Brazil: Election interference and disinformation incidents, 18 June 2025

• Brazil 10 June 2025 Brazil’s Federal Police launched Operation Timeout targeting an unnamed financially motivated cybercriminal group that had targeted networks of Brazilian public sector institutions and private sector organisations. There is insufficient information at this time to assess the impact of the cybercriminal groups’ operations; however, media reports have listed victims linked to Brazil’s judiciary, as well as public universities and state-owned companies, which likely suffered from data theft attacks. The attackers were also implicated in posting ideological content on deep web cybercriminal forums.
  
  Implications: The Brazilian cybercriminal ecosystem is likely to continue thriving despite this law enforcement activity. The limited number of arrests, cited as two individuals, is unlikely to have significantly impacted the overall cybercriminal landscape, which primarily specialises in financial fraud and low-level cybercrime targeting individuals and small businesses.
  
  
• Brazil 8 June 2025 Media outlets have reported on the expansion of ongoing judicial investigations conducted by the Supreme Federal Court into disinformation and digital “militias” in Brazil. Justice Alexandre de Moraes has led the inquiries since 2019. Former President Jair Bolsonaro and his political allies are currently under scrutiny, particularly following allegations of their involvement in an attempted coup after the 2022 elections.
  
  Implications: The Brazilian judiciary is likely to continue targeting Bolsonaro and his allies amid heightened tensions in Brazil following the election. The focus on the spread of false narratives is unlikely to deter or diminish politically focused social media activity in Brazil. Discourse surrounding the concentration of judicial power among a few ministers in President Lula’s government is likely to intensify.
  
  

• Brazil 26 May 2025 Fact-checking agency Lupa released an investigation based on a wide-ranging survey into the effects of leaked personal data on cyber-based online scams affecting Brazilian users. Lupa highlighted at least 14 fraudulent websites enabled by social engineering that have leveraged the personal data of Brazilians in combination with masquerading as Brazilian government pages and institutions such as Serasa to initiate financial fraud and other scams.
  
  Implications: Cybercriminals will continue to leverage leaked personally identifiable information (PII) to augment social engineering operations such as targeted spearphishing or SMS phishing attacks against Brazilians. Banking fraud remains one of the most significant threats to individuals and organisations in Brazil, with fraud reportedly occurring every 16 seconds in the country. This threat is emphasised by relatively weaker data protection legislation in Brazil compared to other Latin American states.

Fortnightly mitigation measures

• Organisations should consult our mitigation pages on Seerist for general malware and malware distribution, and receive training on phishing detection and response.
• Companies should promote internal awareness campaigns that encourage employees to verify the accuracy and source of politically or socially sensitive content before sharing or engaging with it on platforms like X (formerly Twitter) and Facebook.
• Actively monitor social media for narratives that could impact the organization’s reputation or operations, such as public sentiment around environmental issues or crime-related policy debates.
• Organizations should educate staff to critically assess media content, especially videos featuring public figures. Conduct also regular internal campaigns to educate staff on how AI deepfakes are created, what they look like, and how they are used in scams or disinformation.
• Develop a protocol for responding to cybersecurity incidents that includes internal communications, legal review, and public relations strategies. This ensures swift action if the company or executives are targeted.

Social engineering awareness

• As Lupa has observed in its investigation into social engineering-based scams leveraging leaked data, individuals and organisations should not click on links from unverified senders and avoid entering personal information into websites purporting to be Brazilian government entities.

Disinformation education

• Disinformation on social media platforms, such as X, and Facebook, relating to the Supreme Federal Court’s investigation into Bolsonaro is likely to remain heightened due to the slow process of such endeavours.
• Users on social media should verify the accuracy and source of any information shared or interacted with on social media relating to domestic government statements or actions taken on high visibility issues.

Social media monitoring

• Users on X are sharing and creating posts expressing anger over the persistent instability of the Gov.br online portal, which is essential for public services such as the Digital Driver’s License, the Receita Federal and the Nacional do Seguro Social.
• Users on social media based in Brazil have also criticised the government through calls for greater accountability from digital platforms regarding harmful online content. There is a divide between those who support regulation and those concerned about freedom of expression, especially as the Supreme Court debates changes to Brazil’s Internet Civil Framework.