Cyber Threat Actor: Abdellah Elmaghribi

Abdellah Elmaghribi is the primary alias used by an individual who has claimed responsibility for multiple website defacements and who has also been referenced alongside the alias Moroccan Wolf in joint statements. The actor presents himself as an Islamist hacker entity and has communicated via an email address ending in @hotmail.com and a publicly shared PGP key. These identifiers appear in the public reporting of the incidents attributed to him.

The actor’s known targets include an online literary publication focused on discussions of sexuality and a diplomatic embassy website hosted in a European capital. The first target is located in the United States, specifically in the Brooklyn area of New York, while the second target is associated with the Turkmen embassy in Minsk, Belarus. This pattern shows activity directed at both media‑oriented platforms and government‑related online assets.

Strategically, the defacements are accompanied by manifestos that express opposition to perceived misinformation, social inequalities, corporate dominance, and regime support, and they call for global freedom movements. The actor states that the actions are intended to spread ideological messages rather than to pursue financial gain or espionage. The posted messages include declarations of allegiance to a self‑described Islamist cause and references to fighting oppression.

The reported tactics, techniques, and procedures consist primarily of website defacement, the posting of political or ideological statements on the compromised pages, and the use of electronic mail for contact and verification. The actor has also shared a PGP fingerprint to facilitate encrypted communication, indicating a reliance on basic communication security measures. No malware families, exploit kits, or intrusion tools are described in the available sources.

Attribution claims made by the actor include an affiliation with a group calling itself “ISLAMIC STATE HACKERS (El Moujahidine)” and repeated references to Islamist motivations. The sources do not provide evidence of a state sponsor or a formal criminal consortium, and the actor’s ties to any broader organization remain unverified based on the public record.

Representative operations include the October 2015 defacement of Adult Magazine, an online publication featuring literary essays on sexuality, which displayed a manifesto and remained inaccessible for nearly a week before being restored. Another notable operation is the April 2015 compromise of the Turkmen embassy website in Minsk, where the actor posted a masked image with text in English and Russian declaring the site hacked and asserting service to the regime, resulting in the site being taken offline. These incidents illustrate the actor’s recurring use of website defacement as a means to convey ideological statements.