Top 10 Cyber Threat Actors Targeting Brazil

This SOCRadar report profiles the top 10 threat actors targeting Brazil in 2025–2026, detailing active ransomware groups (LockBit 5.0, Qilin, Akira, The Gentlemen, KillSec, Cl0p, DragonForce), a China-linked APT (Salt Typhoon), and a long-running Brazilian cybercrime syndicate (TA2725). It highlights large-scale, high-impact incidents including the Petrobras seismic data theft (~176 GB) and the FGV university breach (~1.52 TB), ongoing mass-exploitation campaigns (Oracle EBS zero-day), and active malware campaigns (Grandoreiro, BTMOB RAT), concluding that Brazil faces widespread, sophisticated, and ongoing cyber threats across critical sectors.