Cyber Incident Victim: Aeroporto Internacional de São Paulo/Guarulhos

On Saturday, March 15, 2025, a hacker using the alias “Azael” announced a cyberattack against the official website of São Paulo/Guarulhos International Airport (GRU). The announcement was made via a message sent to press outlets, stating that the attack would occur precisely at 13:12 Brasília time. According to the hacker’s message, the attack followed a claimed successful breach of the University of São Paulo (USP) website, which had not yet recovered. GRU Airport, the concessionaire that manages the airport, confirmed to CISO Advisor that its official site (www.gru.com.br) became unstable and went offline shortly after the announced time. The website remained inaccessible for several hours before being restored. The airport operator emphasized that the disruption was limited to the web page and that no operational systems of the airport were affected.

GRU stated that it had activated all of its security protocols in response to the incident. By the time the CISO Advisor note was published, the site was still exhibiting some instability. The company indicated that it continued to monitor the situation and work to fully stabilize the online service. No further details about the attack vector, tools used, or attacker identity beyond the alias were disclosed in the available sources. The hacker’s claim of responsibility linked the GRU incident to the earlier alleged USP breach, suggesting a pattern of targeting Brazilian institutions. Despite the website outage, airport operations, including flights and ground services, continued without interruption according to the operator’s statement. The incident concluded with the website being brought back online, although residual instabilities were noted at the time of reporting.