phenomenon into a global pandemic. A significant turning point in this shift was the 2017 NotPetya attack, a malware with unprecedented destructive power at the time, which inaugurated a new era of cyber warfare.

Ever since, traditional conflicts have acquired a strong digital component: for instance, the Russian campaign in Ukraine included a series of cyberattacks against power grids, communications, and government bodies, while hacktivist and criminal groups aligned themselves with state interests. The integration between conventional and digital warfare became clear, and the lines between state-sponsored attacks and common cybercrimes blurred. 

The main state actors in global cyberwarfare include powers such as China, Russia, the United States, Iran, and North Korea, among others. Each employs specific strategies: cyber espionage for the theft of industrial and governmental secrets, sabotage against enemy critical infrastructure, and influence operations (such as intrusions followed by the leaking of sensitive data to interfere with political processes). A concerning characteristic is the growing collaboration (or tolerance) between states and criminal groups. 

Examples include ransomware gangs based in countries that do not repress them, using financial extortion to cause strategic damage.In 2021, the US Colonial Pipeline ransomware attack (attributed to a Russian-speaking group) exposed the lack of preparedness of infrastructure companies in the face of threats of this type. These attacks on critical infrastructure give attackers notoriety and often financial returns, which makes them increasingly frequent and sophisticated.

The growing influence of China

China has emerged as one of the most influential and active cyber powers. Recent reports indicate an aggressive expansion of Chinese digital espionage operations worldwide.In 2024, there was an average increase of 150% in intrusions conducted by hackers linked to China, reaching organizations in virtually every sector of the economy . Only in 2024 were identified seven new Chinese cyberespionage groups, many specialized in specific sectors or technologies .

Cyber campaigns carried out by Chinese hackers have global reach and do not spare Latin America.Research shows that in 2023, most cyber attacks in Latin America originated from agents linked to China and Russia . 

This coordinated effort reflects not only geopolitical objectives (such as monitoring diplomatic positions or foreign investments), but also economic interests.Brazil, for example, is today the largest destination for Chinese investments in Latin America, especially in energy, telecommunications and mining . Coincidentally (or not), cyberespionage originating in China against Brazilian targets has grown similarly to that observed in other regions of high Chinese investment, such as countries participating in the Belt and Road Initiative group that brings together countries from Asia, Europe, Africa, and Latin America.

Impact of Global Threats on Brazil: Strategic Sectors Under Attack

Various strategic Brazilian sectors are already suffering intrusion attempts by malicious foreign actors, whether nation-backed groups or sophisticated criminal organizations. The main vectors include targeted phishing campaigns, advanced malware inserted into critical networks, and the exploitation of vulnerabilities in widely-used systems.

Several critical infrastructure facilities in Brazil such as electricity, oil and gas, telecommunications, water and transport networks IO have become frequent targets in cyberwar, given the potential to cause large-scale damage if compromised. In February 2021, two of the largest companies in the Brazilian electricity sector suffered ransomware attacks that forced them to suspend part of their operations temporarily .

North Korean groups have been showing great interest in Brazilian targets of cryptocurrencies, financial institutions and even defense sectors. These criminals seek to steal digital assets to finance North Korean government programs, circumventing sanctions.This is a form of economically motivated cyberwar.In addition, international cybercriminals (often linked to Eastern European networks) see Brazilian banks and their millions of customers as profitable targets.Bank malware campaigns, phishing networks and card theft hit Brazil on an industrial scale. Not by chance, a recent report indicated that Brazil is the second most attacked country in the world in 7 million financial crimes 1.

Government and public institutions

Brazilian government institutions, including federal agencies, the Armed Forces, the Judiciary and state governments, became priority targets in cyberwarfare, attracting espionage and sabotage attacks from several countries. Groups associated with China, Russia and North Korea directed operations against Brazil in recent years .

The motivation ranges from interest in diplomatic and trade secrets to gaining strategic advantage in international negotiations. A Google report in 2023 revealed that since 2020, more than a dozen foreign cyberespionage groups have targeted users in Brazil 85% of phishing activities attributed to governments originated from groups in China, North Korea and Russia .

This intense activity reflects Brazil's position as a regional leader and influential actor on the global stage, making it an attractive target for opponents in search of privileged information .

How Brazil has been mitigating the risks of cyber warfare

Given the escalation of global cyber threats, Brazil has been adopting—and should continue to improve—various measures to mitigate risks and strengthen your cybersecurity. The lessons learned from incidents and expert recommendations converge on some key points, such as strengthening governmental cybersecurity structures – Brazil approved, in 2021, the National Cybersecurity Strategy (E-Ciber), which emphasizes the need to strengthen national protection capabilities, improve international cooperation, and encourage the development of national technologies.

But there is still a lot to be done. The country needs to implement additional layers of defense in the energy, telecommunications, financial, transportation, sanitation and other essential services sectors.This includes adopting international security standards (for example, ISO 27001 standards, NIST framework) and requiring infrastructure operators to comply with minimum cybersecurity requirements.It is also necessary to reduce the attack surface of these organizations, increase their resilience and establish robust protocols for prevention, monitoring and response to incidents .

In particular, the security of the backbone of the Internet in Brazil should be improved by protecting data centers, large servers, traffic exchange points and other assets that support various critical sectors . 

In the private sector, there is a greater level of maturity, depending on the segment. The financial sector, for example, has one of the most advanced cybersecurity ecosystems in Brazil, driven by strict Central Bank regulations, continuous investment in anti-fraud technology, and the need to protect high-value transactions against increasingly sophisticated threats. 

In conclusion, global cyber warfare imposes complex challenges on Brazil, which are, however, manageable with proper planning and investment. The country has already shown progress—it is considered to have the most mature cybersecurity posture in Latin America—but the pace of the threat demands constant improvement.

In the invisible theater of cyberspace, where attacks occur in microseconds, preparing in advance is essential. Strengthening Brazilian cyber resilience will not only mitigate the risks of cyber warfare but also ensure that Brazil can safely take advantage of the opportunities of global digital transformation, without having its sovereignty or strategic assets held hostage by hidden adversaries. In short, cybersecurity is national security, and it must be a priority in times of peace and conflict, today and always.