Elections increasingly attract cyber operations that target politicians, businesses and the public. These activities range from espionage campaigns against political parties to influence operations seeking to shape opinions, sow discontent or undermine democratic processes.
This newsletter, published twice a month, provides an overview of key cyber incidents and emerging threats related to the upcoming October 2026 general elections in Brazil. It offers recommendations on how organizations and individuals can mitigate and protect against these threats.
Key incidents
In this issue we focus on:
Surge in state-linked foreign interference threats to Western countries as adversary nations advance capabilities
The head of US Cyber Command on April 28 warned that foreign state-linked advanced persistent threat (APT) groups will likely conduct disruptive or destructive cyber attacks and influence operations to interfere in the US mid-term elections in November.
Domestic disinformation dominated recent Hungarian election campaign
According to Euronews, disinformation analysts have assessed that the vast majority of disinformation during the campaign for the April 12 Hungarian elections came from domestic sources. The analysts also assessed that the tactics employed were significantly more aggressive than in previous elections.
~90% Estimated volume of disinformation that was of domestic origin in lead-up to recent Hungarian parliamentary elections
(Source: Euronews article, April 13, 2026)
The majority of these domestic disinformation efforts were conducted by pro-Orban actors in Hungary, according to Euronews and included news outlets and proxy organizations nominally under ruling party control.
Mitigation advice twice a month
- Organizations should strengthen detection and incident response capabilities to handle increasingly sophisticated state-linked cyber operations. For example, by integrating external threat intelligence feeds into their SIEM and configuring automated alerts for indicators of compromise, enabling rapid SOC investigation and response.
- Establish processes to monitor, verify and respond quickly to disinformation that could affect business operations or reputation during the election period. For example, organizations can set up a cross-functional “rapid response” workflow that flags viral content mentioning the company, verifies its accuracy against trusted sources and issues a coordinated response within hours to prevent escalation.
- Train employees to identify disinformation (including AI-generated content such as fake images, videos or audio), reinforcing awareness as a primary defensive measure.
- Use trusted and verified communication channels with stakeholders to reduce the risk of manipulation or the spread of false information.
- Incorporate election-related cyber and influence threats into business continuity and crisis management planning, anticipating an increase in such activity.
- Harden and regularly patch edge devices (e.g., firewalls, routers, VPNs) and monitor them closely, as these are widely targeted entry points for cyberattacks.
Surge in state-linked foreign interference threats to Western countries
Several Western intelligence agencies have assessed that APT groups from adversarial countries have likely developed offensive cyber capabilities on par with those of the US, previously known as the world’s leading cyber power. As a result, Western cyber security defenders and intelligence agencies are increasingly struggling to detect, respond to or mitigate operations by APT groups in hostile states, particularly those pre-positioning themselves in critical national infrastructure (CNI) networks in the event of a potential future conflict.
In terms of tactics, techniques and procedures, known vulnerabilities in edge devices will likely remain a widely-used attack vector. The Dutch Defence Intelligence and Security Service has predicted a further increase in the number of campaigns exploiting vulnerabilities in edge devices, such as firewalls, routers and virtual private networks in 2026.
Potential impact: Heightened cyber and foreign interference threats to Western CNI and election infrastructure will almost certainly persist, as nation-state actors continue to increase their offensive cyber capabilities amid geopolitical conflicts.
Domestic disinformation dominated recent Hungarian elections campaign
Disinformation researchers noted that during the campaign for the recent Hungarian elections, pro-Orban actors used a variety of new tactics in their efforts, including creating news stories built on “complete disinformation”, as well as a fake opposition party platform, policy proposals and campaign posters, according to Euronews. One of these fake policy proposals claimed that the opposition was planning to tax cats and dogs. Although foreign disinformation appears to have been much less prevalent in the build-up to these elections, traditional Russian interference efforts were nevertheless in evidence, including fake video news reports and news websites.
Potential impact: As in the recent Hungarian elections, citizens in Brazil and other Western democracies will almost certainly be confronted with such disinformation efforts during their own election campaigns and should remain vigilant and skeptical of the current information ecosystem. Although pro-incumbent government disinformation activities do not appear to have been particularly effective in the case of the recent Hungarian elections, they can nevertheless serve to shape the narrative and in the case of a more precariously balanced electorate could prove decisive.
Focus on: Disinformation in election campaigns
Disinformation threats to election campaigns are not new; however, they are highly likely to become even more prevalent, particularly with the advent of emerging technological tools such as generative AI. Such tools have significantly increased the speed and scale of potential disinformation campaigns and have also lowered the barrier to entry for bad actors to engage in such behavior. With little to no technical training, such actors can now create fake (but convincing) pictures, videos and audio to aid in their disinformation campaigns.
When combined with an increasingly divided and polarized electorate, the results can be combustible. Awareness and digital literacy programs are key to countering such malign influence and informed citizens in Brazil and other Western democracies remain the best defense.
Please note, the core differences between disinformation and misinformation, which typically center on the intent of the person sharing the information. Disinformation is false or misleading information that it is deliberately created and shared to deceive, manipulate or harm others, according to the American Psychological Association. Misinformation, on the other hand, is false or inaccurate information that is often spread by accident and without malicious intent and the person sharing the information often believes it is true.
Electoral protection in Brazil: cybersecurity training and support
Register to receive these twice-monthly reports