This fortnightly report by Control Risks highlights key incidents during the reporting period. We examine how these incidents play into the election interference trends we’re observing and their impact on Brazilian organisations and individuals.  

Election interference and disinformation incidents

  • Brazil, 16 November 2024 First Lady of Brazil, Janja Lula da Silva spoke about the need to regulate social media to prevent misinformation at the G20 event earlier this month. She allegedly mentioned Elon Musk, owner of social media platform X, and that X are responsible for the lack of regulation on the site.

    Implications for elections: Da Silva’s comments and any response from Musk or X are likely to fuel divisions online between pro-government supporters and opposition supporters.  Opposition supporters are likely to use the comments as discourse to post counter-government narratives on X and other social media platforms.

  • Brazil, 15 November 2024 Brazilian databases, including databases from telecommunications provider Claro, a database containing Brazilian taxpayer identification (CPF) numbers and government sites for Brazil’s State Transport Department (DETRAN) and Brazil’s Federal Police Department (PF) have been leaked and is circulating on deep and dark web platforms.

    Implications for elections: the compromised data includes sensitive personal and government information. It is likely the exposed data is government employee personal data, but we cannot confirm if there is any sensitive government information. Additionally, general information about Brazil’s transportation sector and police department may have been exposed. Attacks against the individuals, companies or government entities whose information has been leaked could follow.

  • Latin America, primarily Brazil, 14 October 2024 cybercriminal group Water Makara has been targeting organisations in Latin America, but particularly in Brazil, with a spearphishing campaign. The phishing emails typically impersonate tax documents to socially engineer victims into downloading the Astaroth banking Trojan.

    Implications for elections: Astaroth can download additional malicious payloads, gaining persistent access to infected systems and exfiltrating sensitive information, such as login credentials and banking information. Government officials should ensure personal devices contain no government sensitive information which could be exfiltrated and used in extortion, sold to third parties or to target government agencies.

  • Brazil and China, 20 November 2024 President Luiz Inacio Lula da Silva and President Xi Jinping have signed off on almost 40 trade and development deals aimed to strengthen ties between Brazil and China.

    Implications for elections: the deepening ties are likely to be drawing the attention of regional and global state actors who may want to understand the details of the deals. It’s likely those officials involved with or linked to trade deal activities may see a heightened threat of spearphishing or social engineering on LinkedIn or other social media platforms. The deals may also exacerbate existing misinformation campaigns surrounding Brazil’s relationship with China, resulting in further misinformation campaigns surrounding upcoming elections or political figures who are involved in, or are vocally supportive of, the relationship. 

 

Social engineering awareness

  • RansomHouse group claimed to have breached and encrypted over 2,000 computers belonging to the Basic Sanitation Company of the State of São Paulo, Sabesp. Sabesp said customer information was not impacted and that essential services were unaffected. It is likely that RansomHouse accessed Sabesp’s commercial data. RansomHouse claimed Sabesp had inadequate backups.
 

Disinformation education

  • Voters in Brazil should verify information surrounding social media regulations and other policy news to ensure they are not part of disinformation campaigns.
 

Social media monitoring

  • Users on X have primarily discussed Brazil’s first lady Janja Lula da Silva’s comments to Elon Musk during a panel on disinformation at the G20 summit.