Elections increasingly attract cyber operations that target politicians, businesses and the public. These activities range from espionage campaigns against political parties to influence operations seeking to shape opinions, sow discontent or undermine democratic processes.
This fortnightly newsletter provides an overview of key cyber incidents and emerging threats related to the upcoming October 2026 general elections in Brazil. It offers recommendations on how organisations and individuals can mitigate and protect against these threats.
Key incidents
In this issue we focus on:
Brazil’s intelligence agency warns of threats to 2026 electoral process
The Agência Brasileira de Inteligência (ABIN) warned of malicious actions to delegitimize the electoral model, including cyber attacks, disinformation, external interference and attempts to deepen social polarization.
US use of cyber capabilities in Venezuela raid likely to increase threat of offensive cyber operations in LATAM region
The US has publicly stated that its military used cyber capabilities during the operation to capture former Venezuelan president Nicolás Maduro. This deviates from the typically highly confidential nature of such operations and could result in an increase in their use during tensions or conflict in the region and globally.
54% of Brazilians received news via social media in 2025.
(Source: Reuters Institute Digital News Report 2025)
Receiving news via social media has steadily increased from 47% in 2013, while print and TV has declined by 80% and almost 40% respectively over the same period. In addition, 9% of Brazilians reportedly receive news via AI chatbots. Given the proliferation of misinformation on social media platforms, a large number of Brazilians are likely to be exposed to such campaigns.
Fortnightly mitigation advice
- Organizations should keep close track of geopolitical developments and stay informed about regional tensions and foreign state-linked cyber activities, especially those targeting political parties and policy makers. Adjust security postures in response to intelligence about increased offensive cyber operations in LATAM.
- Regularly train employees to recognize and report disinformation, deepfakes, and manipulated media, especially around politically sensitive topics. Use real-world examples from recent campaigns to illustrate risks.
- Actively monitor social media for narratives that could impact the organisation’s reputation or operations, such as public sentiment around environmental issues or crime-related policy debates.
- Formalize incident response playbooks to include not only technical response steps but also legal, regulatory, and public relations strategies. Ensure these playbooks are tested through regular tabletop exercises simulating election-related cyber incidents.
- Subscribe to reputable threat intelligence services that provide timely updates on election-related cyber threats, including those targeting political parties, government agencies, and private sector organizations.
- Use end-to-end encryption for internal communications and critical documents, especially those shared with external partners or government bodies.
- Audit third‑party AI vendors and before launching any new AI tool, run adversarial tests and fix any issues.
Brazil’s intelligence agency warns of threats to 2026 electoral process
- Brazil, December 3, 2025: Brazil’s intelligence agency, Agência Brasileira de Inteligência (ABIN), in its report ‘Intelligence Challenges for 2026’ (‘Desafios de inteligência: edição 2026’) highlighted that threats to the electoral processes may include attempts to delegitimize the electoral model and deepen social division as well as disinformation campaigns and external interference, including through cyber attacks.
Implications: Brazil’s 2022 elections were heavily targeted by disinformation campaigns, and both sides were accused of using this type of tactic during the electoral process.
The increasing ease of accessing and using AI tools also exacerbates this threat as threat actors can use AI to make influence operations more widespread and convincing.
US use of cyber capabilities in Venezuela raid likely to increase threat of offensive cyber operations in LATAM region
- Venezuela, January 3, 2025: The US reportedly used cyber capabilities during the special operation to seize former Venezuelan President Nicolás Maduro on 3 January. The operation reportedly involved close co-operation between multiple military units and federal agencies including the US Cyber Command. Following the operation, President Donald Trump and Joint Chiefs Chair General Dan Caine said that US cyber capabilities were used to “plunge Caracas into darkness”.
Implications: The openness by US officials regarding the employment of US Cyber Command demonstrates a break from the typically highly confidential nature of such operations, and may lower the bar for state-linked actors to use offensive cyber operations to achieve their foreign policy goals. This may also extend to elections, during which such threat actors could use cyber means to support their preferred candidates or disrupt the democratic election process before, during or after elections to influence outcomes.
The wider regional impact of the US operation in Venezuela remains to be seen. However, foreign states may increase surveillance operations targeting left-leaning politicians across the Latin American (LATAM) region, particularly those aligned to Chavismo. Members of the Venezuelan diaspora may also be targeted in operations conducted by remaining elements of the former Maduro administration.
Focus on: State-linked threat actors targeting political parties and policy makers for reconnaissance
Foreign state-linked advanced persistent threat (APT) groups are likely to target political parties, governmental and policy-making bodies ahead of the election to gather intelligence on the objectives, goals and priorities of the political parties and candidates. Foreign states will likely seek to understand the impact of the strategic objectives and campaign platforms of each candidate and party. Doing so will allow such states to prepare and create adequate responses.
Threat actors are likely to leverage social engineering techniques or exploit system vulnerabilities to access and steal sensitive documents or internal strategy information from political parties, and government and policy bodies.
In some cases, foreign states will use such information to craft influence operations or leverage other covert and overt operations to support their preferred candidates or attempt to delegitimize the electoral process.
Electoral protection in Brazil: cybersecurity training and support
Register to receive these twice-monthly reports