By Arthur Bradley and Galuzzi, O.
The abuse of digital technologies by violent extremists is keeping pace with the exponential growth of new technologies, and poses multifaceted challenges to national and global security. Cyber-enabled threats manifest for example in terrorist-operated websites, the shift to alternative or fringe social media platforms, the use of the decentralised web, the exploitation of gaming and adjacent platforms, and the abuse of live-streaming technologies to amplify terrorist and violent extremist attacks. In addition to these online activities, there are concerns also around more disruptive or destructive cyber operations, such as Distributed Denial-of-Service attacks and the hacking of critical infrastructure to cause civilian casualties. In all the research on the diverse range of malicious actors behind these threats, there is comparatively little on the online activity of violent extremist movements, whether right-wing or left-wing, in the Global South. This report forms part of UNICRI’s effort to investigate the threats stemming from the complex interplay between terrorism, violent extremism and cybercriminality – threats that are often overlooked, owing to the difficulty of gathering evidence and attributing offensive cyber operations, and to the prioritisation of more pressing security threats in diverse geographic locations. UNICRI strives to shed light on the online presence, activities and trends of right- and left-wing violent extremist movements and the cyber-enabled threats they may consequently pose to global security. The report was compiled following a three-part research methodology consisting of a literature review, expert interviews and open-source investigations conducted in order to analyse the online activities of right- and left-wing violent extremist movements in South America, Africa and Asia, and examining both their intent and ability to mount offensive cyber-attacks. The report includes particular case studies within these regions, including in Brazil, South Africa, India and Maritime South-East Asia. The case studies were selected because of the availability of public information online, the known presence of active non-state violent extremist actors with right- and left-wing ideologies, the similarities and differences these actors present, and their geographic diversity. These factors, and consequently the choice of case studies, demonstrate the global nature of the phenomenon which still requires contextually relevant solutions. The selection of these case studies does not imply that similar threats in other geographies are not considered relevant to international peace or development, and conversely, the omission of any movements is merely the result of restricted resources and time. The groups and movements presented within this report are not necessarily referenced as violent extremists either by the United Nations or by the Member States mentioned, however, their alignment, proximity, and connection with right- and left-wing violent extremist ideologies, as well as their use of violent extremist tactics, justify mention in this report to ultimately reflect on the global dimension of the abuse of digital technologies by violent extremists . This report finds widespread exploitation of digital platforms by right- and left-wing violent extremists based in South America, Africa and Asia. Groups and their affiliated networks use a wide variety of platforms and services for a range of different purposes, and they often seem to face fewer restrictions in terms of content moderation by technology companies, many of which are based in the United States or European countries. In particular, it found: As in Europe, North America, and Australasia, the online activities of right- and leftwing violent extremist groups in South America, Africa and Asia are increasingly superseded by more disparate, horizontal online networks. In many of the case studies, for example in Brazil and India, physical attacks have increasingly been carried out by lone actors or small cells, some of which may have had previous engagement with organised groups. This dynamic has implications for the ability of technology companies and law enforcement agencies to counter the threat, as planned attacks and their perpetrators may be more difficult to prevent or identify. * Violent extremist networks and individuals are increasingly using a more diverse range of online platforms and services to further their goals. This is in line with the increase in the number of online platforms and services used by broader populations generally, but it may also be part of a concerted effort by these networks to reach a broad audience and mitigate the impact of the potential removal of their accounts or groups by technology companies. Violent extremist networks continue to exploit multiple platforms simultaneously, using outlinking between platforms to evade detection or enforcement by specific companies. Violent extremists comprise the minority of the perpetrators delivering cyber-attacks globally, most of which are believed to be carried out by state-backed actors, hacktivist collectives, or financially motivated criminals. Interviews with a group of 31 experts consulted as part of this research, however, indicate that the threat from cyber-attacks motivated by a belief system and delivered by individuals or groups affiliated with violent extremist movements is likely to increase in the coming years, and is likely to be particularly high in countries believed to have less developed cybersecurity defences. This report suggests that international technology companies are not adequately fulfilling their content moderation policies as consistently in South America, Africa and Asia as in other countries in Europe, North America, and Australasia. Also, they do not appear to be allocating sufficient resources to ensuring platform safety in these regions, where they face significant challenges in effectively countering the exploitation of their services by violent extremist movements. Practical challenges are compounded by definitional challenges regarding contentious terms such as “violent extremism” and “terrorism”, neither of which has an internationally agreed definition. Also, technology companies, it seems, still struggle to detect and understand violent extremist content or communications effectively in languages other than English. This task is made more difficult by the challenge of interpreting and understanding local dynamics and the community-specific slang found in content, and by the efforts of malevolent networks to evade detection or enforcement by moderation teams. Evidence suggests that, to date, this – together with an imbalance in resource allocation – means that the capability of many technology companies to moderate content in languages other than English is comparatively ineffective. Often, a splintered regulatory landscape also makes it difficult for technology companies to apply their policies consistently across multiple jurisdictions around the world. Technology companies operating globally are subject to a variety of differing and often contradictory regulatory requirements, including those relating to designations, hate speech legislation and Internet-related laws, and companies can be under pressure from the political or cultural contexts in particular countries. This can make it difficult for these companies consistently and effectively to maintain a balance between removing violative content and upholding human rights and fundamental freedoms. The report focuses on a set of case studies diving into the online activities of right- and left-wing violent extremist groups in South America, Africa and Asia, and the ways in which they abuse digital technologies
Turin, Italy: United Nations Interregional Crime and Justice Research Institute (UNICRI) and the VOX-Pol Institute. 2025. 88p.