Menu
Browse

Cyber Threat Actor: Moroccan Soldiers

Actor Type Location Known Incidents
 Icon
Activist
Morocco
1 incident
Profile

The threat actor knownas Moroccan Soldiers operates from Morocco and uses that alias in public claims. It is associated with pro‑Palestine hacker collectives and has been linked in reporting to groups such as LulzSec Black. The actor’s public statements frame its actions as retaliation against states perceived to support Israel, indicating a politically motivated objective rather than financial gain. Its observed targeting has focused on critical infrastructure and government services, with the sole confirmed incident directed at Cypriot entities. This focus suggests a strategic aim to disrupt services and convey a show of force to adversaries.

The October 18 2024 operation attributed to Moroccan Soldiers was described as a coordinated series of cyberattacks against Cypriot critical infrastructure and government services. Public claims linked the activity to pro‑Palestine hacker collectives, specifically naming LulzSec Black as one of the groups involved. The attackers employed a distributed denial‑of‑service approach that generated high volumes of traffic aimed at airport networks, banking platforms, telecommunications providers and government web portals. As a result, users experienced temporary disruptions including slowed access to flight information, intermittent banking service outages, degraded telecommunication links and occasional inaccessibility of official websites. During the defensive response, security checkpoints reported delays as operators upgraded mitigation measures while the attack traffic persisted. Although the volumetric barrage caused noticeable inconvenience, the majority of the attack attempts failed to achieve sustained impact and normal service levels were restored within a short period. Cypriot authorities explicitly stated that no data was exfiltrated or compromised during the episode, but they warned that similar actions could recur and advised continued vigilance. In the aftermath, national cybersecurity agencies maintained an elevated alert level, characterizing the campaign both as a demonstration of capability and as a test of the country’s defensive posture, and they urged operators of essential services to reinforce proactive protections against future DDoS threats.

Incidents
Attributed incidents available to members
1 incident
Sources
Sources available to members
0 sources