Cyber Threat Actor: Jabaroot DZ

The threat actor known as Jabaroot DZ, also referenced as JabaRoot DZ, is an Algerian hacker group that has publicly claimed responsibility for at least two notable cyber incidents targeting organizations in North Africa during early 2025. The group's activities first came to significant public attention following an attack on the databases of Algeria's National Social Security Fund (CNSS) on April 8, 2025, which resulted in the compromise of personal and professional information belonging to nearly two million employees and data pertaining to hundreds of thousands of companies. This breach exposed substantial volumes of sensitive information and prompted widespread concern regarding institutional cybersecurity resilience despite existing legal frameworks. Subsequently, on April 1, 2025, the same group claimed an attack against Morocco's Ministry of Economic Inclusion, Small Business, Employment, and Skills, specifically targeting its informational portal. Moroccan authorities confirmed the incident but clarified that the affected site contained only publicly accessible information, with no sensitive databases or personal files compromised, and they noted the attack had no significant consequences. The ministry also distanced itself from unrelated documents falsely attributed to its operations that circulated online following the intrusion.

Based solely on these two reported events, the group demonstrates a targeting pattern focused on government and social security institutions within the Maghreb region, with operations directed against both Algerian and Moroccan entities. The strategic impact of their actions varies considerably; the CNSS breach achieved a clear data theft and exposure objective, leading to the leakage of highly sensitive records, whereas the Moroccan ministry attack appears to have been a lower-impact operation against a public-facing asset without data exfiltration. No specific malware families, initial access vectors, or detailed tooling methodologies are described in the available incident summaries, leaving their technical tactics and procedures undocumented in public sources. Similarly, there is no publicly established information linking Jabaroot DZ to a state sponsor or a broader criminal consortium, and no extensive campaign beyond these isolated incidents is detailed in the provided material. The group's public claims of responsibility suggest an intent to generate notoriety or exert pressure, but any deeper motivational drivers remain unspecified in the cited reports. Publicly available information therefore confines the known operational scope of Jabaroot DZ to these two distinct attacks, illustrating a capability to breach national databases in at least one high-profile case while also engaging in less consequential website compromises.