In the current geopolitical scenario, cyberwar has become a central component of conflicts and disputes between nations. States are employing offensive cyber operations for espionage, sabotage and political influence on a global scale.
Coordinated attacks by governments – frequently through advanced groups known as APTs (advanced persistent threats) – evolved in sophistication and reach. This context of global cyber threats directly affects Brazil's digital security, exposing strategic sectors to significant risks and requiring responses commensurate with the technical level of adversaries
Evolution of cyber warfare in the global scenario
In the last two decades, cyberwarfare has gone from an isolated phenomenon to a global pandemic. In this turn, there was an important milestone: the 2017 NotPetya attack, a malware with unprecedented destructive power at the time, and which inaugurated a new era of cyber warfare
Since then, conflicts traditional have taken on a strong digital component for example, the Russian campaign in Ukraine included a series of cyber attacks against power grids, communications and government agencies, while hacktivist groups and criminals aligned with state interests. The integration between conventional and digital warfare became clear, and the boundaries between state attacks and common cybercrimes have become blurred.
The main state agents of global cyber warfare include powers such as China, Russia, United States, Iran and North Korea, among others. Each employs specific strategies: cyber espionage for the theft of industrial and government secrets, sabotage against enemy critical infrastructure, e ataques de influência (como invasões seguidas de vazamento de dados confidenciais para interferir em processos políticos). A concerning feature is the growing collaboration (or tolerance) between States and criminal groups.
Examples include ransomware gangs based in countries that do not suppress them, using financial extortion to cause strategic harm. У 2021, the ransomware attack on Colonial Pipeline in the US (attributed to a Russian-speaking group) exposed the lack of preparedness of infrastructure companies against such threats. These attacks on critical infrastructure confer notoriety to the aggressors and often financial returns, what makes them increasingly frequent and sophisticated
The growing influence of China
China has emerged as one of the most influential and active cyber powers. Recent reports indicate an aggressive expansion of Chinese digital espionage operations worldwide. In 2024, an average increase of 150% in intrusions carried out by hackers linked to China was observed, atingindo organizações em praticamente todos os setores da economia. Only in 2024 were seven new Chinese cyber espionage groups identified, many specialists in specific sectors or technologies
The cyber campaigns carried out by Chinese hackers have a global reach and do not spare Latin America. Research indicates that, in 2023, most cyber attacks in Latin America originated from agents linked to China and Russia.
This coordinated effort reflects not only geopolitical objectives (such as monitoring diplomatic positions or foreign investments), but also economic interests. Brazil, for example, it is today the largest destination for Chinese investments in Latin America, especially in energy, telecommunications and mining. Coincidentally (or not), Cyber espionage originating from China against Brazilian targets has grown similarly to what has been observed in other regions with high Chinese investment, como países participantes da Iniciativa do Cinturão e Rota – group that brings together countries from Asia, Europe, Africa, and Latin America
Impact of global threats on Brazil: strategic sectors under attack
Various strategic Brazilian sectors are already experiencing intrusion attempts by malicious foreign actors, whether they are groups supported by nations or sophisticated criminal organizations. The main vectors include targeted phishing campaigns, malicious software embedded in critical networks and exploitation of vulnerabilities in widely used systems
Various facilities of the Brazilian critical infrastructure – como redes de energia elétrica, oil and gas, telecommunications, water and transport – they have become frequent targets in cyber warfare, given the potential to cause large-scale damage if compromised. In February 2021, two of the largest companies in the Brazilian electric sector suffered ransomware attacks that forced them to temporarily suspend part of their operations
The financial sector is also not left out. North Korean groups have been showing great interest in Brazilian cryptocurrency targets, financial institutions and even defense sectors. These criminals seek to steal digital assets to fund North Korean government programs, circumventing sanctions – It is a form of cyber warfare driven by economic motivation. Furthermore, cibercriminals international (often linked to Eastern European networks) see Brazilian banks and their millions of customers as lucrative targets. Banking malware campaigns, redes de phishing e roubo de dados de cartões atingem o Brasil em escala industrial. Not by chance, a recent report indicated that Brazil is the second most attacked country in the world for cyber crimes, suffering more than 700 million investments in 12 months (average of 1.379 attacks per minute– many of which aim at financial frauds
Government and public institutions
The Brazilian government institutions – including federal agencies, Armed Forces, Judiciary and state governments – they became priority targets in cyber warfare, attracting espionage and sabotage attacks from various countries. Groups associated with China, Russia and North Korea directed operations against Brazil in recent years
The motivation ranges from interest in diplomatic and commercial secrets to gaining strategic advantage in international negotiations. A Google report in 2023 revealed that, since 2020, more than a dozen foreign cyber espionage groups have targeted users in Brazil – 85% of phishing activities attributed to governments originated from Chinese groups, North Korea and Russia
This intense activity reflects Brazil's position as a regional leader and influential actor on the global stage, making it an attractive target for adversaries seeking insider information
How Brazil has mitigated the risks of cyber warfare
Faced with the escalation of global cyber threats, Brazil has been adopting – and must continue to improve – various measures formitigate risks and strengthen your cybersecurity. The lessons learned from incidents and expert recommendations converge on some key points, how the strengthening of government cyber defense structures – Brazil approved, in 2021, The National Cybersecurity Strategy (E-Ciber), that emphasizes the need to strengthen national protection capacities, improve international cooperation and encourage the development of national technologies
But there is still much to be done. The country needs to implement additional layers of defense in the energy sectors, telecommunications, financial, transportation, sanitation and other essential services. This includes adopting international safety standards (for example, ISO 27001 standards, framework NIST and require infrastructure operators to meet minimum cybersecurity requirements. It is also necessary to reduce the attack surface of these organizations, raise your resilience and establish robust prevention protocols, monitoring and incident response
Особливо, the security of the internet backbone in Brazil should be improved – protecting data centers, large servers, points of traffic exchange and other assets supporting various critical sectors.
In the field of private companies, there is greater maturity, depending on the segment. The finance, for example, has one of the most advanced cybersecurity ecosystems in Brazil, driven by strict regulations from the Central Bank, continuous investments in anti-fraud technology and the need to protect high-value transactions against increasingly sophisticated threats.
In conclusion, a ciberguerra global impõe ao Brasil desafios complexos, but manageable with proper planning and investments. The country has already shown progress – it is considered the most mature posture in cybersecurity in Latin America – but the pace of the threat requires constant improvement
No teatro invisível do ciberespaço, where attacks occur in microseconds, preparing in advance is essential. Strengthening Brazilian cyber resilience will not only mitigate cyberwarfare risks, but also ensure that Brazil can safely take advantage of the opportunities of global digital transformation, without having your sovereignty or strategic assets hostage to hidden adversaries. Коротко, cybersecurity is national security, and should be a priority in times of peace and conflict, today and always
