Cybercrimein Brazil and Latin America
The threat landscape with 2025/26 data, the investigation between law enforcement and providers, and the criminal intelligence process that turns raw data into decisions.
Get the PDF in your inbox
Enter your email and we send the download link. No cost.
// highlights
What the report covers
Established criminal intelligence doctrine plus research from recent public sources, with verifiable references.
2025 landscape
The most hostile year of the decade
Around 2,640 attacks per organization/week in the region — above the global average, with +108% in Q1.
ransomware
The dominant vector
Where the groups operate (DarkForums, Telegram) and why ransomware leads incidents.
fraud
Banking trojans, smishing and NFC
From the WhatsApp scam to the new frontier of contactless fraud.
infostealers
The credential economy
How credential theft feeds the entire crime chain.
law enforcement
Investigation and providers
What is asked of providers and the C&M Software · Operation Magna Fraus case.
intelligence
The criminal intelligence cycle
Source evaluation (4x4, 6x6), analytical reasoning and pitfalls to avoid.
// contents
3 parts, from landscape to analysis
Part I — Threat landscape (LAC)
- 1.1 The 2025 picture
- 1.2 DarkForums and Telegram
- 1.3 Ransomware: the dominant vector
- 1.4 Banking trojans and WhatsApp smishing
- 1.5 Infostealers
- 1.6 Contactless fraud (NFC)
- 1.7 APTs and hacktivism
Part II — Law enforcement and providers
- 2.1 What is asked of providers
- 2.2 Law Enforcement platforms
- 2.3 Investigating gov.br accounts
- 2.4 C&M Software case · Operation Magna Fraus
- 2.5 The transnational dimension
Part III — Criminal intelligence
- 3.1 What criminal intelligence is
- 3.2 Evidence is not intelligence
- 3.3 The intelligence cycle
- 3.4 Source evaluation (4x4 and 6x6)
- 3.5 Open and closed sources
- 3.6 Inductive reasoning
- 3.7 Analytical techniques
- 3.8 Analytical pitfalls
// audience
Who it is for
analyst
CTI / SOC analyst
Those who need to understand the region’s cybercrime with the depth the subject demands.
investigator
Investigator and law enforcement
Those who work with providers and the investigation of incidents.
manager
Security manager
Those who set priorities and need to turn data into decisions.
// author
Who wrote it
Freitas · CODE418
Cyber Threat Intelligence specialist with 20+ years in information security and teaching CTI at graduate level. The report combines criminal intelligence doctrine with research from recent public sources.
Understand cybercrime in your region
Free, bilingual. Enter your email and the PDF arrives in your inbox.
We process your email only to send the material and related communications, in line with the LGPD. You can unsubscribe anytime.