In the current geopolitical scenario, cyberwar has become a central component of conflicts and disputes between nations. States are employing offensive cyber operations for espionage, sabotage and political influence on a global scale.
Coordinated attacks by governments – often through advanced groups known as APTs (advanced persistent threats) – they evolved in sophistication and reach. This context of global cyber threats directly affects Brazil's digital security, exposing strategic sectors to significant risks and demanding responses commensurate with the technical level of adversaries
Evolution of cyber warfare in the global scenario
In the last two decades, cyberwarfare has gone from an isolated phenomenon to a global pandemic. In this turn, There was an important milestone: the 2017 NotPetya attack, a malware with unprecedented destructive power at the time, and that inaugurated a new era of cyber warfare
Since then, traditional conflicts have come to have a strong digital component: for example, the russian campaign in Ukraine included a series of cyberattacks against power grids, communications and government agencies, while hacktivist and criminal groups aligned with state interests. The integration between conventional and digital warfare became clear, and the borders between state attacks and common cybercrimes have become blurred.
The main state agents of global cyberwarfare include powers like China, Russia, USA, Iran and North Korea, among others. Each employs specific strategies: cyber espionage for the theft of industrial and governmental secrets, sabotage against enemy critical infrastructures, and influence attacks (such as invasions followed by leaks of confidential data to interfere in political processes). A concerning feature is the growing collaboration (or tolerance) between States and criminal groups.
Examples include ransomware gangs based in countries that do not crack down on them, using financial extortion to cause strategic harm. In 2021, the ransomware attack on Colonial Pipeline in the US (attributed to a Russian-speaking group) exposed the lack of preparedness of infrastructure companies against such threats. These attacks on critical infrastructure confer notoriety to the aggressors and often financial returns, what makes them increasingly frequent and sophisticated
The growing influence of China
China has emerged as one of the most influential and active cyber powers. Recent reports indicate an aggressive expansion of Chinese digital espionage operations worldwide. In 2024, An average increase of 150% in intrusions carried out by hackers linked to China was observed, organizing organizations in virtually all sectors of the economy. Only in 2024 were seven new Chinese cyber espionage groups identified, many specialized in specific sectors or technologies
The cyber campaigns carried out by Chinese hackers have a global reach and do not spare Latin America. Research indicates that, in 2023, Most cyberattacks in Latin America originated from agents linked to China and Russia.
This coordinated effort reflects not only geopolitical objectives (such as monitoring diplomatic positions or foreign investments), but also economic interests. Brazil, for example, it is today the largest destination for Chinese investments in Latin America, especially in energy, telecommunications and mining. Coincidentally (or not), Chinese-origin cyber espionage against Brazilian targets has grown similarly to what has been observed in other regions with high Chinese investment, as participating countries of the Belt and Road Initiative – group that brings together countries from Asia, Europe, Africa, and Latin America
Impact of global threats in Brazil: strategic sectors under attack
Several strategic Brazilian sectors are already experiencing intrusion attempts by malicious foreign actors, whether they are groups supported by nations or sophisticated criminal organizations. The main vectors include targeted phishing campaigns, advanced malware embedded in critical networks and exploitation of vulnerabilities in widely used systems
Various facilities of the Brazilian critical infrastructure – like electrical power grids, oil and gas, telecommunications, water and transportation – they have become frequent targets in cyber warfare, given their potential to cause large-scale damage if compromised. In February 2021, two of the largest companies in the Brazilian electric sector suffered ransomware attacks that forced them to temporarily suspend part of their operations
The financial sector is also not left out. North Korean groups have been showing great interest in Brazilian cryptocurrency targets, financial institutions and even defense sectors. These criminals seek to steal digital assets to finance North Korean government programs, circumventing sanctions – It is a form of cyber warfare driven by economic motivation. Furthermore, international cybercriminals (often linked to Eastern European networks) see Brazilian banks and their millions of customers as lucrative targets. Banking malware campaigns, Phishing networks and card data theft hit Brazil on an industrial scale. Not by chance, a recent report indicated that Brazil is the second most attacked country in the world for cybercrimes, suffering more than 700 million investments in 12 months (average of 1.379 attacks per minute– many of which aim at financial frauds
Government and public institutions
Brazilian government institutions – including federal agencies, Armed Forces, Judiciary and state governments – They became priority targets in cyber warfare, attracting espionage and sabotage attacks from various countries. Groups associated with China, Russia and North Korea directed operations against Brazil in recent years
Motivation ranges from interest in diplomatic and commercial secrets to gaining strategic advantage in international negotiations. A Google report in 2023 revealed that, since 2020, more than a dozen foreign cyber espionage groups have targeted users in Brazil – 85% of phishing activities attributed to governments originated from Chinese groups, North Korea and Russia
This intense activity reflects Brazil's position as a regional leader and influential actor on the global stage, making it an attractive target for adversaries seeking insider information
How Brazil has mitigated the risks of cyber warfare
Faced with the escalation of global cyber threats, Brazil has been adopting – and should continue improving – various measures formitigate risks and strengthen your cybersecurity. The lessons learned from incidents and experts' recommendations converge on some key points, how the strengthening of government cybersecurity structures – Brazil approved, in 2021, The National Cybersecurity Strategy (E-Ciber), that emphasizes the need to strengthen national protection capabilities, improve international cooperation and encourage the development of national technologies
But there is still much to be done. The country needs to implement additional layers of defense in the energy sectors, telecommunications, financial, transportation, sanitation and other essential services. This includes adopting international safety standards (for example, ISO 27001 standards, (NIST framework) and require infrastructure operators to meet minimum cybersecurity requirements. It is also necessary to reduce the attack surface of these organizations, raise your resilience and establish robust prevention protocols, monitoring and incident response
In particular, The security of the internet's backbone in Brazil should be improved – protecting data centers, large servers, traffic exchange points and other assets that support various critical sectors.
In the field of private companies, there is a greater maturity, depending on the segment. The finance department, for example, has one of the most advanced cybersecurity ecosystems in Brazil, driven by strict regulations from the Central Bank, continuous investments in anti-fraud technology and the need to protect high-value transactions against increasingly sophisticated threats.
In conclusion, the global cyberwar imposes complex challenges on Brazil, but manageable with proper planning and investments. The country has already shown progress – it is considered the most mature posture in cybersecurity in Latin America – but the pace of the threat requires constant improvement
In the invisible theater of cyberspace, where attacks occur in microseconds, preparing in advance is essential. Strengthening Brazilian cyber resilience will not only mitigate cyberwarfare risks, but also ensure that Brazil can safely take advantage of the opportunities of global digital transformation, without having your sovereignty or strategic assets held hostage by hidden adversaries. In summary, cybersecurity is national security, and should be a priority in times of peace and conflict, today and always
