Cyber Incident Victim: Polícia Federal do Brasil

In late August and early September 2024, multiple Brazilian government institutions experienced cyberattacks. The first confirmed incident occurred on August 29 when the Supreme Federal Court (STF) suffered a distributed denial-of-service (DDoS) attack involving thousands of simultaneous access attempts aimed at destabilizing its network. The attack coincided with Minister Alexandre de Moraes' judicial actions against social media platform X regarding non-compliance with court orders. STF systems became inoperable for under 10 minutes before technical teams took services offline, implemented additional security layers, and restored normal operations without lasting operational damage. No data compromise or system infiltration was detected. The following day, August 30, Moraes ordered the blocking of X in Brazil through telecommunications regulator Anatel after the platform failed to appoint a local representative or pay court fines.

Anatel subsequently reported increased cyberattacks described as expected due to its role in enforcing the X blockade, causing temporary instabilities in its systems and networks. On September 3, the Federal Police (PF) experienced a separate cyberattack causing service disruptions, though access was fully restored without detected system compromises or unauthorized data access. All three institutions emphasized their systems remained fundamentally secure despite temporary availability issues. The PF launched an investigation into its incident while STF and Anatel attributed their disruptions solely to volumetric DDoS-style attacks rather than data breaches. No operational delays or long-term consequences were reported by any entity following containment measures. Technical responses focused on rapid service isolation and security reinforcement rather than forensic attribution of attackers.