Cyber Incident Victim: Supremo Tribunal Federal

On August 29, 2024, the Supremo Tribunal Federal (STF) experienced a distributed denial-of-service (DDoS) attack targeting its systems. The attack involved thousands of simultaneous access attempts aimed at destabilizing the network and disrupting services. STF systems became inoperative for less than 10 minutes before technical teams swiftly took services offline and implemented additional security layers. Normal operations were fully restored with no operational damage reported. This incident occurred shortly before Minister Alexandre de Moraes issued an order requiring social media platform X to appoint a Brazilian representative and pay outstanding fines. Following Moraes' subsequent decision to block X in Brazil on August 30 due to non-compliance with judicial orders, the Agência Nacional de Telecomunicações (Anatel)—responsible for enforcing the block—reported an expected surge in cyberattacks against its infrastructure. Anatel confirmed these attacks caused temporary instabilities in its systems and networks, characterizing such incidents as frequent occurrences given the agency's role in sensitive matters.

Separately, the Polícia Federal (PF) suffered a cyberattack on September 3, 2024, resulting in service instability. The PF launched an investigation into the incident and restored access to affected services promptly. No compromise of institutional systems or unauthorized data access was detected. All three entities—STF, Anatel, and PF—publicly acknowledged the attacks within days of each other, with each emphasizing containment measures prevented significant operational harm. The STF explicitly confirmed the DDoS attack's limited duration and lack of lasting impact, while Anatel contextualized its experience as part of heightened threat activity following high-profile regulatory actions. No threat actors or motives were formally attributed in the available statements.