Cyber Incident Victim: Universidade Federal do Piauí
Date:
Jul 2025
Location:
Brazil
Summary
Universidade Federal do Piauí experienced a cyber attack that disrupted multiple institutional services, including Gitsig, Sinapse and the SIG systems, after servers showed memory exhaustion and a database storage reached full capacity. Technical teams initiated emergency restarts, but malicious scripts were later detected on SIG‑related machines, confirming the intrusion and prompting containment actions such as firewall blocks, machine cloning and successive reboots, which only temporarily restored services before failures recurred. Ongoing efforts continue to assess the impact while prioritizing data security and system recovery.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 0 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On Saturday, 12 July 2025, at approximately 14:30, the Universidade Federal do Piauí began receiving reports of instability across several institutional services, including the Gitsig, Sinapse, and SIG systems. Technical staff from the Superintendência de Tecnologia da Informação (STI) immediately initiated diagnostic procedures. Initial analysis revealed that multiple servers were experiencing freezes caused by exhaustion of memory resources, with one database server reaching 100 % of its storage capacity. Parallel observations showed that the NFS backup storage had also reached full capacity.
In response, STI performed forced restarts of affected machines, which temporarily restored some services before the failures recurred. Subsequent investigation detected the execution of malicious scripts on machines responsible for the SIG systems, confirming a cyber‑attack that had compromised part of the university’s infrastructure. Containment efforts included cloning of compromised machines, implementation of firewall blocks, and successive reboots, actions that continued until around 19:00 on the same day. Despite these measures, the systems continued to exhibit instability after each restart.
On the morning of 13 July 2025, additional attempts to bring the services back online were made, but the systems again failed shortly after being activated. The university stated that it is still evaluating the full extent of the impact on data and operations. STI teams remain fully engaged in analysis, containment, and recovery, with priority given to the security and integrity of institutional data, while the PR‑REITORIES of undergraduate and postgraduate education indicated they would adopt any necessary measures to preserve academic continuity if required.