Cyber Incident Victim: Universidade Federal de Pernambuco
Date:
Mar 2025
Location:
Brazil
Summary
Universidade Federal de Pernambuco experienced a cyberattack that disrupted its internet systems, causing instability in communication portals. The disruption stemmed from physical damage to the firewall hardware caused by electrical surges on campus and from an excessive operational load due to a surge in hacking attempts against the university’s data center. In response, the institution’s IT superintendency implemented emergency measures, is working to restore connectivity, and is arranging for a higher‑capacity firewall service to mitigate further impacts.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On March 1, 2025, the Superintendência de Tecnologia da Informação (STI) of the Universidade Federal de Pernambuco (UFPE) confirmed that the university’s internet systems had been subjected to a cyberattack. The STI explained that, in the weeks preceding the announcement, the institutional communication portals had shown noticeable instabilities. According to the official statement, these instabilities stemmed from two distinct but concurrent factors affecting the network’s security posture. The first factor was a physical problem in the firewall hardware, caused by recent electrical surges that occurred on the Recife campus and were external to the university’s own operations. These surges impaired the firewall’s ability to regulate network traffic and to defend against external threats. The second factor was an unusually high operational load placed on the same firewall, resulting from a significant increase in the volume of cyberattack attempts directed at UFPE’s data center. The statement noted that this surge in malicious traffic had overwhelmed the equipment, compromising its stability and contributing to the observed service disruptions.
The STI further clarified that the combined effect of the hardware issue and the elevated attack volume had led to intermittent outages and degraded performance across the university’s online services, particularly affecting access to communication portals used by students, faculty, and staff. The instability was described as impacting the integrity, confidentiality, and availability of institutional information, although the statement did not disclose specific data loss or breach details. The STI also observed that similar patterns of firewall overload due to increased cyberattack activity had been reported at other Brazilian higher‑education institutions, citing the Universidade Federal de São Paulo (UNIFESP) and the Universidade Federal do Rio de Janeiro (UFRJ) as examples. This broader context indicated that UFPE was not an isolated case but part of a wider trend affecting the national academic sector.
In response to the situation, the STI announced that it had implemented emergency and complementary measures aimed at mitigating the impacts of the firewall failures and at restoring normal connectivity as quickly as possible. The goal set by the STI was to have the university’s internet services fully operational by the upcoming Friday, March 11, 2025, while simultaneously arranging the procurement of a new firewall service with greater capacity to handle future traffic loads. Technical teams from the STI were mobilized with total priority to ensure that essential academic and administrative services remained available during the remediation period. The statement concluded with the STI expressing gratitude to the university community for its understanding and reaffirming the institution’s commitment to protecting data, maintaining continuity of activities, and continually improving its digital security posture.