Cyber Incident Victim: Ministry of Mines and Energy of Brazil

An Asian cyber‑espionage group spent the past year infiltrating computer systems belonging to governments and critical infrastructure organisations in more than thirty‑seven countries, according to a research report from Palo Alto Networks. The attackers compromised the networks of approximately seventy organisations, including five national law enforcement and border control agencies, three ministries of finance, one country’s parliament and a senior elected official in another nation. The firm’s researchers noted that the operation was unusually large and allowed the hoovering of sensitive information in apparent coordination with geopolitical events such as diplomatic missions, trade negotiations, political unrest and military actions. Palo Alto Networks declined to identify the hackers’ country of origin but stated that the group’s activity was observed across a wide range of regions.

The attackers gained initial access primarily through highly‑targeted and tailored fake emails combined with the exploitation of known, unpatched security flaws. Once inside a network they used that access to spy on email communications, financial dealings and exchanges concerning military and police operations, and they also stole information related to diplomatic issues. The report indicates that the intruders remained undetected in some systems for months, enabling the exfiltration of substantial amounts of sensitive data. Palo Alto Networks researchers confirmed that the group successfully accessed and exfiltrated data from email servers of several victims and subsequently notified those victims while offering them assistance. The firm also identified some of the affected organisations in its report, an atypical step for a cyber security company.

Among the specific incidents highlighted in the report, the hackers likely compromised a device linked to Venezolana de Industria Tecnológica shortly after United States forces captured the Venezuelan leader Nicolas Maduro. In July 2025, following a meeting between Czech President Petr Pavel and the Dalai Lama, the group conducted reconnaissance on Czech government targets including the Army, police, Parliament and Ministry of Foreign Affairs. The report also notes that the hacking group was active in Germany, Poland, Greece, Italy, Cyprus, Indonesia, Malaysia, Mongolia, Panama and additional countries. Notably, the same group compromised the Ministry of Mines and Energy of Brazil, which the report describes as a major supply base of rare earth mineral reserves. In October, United States diplomats held meetings with mining executives in Brazil, and an official at the ministry with knowledge of the matter told Palo Alto Networks that the ministry had not identified an attack at that time.

In response to the disclosed compromises, Palo Alto Networks notified the affected victims, including the Brazilian ministry, and offered them remediation assistance. The United States Cybersecurity and Infrastructure Security Agency said it was aware of the campaign and was working with its partners to prevent further exploitation of the vulnerabilities outlined in the report. Representatives of the FBI and CIA declined to comment on the findings, and the National Security Agency did not respond to a request for comment. No further details regarding containment, eradication or specific impacts on the Ministry of Mines and Energy of Brazil were provided in the source material.