On April 8, 2025, the Algerian hacker group JabaRoot DZ targeted Moroccan institutions, causing a massive data breach. Their actions included hacking into the Ministry of Economic Inclusion’s website and the National Social Security Fund (CNSS) database. The group claimed responsibility for the breaches as a response to Moroccan hackers’ earlier actions, particularly the theft of an Algerian Press Service (APS) Twitter account. JabaRoot DZ’s attack resulted in a significant leak of sensitive information, marking one of the largest cyber incidents in Morocco’s history.
The Ministry of Economic Inclusion confirmed the breach but downplayed its impact, stating the website only contained informational data. The ministry’s denial was quickly challenged when JabaRoot DZ released over 3,000 pay slips from ministry employees. Although the ministry rejected the authenticity of the documents, the hackers’ actions raised questions about the adequacy of the ministry’s claims. This situation highlighted the vulnerability of Moroccan government digital infrastructure and the possibility of further breaches.
Soon after targeting the ministry, JabaRoot DZ shifted focus to CNSS, claiming to have accessed confidential documents. The data stolen included salary declarations and employee lists from a wide range of companies, banks, and even the Israeli Liaison Office in Morocco. The hackers published details from nearly 500,000 companies and over 53,000 PDF files. This breach exposed salary data, including information on high-profile individuals, further amplifying the severity of the attack.
This breach is not CNSS’s first encounter with a security incident. In 2020, a vulnerability exposed sensitive data for millions of private sector users. Despite previous measures to secure the network, this new attack reveals the ongoing weaknesses in Morocco’s cybersecurity infrastructure. Authorities are now working to assess the damage and enhance cybersecurity measures to prevent future attacks. The breach serves as a stark reminder of the growing risks in the cyber domain amid geopolitical tensions.
Reference: