In a newly released report, Kaspersky’s Digital Footprint Intelligence (DFI) team outlines major dark web threats facing Brazilian organizations. Drawing on sources ranging from cybercriminal forums to shadow marketplaces, the findings highlight Brazil as a prime target in the region for cybercriminals due to its economic development, abundant resources and business diversity.
Kaspersky’s findings reveal a complex web of cyberthreats targeting Brazil: the main dangers are ransomware attacks, initial access sale, infostealing malware and alleged data breaches.
Ransomware attacks. The report uncovered that at least 105 Brazilian organizations fell victim to ransomware attacks in 2024, with some targeted more than once, bringing the total number of incidents to 114. Healthcare, financial services and professional service providers were the most targeted sectors. Notably, ransomware groups such as RansomHub, Arcus Media, Lockbit 3.0, Quilong and Eraleign were behind the attacks on 53% of all organizations affected by ransomware in 2024, according to dark web sources.
Accesses to corporate infrastructure for sale. Threat actors, from individual cybercriminals to ransomware gangs and APT groups, regularly need access points to develop their attacks. Kaspersky’s team identified over 100 dark web listings advertising initial access to the networks, devices, hosts, services, or systems of Brazilian companies and state entities. However, it’s worth noting that some deals may take place without being published on dark web resources. Malicious actors may be privately cooperating with well-known initial access brokers – Kaspersky experts observe related requests from time to time, meaning the actual number of accesses for sale may be higher.
Alleged database leakages. In 2024, cybercriminals published 586 ads offering databases for free or for sale, with 53% allegedly being corporate data breaches affecting 185 Brazilian organizations.[1] Governmental entities, telecoms and professional services were the most affected, based on information cybercriminals claimed in their offerings, highlighting the urgent need for a well-tuned security posture for organizations in the country.
Other databases contained information on individuals. These included unspecified databases with personal information, as well as mixed or targeted lists compiled in various ways.
Data-stealing malware activity. A staggering 37 million records of compromised user accounts associated with Brazilian services and resources were found in malware log files published by attackers in 2024. 15% of all records – 5.6 million lines published in 2024 and over 15 million across the last three years – contain accounts belonging to employees of major Brazilian state agencies or those used to access various government services for citizens and corporations.
Info stealer activity in general continues to rise, with infections skyrocketing year on year. Kaspersky Digital Footprint Intelligence provides a dedicated info-hub devoted to analyzing and countering this type of threat. Over 60% of the 2024 info stealer activity in Brazil was traced back to malware families RedLine and Lumma, which target everything from browser data and saved credentials to government service accounts.
“Cybercriminals are continuously evolving their methods, and Brazil is now firmly in their crosshairs,” said Vera Kholopova, Senior Analyst at Kaspersky Digital Footprint Intelligence. “What we’re seeing in Brazil is a perfect storm of high-value targets and increasing digital exposure, creating the ideal conditions for complex, targeted cyberattacks. It is therefore increasingly important to take a proactive and rapid approach to defending against cyberthreats, attacks and other cybersecurity incidents – in other words, to stay one step ahead of potential adversaries.”
To access the full “Dark Web Threat Landscape in Brazil” report or
explore Kaspersky’s security solutions, visit
● Maintain a robust IT asset inventory and patch vulnerabilities regularly.
● Implement multi-layered security solutions like Kaspersky Next for detection and response.
● Invest in cybersecurity education for employees to reduce human error risks.
● Continuously monitor your digital environment for anomalies and threats.
● Use up-to-date threat intelligence (TI) to understand attacker tactics and adapt defenses.
● Monitor dark web activity for early warning signs of impending attacks or data leaks.
About the Kaspersky Security Services
Delivering hundreds of information security projects every year for Fortune 500 organizations worldwide: incident response, managed detection, SOC consulting, red teaming, penetration testing, application security, digital risks protection. The Kaspersky Digital Footprint Intelligence experts identify suspicious activities on various dark web resources from forums and chats in messengers to cybercriminal marketplaces and ransomware blogs to timely notify an organization.
[1] To prevent unauthorized access to the affected companies' data during the research, the compromised information was not verified in any way.
