Brazil

Brazil is the largest economy in Latin America and has ambitions to become a major knowledge economy. Given the promises of its innovation sector, however, there are still gaps in its capacity to address the threat of cyber-enabled IP theft.

ASPI assesses
Brazil
to be
Highly vulnerable
to state-sponsored acts of cyber-enabled theft of IP.

Author

Dr. Danielle Jacon Ayres Pinto

Night view of Rio de Janeiro just before sunrise - 2018 CC4.0 Donatas Dabravolskas

Key Facts

R&D Investments

USD $17.4 billion (2020)

Patent Applications

27,139 (2022)

Cybersecurity Agency

No stand-alone agency; policymaking led by the Institutional Security Office
How at risk is
Brazil

As a rapidly growing emerging market with significant advances in agriculture, energy and technology, Brazil presents valuable targets for economic cyber-espionage. Recognising that knowledge production is crucial for economic growth, Brazil has laid out a series of national strategies that emphasise state investment in innovation and digital transformation. In 2018, the Brazilian Government published the ‘E-Digital’ and ‘National Science, Technology, and Innovation Strategies’. Both highlight the importance of digital transformation and knowledge production for national development. The government has also established the Finep IP program, which uses resources from the National Fund for Scientific and Technological Development to develop new products, patents and scientific processes to support innovation.31 There’s cause for some optimism. Between 2013 and 2023, IP applications in Brazil increased by 11% annually. While most of the applications relate to ‘soft IP’ (for instance, 91% of all applications in 2022 were for trademarks), there’s also been an increase in ‘hard IP’ applications. In 2022, patents and industrial designs constituted 6.1% and 1.6%, respectively, of all applications. WIPO considers Sao Paulo to be Latin America’s top innovation ecosystem.

Despite those advances, Brazil still faces structural challenges in meeting its knowledge-economy objectives. Its geography imposes great costs for infrastructure needed to sustain and grow knowledge sectors. Also, the private sector tends to criticise the excessive bureaucracy that must be navigated to register patents and the high costs. Despite ambitious policies supporting innovation and knowledge-intensive sectors, Brazil’s challenges in securing adequate budgets persist, and that puts limits on the country’s comprehensive development and resilience against cyber threats.

Brazil’s international scientific and economic cooperation in IP-intensive sectors, particularly in sectors such as agriculture, energy and biotechnology, puts it at greater risk from the threat of cyber-enabled IP theft. Foreign relations are largely driven by economic and development imperatives. China is now Brazil’s largest trading partner, and agriculture (particularly soybeans) is emerging as an important source of that trade. China remains a relatively smaller source of foreign investment in Brazil; Chinese FDI reached US$1.3 billion in 2022 (the lowest since 2009). Nonetheless, Brazil looks to China as an alternative to the US for foreign investment. When the Brazilian Government endorsed Chinese 5G equipment, espionage concerns prompted new data protection and cybersecurity regulations. Nonetheless, developmental imperatives and Brasilia’s broader interest in balancing US influence continue to inform its engagement with China.

How prepared is
Brazil

Brazil’s cybersecurity posture has rapidly developed over the past several years as the government introduced a series of institutional, legal and regulatory measures to protect Brazilian entities from cyber-enabled threats. The GSI coordinates cybersecurity policy within the government, and the Integrated Cyber Security Centre is tasked with incident response. Given Brazil’s history of military rule, its armed forces also play an important role in the country’s cybersecurity architecture—sometimes creating tension with the coordinating powers of the Institutional Security Office (GSI). In 2024, the GSI decided to create a dedicated national cybersecurity agency, which will be responsible for coordinating effective policies on cybersecurity and cyber defence and promoting technology and innovation development policies in cybersecurity.

In 2020, the Brazilian Government approved the National Cybersecurity Strategy (E-Ciber), which offered a road map for Brazilian society to enhance its defences against cyber-related crimes. Through E-Ciber, the government also aims to improve incident responses and protect critical infrastructure. While cyber-enabled theft of innovation isn’t directly mentioned in the strategy, the practice is criminalised under several pieces of legislation, including Law No. 14.155 of 2021 on cybercrime and the General Data Protection Law of 2018. So far, however, no cases of prosecution for IP-related cybercrimes under those laws are known.

