This fortnightly report by Control Risks highlights key incidents during the reporting period. We examine how these incidents play into the election interference trends we’re observing and their impact on Brazilian organisations and individuals.  

Cyber interference and disinformation incidents

  • Brazil, 17 June 2025 Brazil’s federal police formally accused former President Jair Bolsonaro of using Brazil’s intelligence agency Agencia Brasileira de Inteligencia (ABIN) during his administration to conduct illegal surveillance on political rivals, journalists and environmentalists. According to the police, ABIN used the spyware FirstMile developed by the Israeli company Cognyte to target several Brazilian figures, including Supreme Court Justice Alexandre de Moraes, former Sao Paulo Governor Joao Doria, and the current head of Brazil’s Chamber of Deputies or lower house, Arthur Lira. Other targets include the tax auditors who were investigating Bolsonaro’s son, as well as several officials from the Brazilian Institute of Environment and Renewable Natural Resources (IBAMA) and journalists. Bolsonaro is currently standing trial over accusations of involvement in a coup plot to overturn the 2022 election results.

    Implications: Social media users widely discussed the claims made by Bolsonaro’s former right hand, Mauro Cid, who has become a state witness in the trial. Cid testified that he had received cash, which was intended to finance an operation to kill President Lula, his Vice President Geraldo Alckmin and Justice Moraes. Bolsonaro’s supporters have framed the trial as political prosecution and have accused the Supreme Court, especially Justice Alexandre de Moraes of overreach and bias. Social media users also discussed the alleged assassination plans.

  • Brazil, 13 June 2025 Brazil’s Supreme Court ruled that social media companies can be held accountable for some types of the content published on its platform by users. However, the Supreme Court did not agree on what type of content would be considered illegal under the ruling. The ruling will become effective once all six judges have voted. A US federal court issued a legal summons to Justice Alexandre de Moraes accusing him of overreaching his authority after requests from Trump Media & Technology Group, which operate the social media sites Truth Socia and Rumble.

    Implications: The ruling may subject social media companies to fines if they do not take down content deemed illegal. However, the vague definitions, including no agreement on the scope of the ruling how to define illegal content, introduces legal ambiguity.  The ruling comes amid a campaign to disrupt disinformation. 

Fortnightly mitigation measures

  • Organizations should consult our mitigation pages on Seerist for general malware and malware distribution and receive phishing detection and response training.
  • Companies should promote internal awareness campaigns that encourage employees to verify the accuracy and source of politically or socially sensitive content before sharing or engaging with it on platforms like X (formerly Twitter) and Facebook.
  • Actively monitor social media for narratives that could impact the organization’s reputation or operations, such as public sentiment around environmental issues or crime-related policy debates.
  • Organizations should educate staff to critically assess media content, especially videos featuring public figures. Conduct also regular internal campaigns to educate staff on how AI deepfakes are created, what they look like, and how they are used in scams or disinformation.
  • Develop a protocol for responding to cybersecurity incidents that includes internal communications, legal review, and public relations strategies. This ensures swift action if the company or executives are targeted.

Social engineering awareness

  • Security researchers detected a new phishing campaign that targets users of the DeepSeek AI platform to spread a new malware, named BrowserVenom. Users in Brazil have reportedly been compromised with the malware. The attack lures victims to a malicious website that mimics the DeepSeek platform which prompts users to download the malware. The malware allows threat actors to access sensitive information from the victim’s machine, including login credentials, banking details, private communications and browsing histories.

Disinformation education

  • Brazilian leaders, including Justice Alexandre de Moraes, President of Brazil’s Superior Electoral Court Cármen Lúcia and Brazilian Attorney General Jorge Messias supported the ruling on holding social media platforms accountable for disinformation, saying it was not an attack on the freedom of speech. The Brazilian officials made these statements at GlobalFact, a fact checking summit.

Social media monitoring

  • Social media users are discussing the new rules regarding holding social media companies responsible for monitoring content, with some criticizing the rule as impacting the freedom of speech.