Brazil: Election interference and disinformation incidents, 24 March 2025

• Brazil, 11 March 2025 the Brazilian government website for the National Fund for Educational Development (FNDE) fell victim to a ransomware attack from the Babuk2 threat group. FNDE is responsible for managing and distributing educational funds throughout the country. The group threatened to leak about 12GB of information stolen from the website.
  
  Implications: the FNDE was targeted in a ransomware attack likely due to the organisation maintaining a large amount of government funds. Cybercriminals likely targeted the FNDE to access the funds directly or due to the assumption that the FNDE would pay the ransom demand. It is highly likely cybercriminals will continue to target government entities in Brazil for financial gain as any disruption to essential services can be used to pressure such organizations to pay ransom demands.
  
  
• Brazil, 10 March 2025 Brazil’s National Data Protection Authority (ANPD) plans to regulate Brazil’s artificial intelligence (AI) systems before the dedicated legal framework for AI is approved, which is currently undergoing final discussions and review in Brazil’s National Congress. 
  
  Implications: according to Waldemar Gonçalves, president of the ANPD, Brazil’s General Data Protection Law (LGPD) already requires the ANPD to address automated decision-making. Once the dedicated AI legal framework is approved and implemented, additional regulatory actions will likely be required. Gonçalves reiterated that the agency already has the authority to regulate social media algorithms that target younger audiences to ensure viewer safety.
  
  

• Brazil, 21 February 2025 Brazilian Supreme Court Justice Alexandre de Moraes ordered the Rumble video sharing platform to be suspended nationwide. This occurred after Moraes ordered the platform to remove the account of journalist Allan dos Santos who lives in the U.S but is a fugitive in Brazil and was investigated by the Brazilian Supreme Court for spreading fake news. Representatives from Rumble said the platform is facing censorship in the country and that the Brazilian Supreme Court wants to target dissidents outside of the country for censorship. 
  
  Implications: supporters of Brazil’s previous administration view Moraes actions against social media companies and journalists as violations of free speech and censorship in the nation. Brazil’s Supreme Court is likely to maintain their stance on what they perceived to be fake news and social media being used as a tool for swaying the political climate in the nation.
  
  

• Brazil, 18 February 2025 former President Jair Bolsonaro has been charged for his alleged involvement in an attempted coup plot to overturn the results of the 2022 election. The coup attempt allegedly includes the dissemination of disinformation on social media platforms. The plot allegedly began in 2021, with intentions of undermining public trust in electronic voting machines. Brazil’s Supreme Court is aiming to conclude the trial before the 2026 elections. 
  
  Implications: the indictment has taken place during a period of change in content moderation policies on social media platforms such as X (formerly Twitter) and Meta. Disinformation surrounding the electronic voting machine security and the coup attempt will highly likely continue to circulate on social media.

Social engineering awareness

• Embargo ransomware group has reportedly targeted Brazilian technology organisation Tequaly in a ransomware attack. Tequaly specializes in industrial solutions, developing technology, manufacturing equipment, maintenance and assembly. The threat actor and victim have not disclosed the amount or type of information compromised in the attack.
• Fog ransomware group reportedly targeted Grupo Baston Aerossol in a ransomware attack, compromising 88.3GB of the company’s data. Grupo Baston Aerossol is one of the largest aerosol plants in Brazil that manufactures veterinary, household, automotive, paint and cosmetic products.
• Russian-speaking threat actors are using malicious versions of pirated video games to install the cryptomining software XMRig on victims’ devices. While most incidents have been in Russia, cases have also been observed in Brazil. In addition to cryptomining software, pirated video games can also be compromised with other malware, such as botnets that are used for distributed denial of service (DDoS) attacks or spam campaigns.

Disinformation education

• Disinformation on social media platforms, such as X, Meta and Bluesky, are likely to continue growing.
• Social media users should corroborate information viewed on social media platforms to ensure the information is accurate.