CODE418
E-BOOK · FREE

Cybercrimein Brazil and Latin America

The threat landscape with 2025/26 data, the investigation between law enforcement and providers, and the criminal intelligence process that turns raw data into decisions.

27 pages3 partsEd. 2026 · v1.1TLP:CLEARPT-BR / ENPDF

Get the PDF in your inbox

Enter your email and we send the download link. No cost.

Learn more: Privacy Policy · Cookie Policy

// highlights

What the report covers

Established criminal intelligence doctrine plus research from recent public sources, with verifiable references.

2025 landscape

The most hostile year of the decade

Around 2,640 attacks per organization/week in the region — above the global average, with +108% in Q1.

ransomware

The dominant vector

Where the groups operate (DarkForums, Telegram) and why ransomware leads incidents.

fraud

Banking trojans, smishing and NFC

From the WhatsApp scam to the new frontier of contactless fraud.

infostealers

The credential economy

How credential theft feeds the entire crime chain.

law enforcement

Investigation and providers

What is asked of providers and the C&M Software · Operation Magna Fraus case.

intelligence

The criminal intelligence cycle

Source evaluation (4x4, 6x6), analytical reasoning and pitfalls to avoid.

// contents

3 parts, from landscape to analysis

Part I — Threat landscape (LAC)

  • 1.1 The 2025 picture
  • 1.2 DarkForums and Telegram
  • 1.3 Ransomware: the dominant vector
  • 1.4 Banking trojans and WhatsApp smishing
  • 1.5 Infostealers
  • 1.6 Contactless fraud (NFC)
  • 1.7 APTs and hacktivism

Part II — Law enforcement and providers

  • 2.1 What is asked of providers
  • 2.2 Law Enforcement platforms
  • 2.3 Investigating gov.br accounts
  • 2.4 C&M Software case · Operation Magna Fraus
  • 2.5 The transnational dimension

Part III — Criminal intelligence

  • 3.1 What criminal intelligence is
  • 3.2 Evidence is not intelligence
  • 3.3 The intelligence cycle
  • 3.4 Source evaluation (4x4 and 6x6)
  • 3.5 Open and closed sources
  • 3.6 Inductive reasoning
  • 3.7 Analytical techniques
  • 3.8 Analytical pitfalls
Conclusion and recommendationsGlossaryReferences

// audience

Who it is for

analyst

CTI / SOC analyst

Those who need to understand the region’s cybercrime with the depth the subject demands.

investigator

Investigator and law enforcement

Those who work with providers and the investigation of incidents.

manager

Security manager

Those who set priorities and need to turn data into decisions.

// author

Who wrote it

F

Freitas · CODE418

Cyber Threat Intelligence specialist with 20+ years in information security and teaching CTI at graduate level. The report combines criminal intelligence doctrine with research from recent public sources.

Understand cybercrime in your region

Free, bilingual. Enter your email and the PDF arrives in your inbox.

Learn more: Privacy Policy · Cookie Policy

We process your email only to send the material and related communications, in line with the LGPD. You can unsubscribe anytime.

We use analytics cookies to understand how the site is used. You decide — nothing is tracked without your consent. Cookie Policy