Brazil: Election interference and disinformation incidents, 7 May 2025

• Brazil, 2 May 2025 Brazil’s social security minister Carlos Lupi and President of the National Security Institute Alessandro Stefanutto were removed from their positions due to a police investigation into a fraud case involving pension payments. USD 1.6 billion from pensions was diverted by the National Security Institute to 11 associations and unions sharing earnings with corrupt government officials between 2019 and 2024. President Luiz Inacio Lula de Silva’s brother José Ferreira de Silva is the Vice President of one of the unions under investigation by the Brazilian federal police, leading users on social media platforms to allege President Lula was involved in the incident.
  
  Implications: If enough evidence involving Lupi, Steffanutto and the other directors of the institute is found, they could face charges for corruption, money laundering, forging documents and creating a criminal organisation. President Lula’s reputation will likely be impacted by the social media posts claiming he is corrupt due to his brother’s alleged involvement in the incident.
  
  
• Brazil, 1 May 2025 Former president Fernando Collor de Mello has been ordered to begin serving eight years and ten months in prison after being convicted of receiving USD 3.5 million to facilitate contracts between a state company and a private firm for the construction of fuel depots. Supreme Court Justice Alexandre de Moraes accepted Collor’s request for house arrest due to Collor’s age and poor health.
  
  Implications: Justice de Moraes’ opposition will likely view this as a form of corruption. Users on X have said that Fernando Collor was indirectly responsible for the deaths of millions of people due to Collor taking money from Brazil’s treasury meant health programs, education, and public security.
  
  

• Brazil, 29 April 2025 At a Brazil, Russia, India, China, South Africa (BRICS) meeting hosted in Rio de Janeiro, the member states’ foreign ministers were unable to reach a joint declaration relating to issues on trade, tariffs, green policies, trade protectionism and a reformed security council. The group also discussed reducing dependency on the US dollar in global trade.
  
  Implications: BRICS member states' inability to reach a joint declaration on the issues discussed will likely lead to increased tension between BRICS members and countries who intend to join BRICS. It also will likely influence trade negotiations between the US and Brazil when discussing US tariffs and Brazil’s trade agreements with BRICS member states. 

Fortnightly mitigation measures

• Organisations should consult our mitigation pages on Seerist for general malware and malware distribution and receive phishing detection and response training.
• Organisations should stablish clear internal communication channels for disseminating accurate information and updates and develop a crisis communication plan to address disinformation quickly and effectively. This plan should include predefined responses and strategies for countering false information and maintaining the company's reputation.
• Companies should conduct regular training sessions to educate employees about the risks of social engineering attacks, such as phishing and business email compromise (BEC) scams. Emphasize the importance of verifying the authenticity of emails and messages before responding or clicking on links.
• Organisations should establish an incident response team and use threat detection tools to quickly identify and respond to suspicious activities.

Social engineering awareness

• On 28 April 2025, it was reported that the Nova ransomware group compromised Bettininformatica, a Brazilian IT solutions provider, in a ransomware attack. Nova claims to have exfiltrated 15 GB of data and is  threatening to leak 10 GB of confidential data, payment information, videos, employee and customer information.
• In the wake of the Bettininformatica data breach, organisations should remain aware of potential collateral and follow-on targeting through sophisticated phishing attacks and business email compromise scams (BEC).

Disinformation education

• Chatter on social media platforms (such as X and Facebook) relating to President Lula’s involvement in the social security fraud investigation and Morae’s approval of house arrest for Collor will likely rise.
• Users on social media should verify the accuracy and source of any information shared or interacted with on social media relating to domestic government statements or actions taken on high visibility issues.

Social media monitoring

• Users on X are sharing and creating posts stating that Brazil needs to operate outside the World Bank, World Trade Organisation and the International Monetary Fund to replace the US dollar and decrease Brazil’s dependence on the US. Users on social media opposing BRICS are sharing posts claiming BRICS members have some of the highest corruption scores based on Transparency International’s reporting.
• Users on social media have a negative perception of Morae’s decision to grant former President Collor house arrest and the involvement of top government officials in pension fraud. Users on social media are also voicing concerns that corrupt officials in Brazil receive special privileges in the country.