How global cyberwarfare will impact security in Brazil

In the current geopolitical landscape, cyberwarfare has become a central component of conflicts and disputes between nations. States are employing offensive cyber operations for espionage, sabotage, and political influence on a global scale.  

Government-coordinated attacks – often through advanced groups known as APTs (advanced persistent threats) – have evolved in sophistication and reach. This context of global cyber threats directly affects Brazil's digital security, exposing strategic sectors to significant risks and demanding responses commensurate with the technical level of adversaries.

Evolution of cyberwarfare in the global scenario

In the last two decades, cyber warfare has evolved from an isolated phenomenon into a global pandemic. A significant turning point in this shift was the 2017 NotPetya attack, a malware with unprecedented destructive power at the time, which inaugurated a new era of cyber warfare.

Ever since, traditional conflicts have acquired a strong digital component: for instance, the Russian campaign in Ukraine included a series of cyberattacks against power grids, communications, and government bodies, while hacktivist and criminal groups aligned themselves with state interests. The integration between conventional and digital warfare became clear, and the lines between state-sponsored attacks and common cybercrimes blurred.  

The main state actors in global cyberwarfare include powers such as China, Russia, the United States, Iran, and North Korea, among others. Each employs specific strategies: cyber espionage for the theft of industrial and governmental secrets, sabotage against enemy critical infrastructure, and influence operations (such as intrusions followed by the leaking of sensitive data to interfere with political processes). A concerning characteristic is the growing collaboration (or tolerance) between states and criminal groups.  

Examples include ransomware gangs based in countries that do not suppress them, using financial extortion to cause strategic damage. In 2021, the ransomware attack on the Colonial Pipeline in the US (attributed to a Russian-speaking group) exposed the unpreparedness of infrastructure companies to face such threats. These attacks on critical infrastructure give notoriety to the attackers and often financial returns, making them increasingly frequent and sophisticated.

The growing influence of China

China has emerged as one of the most influential and active cyber powers. Recent reports indicate an aggressive expansion of Chinese digital espionage operations worldwide. In 2024, there was an average increase of 150% in intrusions conducted by China-linked hackers, affecting organizations in almost every sector of the economy. In 2024 alone, seven new Chinese cyber espionage groups were identified, many specializing in specific sectors or technologies.

Cyber campaigns carried out by Chinese hackers have a global reach and do not spare Latin America. Research indicates that, in 2023, most cyberattacks in Latin America originated from agents linked to China and Russia.  

This coordinated effort reflects not only geopolitical objectives (such as monitoring diplomatic positions or foreign investments) but also economic interests. Brazil, for example, is currently the largest destination for Chinese investments in Latin America, especially in energy, telecommunications, and mining. Coincidentally (or not), cyber espionage originating from China against Brazilian targets has grown similarly to what has been observed in other regions with high Chinese investment, such as countries participating in the Belt and Road Initiative – a group that includes countries from Asia, Europe, Africa, and Latin America.

Impact of Global Threats on Brazil: Strategic Sectors Under Attack

Various strategic Brazilian sectors are already suffering intrusion attempts by malicious foreign actors, whether nation-backed groups or sophisticated criminal organizations. The main vectors include targeted phishing campaigns, advanced malware inserted into critical networks, and the exploitation of vulnerabilities in widely-used systems.

Several facilities within Brazil's critical infrastructure—such as electricity grids, oil and gas, telecommunications, water, and transport networks—have become frequent targets in cyber warfare due to their potential to cause large-scale damage if compromised. In February 2021, two of the largest companies in the Brazilian electricity sector suffered ransomware attacks that forced them to temporarily suspend part of their operations.

The financial sector is not left out either. North Korean groups have shown great interest in Brazilian cryptocurrency targets, financial institutions, and even defense sectors. These criminals seek to steal digital assets to finance North Korean government programs, circumventing sanctions – this is a form of economically motivated cyber warfare. In addition, international cybercriminals (often linked to Eastern European networks) see Brazilian banks and their millions of customers as lucrative targets. Banking malware campaigns, phishing networks, and credit card data theft hit Brazil on an industrial scale. It is no coincidence that a recent report indicated that Brazil is the second most attacked country in the world in cybercrime, suffering more than 700 million attacks in 12 months (an average of 1,379 attacks per minute) – many of which aimed at financial fraud.

Government and public institutions

Brazilian governmental institutions – including federal agencies, the Armed Forces, the Judiciary, and state governments – have become priority targets in cyberwarfare, attracting espionage and sabotage attacks from various countries. Groups associated with China, Russia, and North Korea have directed operations against Brazil in recent years.

The motivation ranges from an interest in diplomatic and commercial secrets to gaining a strategic advantage in international negotiations. A 2023 Google report revealed that since 2020, more than a dozen foreign cyber-espionage groups have targeted users in Brazil – 85% of government-attributed phishing activities originated from groups in China, North Korea, and Russia.

This intense activity reflects Brazil's position as a regional leader and influential player on the global stage, making it an attractive target for adversaries seeking privileged information.

How Brazil has been mitigating the risks of cyber warfare

Given the escalation of global cyber threats, Brazil has been adopting—and should continue to improve—various measures to mitigate risks and strengthen your cybersecurity. The lessons learned from incidents and expert recommendations converge on some key points, such as strengthening governmental cybersecurity structures – Brazil approved, in 2021, the National Cybersecurity Strategy (E-Ciber), which emphasizes the need to strengthen national protection capabilities, improve international cooperation, and encourage the development of national technologies.

But there is still much to be done. The country needs to implement additional layers of defense in the energy, telecommunications, financial, transportation, sanitation, and other essential services sectors. This includes adopting international security standards (e.g., ISO 27001, NIST framework) and requiring infrastructure operators to comply with minimum cybersecurity requirements. It is also necessary to reduce the attack surface of these organizations, enhance their resilience, and establish robust protocols for incident prevention, monitoring, and response.

In particular, the security of Brazil's internet backbone must be improved – protecting data centers, large servers, traffic exchange points, and other assets that support various critical sectors.  

In the private sector, there is a greater level of maturity, depending on the segment. The financial sector, for example, has one of the most advanced cybersecurity ecosystems in Brazil, driven by strict Central Bank regulations, continuous investment in anti-fraud technology, and the need to protect high-value transactions against increasingly sophisticated threats.  

In conclusion, global cyber warfare imposes complex challenges on Brazil, which are, however, manageable with proper planning and investment. The country has already shown progress—it is considered to have the most mature cybersecurity posture in Latin America—but the pace of the threat demands constant improvement.

In the invisible theater of cyberspace, where attacks occur in microseconds, preparing in advance is essential. Strengthening Brazilian cyber resilience will not only mitigate the risks of cyber warfare but also ensure that Brazil can safely take advantage of the opportunities of global digital transformation, without having its sovereignty or strategic assets held hostage by hidden adversaries. In short, cybersecurity is national security, and it must be a priority in times of peace and conflict, today and always.