On April 8, 2025, the Algerian hacking collective known as JabaRoot DZ executed a significant series of cyberattacks against Moroccan institutions, marking one of the most substantial data breaches in Moroccan history. The primary targets were the websites belonging to the Ministry of Economic Inclusion and the National Social Security Fund (CNSS), both crucial components of Morocco’s governmental digital infrastructure.
The attackers clearly stated their rationale for the breach. In a message disseminated via their Telegram channel, they claimed, “This leak is a response to the hostile actions of Moroccan hackers who stole the Twitter account of the Algerian Press Service (APS) after it was banned by Twitter.” This retaliation illustrates the escalating cyber conflict and tensions between the two North African nations.
In response to the attack, the Ministry of Economic Inclusion acknowledged that its website had been compromised by hackers identifying themselves as Algerians. However, the ministry sought to reassure the public by downplaying the severity of the breach, asserting that the site was primarily informational and housed no professional or sensitive databases. In an official statement, the ministry emphasized, “No personal or sensitive data has been compromised.” This assertion was met with skepticism, particularly as JabaRoot DZ published over 3,000 documents purportedly belonging to ministry employees, including pay slips. The ministry refuted the authenticity of these documents, claiming they were incorrectly attributed to its operations.
Shortly after targeting the Ministry of Economic Inclusion, JabaRoot DZ claimed to have executed an even more serious breach affecting the CNSS. The group reported accessing sensitive documents, including salary declaration certificates from various companies and detailed lists of employees by name. Preliminary analysis indicates that the breach involved an Excel file containing information on nearly 500,000 companies alongside approximately 53,576 PDF files. Among the disclosed data were salary declarations from previous years linked to major entities such as the royal holding SIGER, several banks, the Israeli Liaison Office in Morocco, and various Moroccan media organizations. Alarmingly, some of these documents revealed the declared salaries of high-profile individuals.
The CNSS has faced data security issues before; a notable incident occurred in January 2020 when Yabiladi reported an unsecured access point that exposed personal data for 3.5 million users in the private sector. This leak included sensitive details such as identification numbers, addresses, bank account information, and four years’ worth of salary records. After being alerted, the CNSS’s IT team promptly addressed the vulnerability, while the National Commission for the Protection of Personal Data (CNDP) launched an investigation.
As of now, the CNSS has yet to release an official statement regarding the current cyberattack. However, a Moroccan cybersecurity expert has labeled this incident as “the largest data leak in Morocco’s history,” highlighting the significant risks that exist in the country’s cyber defenses. Authorities are in the process of evaluating the extent of the breach while reinforcing cybersecurity measures to mitigate future attacks.
This recent incident underscores the vulnerability of digital infrastructures in the face of ongoing cyber threats, particularly amidst rising geopolitical tensions between Algeria and Morocco. JabaRoot DZ has made it clear that “any future hostile action against Algerian interests will be met with even stronger responses,” signaling that this cyber conflict may escalate further.
In examining the potential tactics and techniques employed during these attacks, frameworks such as the MITRE ATT&CK Matrix offer insight into likely adversary actions. Techniques such as initial access and data manipulation could be inferred from the aggressive nature of the breaches, aligning with documented tactics used by similar groups in prior engagements. As the landscape of cybersecurity continues to evolve, the necessity for strengthened defenses becomes increasingly critical for organizations operating in high-stakes environments.
