Cyber Threat Actor: Moroccan Agent Secrets
| Actor Type | Location | Known Incidents |
Criminal
|
Morocco
|
1 incident |
|---|
Profile
Moroccan Agent Secrets is an alias used by a threat actor that has been linked to a cyber intrusion against the Western Montana Clinic in March 2015. The actor’s location is noted as Morocco, although no further geographic details are publicly confirmed. The incident occurred on 2015-03-10, when unauthorized individuals gained access to the clinic’s website. According to the clinic’s disclosure, the breach resulted in the exfiltration of full credit card information belonging to forty‑four patients. The clinic confirmed that the compromised data included complete payment card details but did not disclose the duration of the unauthorized access. The clinic also stated that there were no broader operational impacts reported beyond the theft of payment information. This event represents the only publicly documented operation attributed to Moroccan Agent Secrets in the available sources.
The targeting observed in the known activity involves a healthcare provider located in the United States, specifically a clinic in Western Montana. The actor’s actions resulted in the theft of payment card data from patients of that clinic. The breach was reported by the Missoulian newspaper, which cited the clinic’s statement about the compromise. No specific malware families, exploit tools, or initial access vectors have been described in the public reporting of this incident, so the actor’s technical tactics remain unspecified. Likewise, no public attribution to a state sponsor, criminal consortium, or other affiliations has been established for Moroccan Agent Secrets. The absence of detailed technical information limits any characterization of the actor’s tooling or methodology. Consequently, the profile of Moroccan Agent Secrets is limited to the confirmed alias, the associated location note, and the single documented website compromise that resulted in credit card data theft.