Several sectors, including those that are IP-intensive, must follow more stringent cybersecurity regulations. They include banking, health, energy and telecommunications. In 2021, the Brazilian Government introduced the Federal Cyber Incident Management Network, which provides a platform for sharing information concerning attacks and potential vulnerabilities. However, since the industry isn’t subject to the same level of reporting requirements and doesn’t have access to threat intelligence, cases of cyber-enabled threats to innovation are likely to be under-reported. There isn’t much evidence of engagement between the authorities and industry over the sharing of intelligence and information concerning cyber threats, particularly from hacking groups with possible state affiliations.

Despite the growing shift in attitude towards addressing cyber-enabled threats, Brazil still has some of the highest rates of cyberattacks in the world. Cybersecurity awareness and preparedness remain serious weaknesses. Brazil also lacks a robust domestic cybersecurity industry. Diplomatically, Brazil actively participates in multilateral bodies, including five of the six UN groups of government experts on ICT security and in the ICT Open-ended Working Group. Brazil also engaged in OAS programs and signed a Digital Alliance with the EU and other Latin American countries in 2023. Following the Edward Snowden revelations 2013 about US espionage against Petrobras, Brazil became a global advocate for digital privacy as a basic right in multilateral discussions at the UN. As a member of the G20, Brazil has also endorsed the commitment to refrain from cyber-enabled IP theft for commercial gain.

Reported cases of economic cyber-espionage

Name of Incident

Victims (entities)

Sectors Affected

Affected economies

Threat Actor

Alleged state sponsor

Date reported

Operation Cloud Hopper (APT10)
Customers or providers of Managed Services / Enterprise Service / Cloud Services, manufacturing companies in India, Japan and Northern Europe; a mining company in South America; and multiple IT service providers worldwide.
Computer System Design and Related Services, Telecommunications, Mining
Australia, Brazil, Canada, Finland, France, India, Japan, New Zealand, Norway, South Africa, South Korea, Switzerland, Thailand, UK
APT10
China
2017
Ke3chang (APT15)
Government agencies, military organizations, energy companies, and financial institutions.
Aerospace, Aviation, Chemical, Defence, Energy, Government, High-Tech, Industrial, Manufacturing, Mining, Oil and gas, Telecommunication, Utilities and Civil Society
56 countries, including Argentina, Barbados, Brazil, Chile, Colombia, Dominican Republic, Ecuador, El Salvador, Guatemala, Honduras, Jamaica, Mexico, Panama, Peru, Trinidad and Tobago, Venezuela
Ke3chang, Vixen Panda, APT 15, GREF, Playful Dragon
China
2010 (first seen in Latin America in 2019)
2020-2021 Cyberespionage Campaign (APT41)
Banking/Finance, Civil Society, Construction, Defense Industrial Base, Government, Healthcare, High Technology, Higher Education, Legal, Manufacturing, Media, Non-profit, Oil & Gas, Petrochemical, Pharmaceutical, Real Estate, Research, Software development companies, Social Media, Telecommunications, Transportation, Travel, and Utility
1. Finance 2. Construction Services 3. Defense 4. Public Administration 5. Medical and Other Health Care Services 6. Professional, Scientific and Technical Services 7. Computer System Design and Related Services 8. Tertiary Education 9. Manufacturing 10. Information Media and Telecommunications 11. Personal and Other Services 12. Oil and Gas Extraction 13. Basic Chemical and Chemical Product Manufacturing 14. Property Operators and Real Estate Services 15. Telecommunications Services 16. Transport, Postal and Warehousing 17. Administrative Services 18. Electricity, Gas, Water and Waste Services 19. Transport, Postal and Warehousing 20. Machinery and Equipment Manufacturing 21. Heavy and Civil Engineering Construction 22. Publishing
Australia, Canada, Denmark, Finland, France, India, Italy, Japan, Malaysia, Mexico, Philippines, Poland, Qatar, Saudi Arabia, Singapore, Sweden, Switzerland, UAE, UK and USA, Australia, Brazil, Chile, Hong Kong, India, Indonesia, Japan, Malaysia, Pakistan, Singapore, South Korea, Taiwan, Thailand, and Vietnam
APT41
China
2020, 2021

Office

40 Macquarie Street
Barton ACT 2600

Contact

Ph: +61 2 6270 5100
E: enquiries@aspi.org.au

Explore

HomeAboutCountry ProfilesInsightsMediaCase Repository
© 2025 ASPI. All right reserved.
Privacy Policy
Terms of Service