Recorded Future’s Insikt Group recently conducted an in-depth analysis of Brazilian hacking communities by examining advertisements, posts, and interactions within various hacking and criminal forums. This report, part of a series that includes analysis of Russia, China, Japan, and Iran, focuses on the capabilities, culture, and organization of Brazilian hackers. For organizations looking to better understand the criminal underground and monitor financial threats, as well as for those investigating the Brazilian cybercrime landscape, this report provides valuable insights.
Brazilian hackers have their own unique codes of conduct, forums, motives, and payment methods. The primary target of Brazilian hackers is fellow Brazilians, ranging from entry-level hackers and security researchers to black hat hackers selling illegal products and services. Seeking easy money, Brazilian hackers are constantly on the lookout for new opportunities and are quick to move to different businesses when faced with increased security controls.
Unlike forums in Russian-speaking countries, Brazilian hacking communities are scattered across platforms like WhatsApp and Telegram, rather than traditional web forums. While access to Brazilian forums is not as strictly controlled as in Russian forums, the information shared is not as organized. Brazilian hackers, often referred to as “pirates” due to their adaptable nature, are known for changing tactics and platforms based on where the easy money is and how law enforcement activities are progressing.
Historically, Brazilian hackers primarily used IRC channels for communication and information sharing. Website defacement was a common activity among Brazilian hackers, serving as both a learning experience and a form of hacktivism. As technology evolved, Brazilian hackers transitioned to social media platforms like Facebook for illicit activities, despite the risks posed by the platforms’ cooperation with law enforcement.
One of the key findings of the analysis is the prevalence of carding activities in Brazil. The underground market is filled with credit cards generated by algorithms, a practice not commonly observed in other geographies covered in the series. Additionally, email spam remains a primary method of malware and phishing distribution, with hackers exploiting less strict security measures in SMS to distribute malicious content.
Brazilian cybercriminals have shown a considerable capacity to bypass security controls like two-factor authentication (2FA). While entry-level hackers may move on to different activities when faced with 2FA, high-level hackers have successfully bypassed this security measure through techniques like SIM-swap attacks and compromising banking sessions directly.
The Brazilian underground is heavily involved in activities like email spam, mass pharming attacks targeting vulnerable customer-premises equipment, and carding. The high security standards enforced by the Brazilian financial system have forced cybercriminals to adapt their tactics, leading to increased focus on mobile platforms for malicious activities.
Looking ahead, Brazilian cybercriminals are expected to continue exploiting vulnerabilities in the financial sector, with a particular focus on mobile platforms. The use of WhatsApp as a communication tool and the upcoming introduction of person-to-person payments in Brazil present new opportunities for cybercriminals to launch targeted attacks.
In conclusion, the analysis provides a detailed look into the unique characteristics of Brazilian hacking communities and their evolving tactics. As the cybercrime landscape continues to evolve, organizations and law enforcement agencies will need to stay vigilant and adapt to the changing strategies of Brazilian hackers to safeguard against financial threats.