Pirates of Brazil: An introduction to the Brazilian cyber underground

We speak to Ronaldo Vasconcellos, Senior Threat Intelligence Analyst at Recorded Future, about the threat from the Brazilian cybercriminal underground.

According to Recorded Future's latest research, Brazilian hackers are best described as "pirates" because they are more than just ‘specialized thieves' -- they are "ready to change their TTPs and forum platforms at any time, depending on where the easy money is and what law enforcement and security researchers are doing to collect information on them".

In keeping with such a moniker, unlike their seemingly more organised counterparts in Russia, Brazilian hackers have a tendency towards disorder -- using forums without a singular purpose, and often lacking structured threads for products or services with features and pricing. Indeed, the research reveals that certain groups of Brazilian hackers use social networks for cybercrime - a practice that Russian-speaking or Chinese-speaking hackers would consider too risky a place to conduct illicit business.

To find out more about the Brazilian cyber underground, and how it differs from the Russian-, French-, Spanish-, and Chinese-language undergrounds, we talk to Ronaldo Vasconcellos, Senior Threat Intelligence Analyst at Recorded Future, about what CSOs need to know about the threat from Brazilian threat actors.


Can you explain how the Brazilian cybercriminal underground differs from other communities?

The main difference is how the underground is organised. In Russian-speaking countries, communities are still centred around web-based forums. In Brazil, underground is decentralised, usually taking advantage of the chat platform of choice of the majority of the population. Currently, those platforms are Facebook, WhatsApp and Telegram. In terms of capabilities, this underground is very similar to more advanced ones - there are all types and level of cybercriminals.

What topic is most openly discussed on the Brazilian underground forums and marketplaces of the Deep & Dark Web. What can you tell us about this activity and the threat is presents?

To continue reading this article register now