Cyber Incident Victim: Bibliothèque nationale du Royaume du Maroc (BNRM)
Date:
Dec 2022
Location:
Morocco
Summary
The Bibliothèque nationale du Royaume du Maroc experienced a cyberattack involving website defacement by Algerian hackers identifying as "1962 teams," who displayed the Algerian flag and a message claiming access to agricultural ministry servers and six interior ministry databases. The attackers stated they would not leak data but aimed to warn Moroccan hacking groups to cease targeting Algerian entities. The institution migrated its website to a more secure server after a week of downtime, restoring functionality. Internal systems remained unaffected due to existing firewalls and daily intrusion monitoring. A joint investigation was initiated by national cybersecurity and data protection authorities to trace the attackers, with preliminary assessments indicating the breach was limited to the homepage during a brief intrusion period.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On or around December 23, 2022, the Bibliothèque nationale du Royaume du Maroc (BNRM) website was compromised by the Algerian hacker group "1962 teams." The attackers defaced the homepage, replacing it with the Algerian flag and a message claiming responsibility. They asserted they had hacked the Moroccan Ministry of Agriculture’s server and accessed six databases containing official documents from the Ministry of Interior. The group explicitly stated they would not disclose the stolen data, framing the attack as a warning to Moroccan hacker groups to cease targeting Algerian digital assets. The website remained inaccessible for approximately one week following the intrusion, with full restoration achieved only by the afternoon of December 30 after BNRM migrated its services to a new, more secure server. The attackers referenced prior cyber operations by the Moroccan group "Moroccan black knights," which had successfully breached multiple Algerian government sites, including the Ministries of Health and Transport, the National Agency of Veterans (Moudjahidine), the University of Oran, and the Algerian Press Service (APS). This incident intensified an ongoing cyber conflict between hacker groups affiliated with the two nations.
BNRM’s digital department initiated immediate response measures, including server migration and a comprehensive diagnostic to trace the attackers’ digital footprints and geographic origins. The institution downplayed the severity of the breach, emphasizing the intrusion lasted only minutes and was limited to homepage defacement without deeper network penetration. A joint investigation was launched by Morocco’s Directorate General of Information Systems Security (DGSSI)—under the National Defense Administration—and the National Commission for the Control of Personal Data Protection (CNDP) to identify the attack’s source and pursue legal action. BNRM confirmed its internal network security remained intact due to existing firewalls and daily monitoring of intrusion attempts. No data destruction or exfiltration beyond the defacement was reported, though the attackers’ claims of accessing ministerial databases remained unverified by official sources. The incident underscored vulnerabilities in public-facing infrastructure while highlighting institutional efforts to prioritize rapid recovery and interagency coordination in response to cyber threats.