Cyber Incident Victim: Agência Nacional de Telecomunicações

Between August 29 and September 3, 2024, multiple Brazilian government institutions experienced cyber attacks, including the Supreme Federal Court (STF), the National Telecommunications Agency (Anatel), and the Federal Police (PF). The STF reported a distributed denial-of-service (DDoS) attack on August 29, characterized by thousands of simultaneous access attempts intended to destabilize its network. This occurred shortly before Minister Alexandre de Moraes issued a judicial order requiring the social media platform X to appoint a local representative and pay outstanding fines. The attack rendered STF systems inoperable for less than 10 minutes before technical teams intervened by temporarily taking services offline and implementing additional security layers. The court confirmed no operational damage or data compromise resulted from the incident.

Anatel became a subsequent target following its enforcement of Moraes’ September 30 order to block access to X in Brazil due to the platform’s noncompliance with judicial rulings. The agency acknowledged a surge in cyber attacks coinciding with this high-profile action, describing the incidents as expected given the sensitivity of its regulatory role. These attacks caused temporary instabilities in Anatel’s systems and networks, though specific technical details or duration were not disclosed. Separately, the PF experienced a cyber attack on September 3 that disrupted service availability but did not compromise institutional systems or data. The PF restored access promptly and initiated an investigation into the incident. All three entities emphasized their systems remained secure despite the disruptions, with no evidence suggesting data exfiltration or persistent vulnerabilities. Anatel highlighted its routine exposure to cyber threats as a frequent target due to its public significance and involvement in contentious regulatory matters.