Cyber Incident Victim: Justiça Federal de Pernambuco

On Friday, March 7, 2025, the electronic, judicial, and administrative systems of the Justiça Federal da Terceira Região (TRF‑3) experienced a period of instability. The TRF‑3, based in São Paulo, confirmed that the instability was caused by a distributed denial of service (DDoS) attack targeting its web portals. According to the official statement released to Security Report, the attack aimed to overload the servers and prevent legitimate access to the services. The responsible actor generated traffic that consumed server resources, thereby blocking users from accessing the TRF‑3’s online platforms. The disruption affected the ability of users to access the TRF‑3’s online services. The TRF‑3’s communication noted that the instability was observed throughout the day and persisted until mitigating measures were applied. No mention was made of any specific threat actor or motive in the released information. The attack was identified promptly by the TRF‑3’s security team as a DDoS event based on traffic patterns and server load indicators. The institution emphasized that the incident was limited to service availability and did not involve any breach of data confidentiality. The public statement reassured that the attack was confined to overwhelming bandwidth and processing capacity.

Following detection, the TRF‑3 implemented mitigation measures that successfully reduced the malicious traffic and restored normal operation of its systems. The official communique stated that all attacks were promptly mitigated and that the systems are now functioning normally. As a result of the service interruption, the TRF‑3 announced that it would extend the deadlines for the delivery of documents by parties (PJs) affected by the outage. The extension aims to compensate for the period during which users were unable to access the electronic judicial services. The TRF‑3 explicitly confirmed that no data was lost, compromised, or exposed during the DDoS incident. The statement also noted that the institution continues to monitor its networks for any further anomalous activity. No further details regarding the duration of the attack, the volume of traffic, or the specific mitigation technologies employed were disclosed in the available source. The narrative of the incident concludes with the TRF‑3’s affirmation that normal service has been resumed and that judicial proceedings can continue without data integrity concerns.