Cyber Incident Victim: Morocco
Date:
Apr 2025
Location:
Morocco
Summary
A series of distributed denial‑of‑service attacks disrupted multiple government websites in the North African country, temporarily disabling the ministry handling parliamentary relations and leaving the agriculture and tax directorate sites offline. Experts described the incident as a well‑planned Kill Chain operation, alleging Algerian involvement and noting the timing was chosen to exploit reduced night‑shift staffing.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
Late on Saturday night, April 11, 2025, a wave of cyberattacks struck several Moroccan government websites, causing serious disruptions. The attacks knocked out the website of the Ministry in charge of relations with Parliament temporarily, while the websites of the Ministry of Agriculture and the Tax Directorate remained down. Cybersecurity experts characterized the incidents as distributed denial of service (DDOS) attacks, in which thousands of devices were used to flood the targeted servers with traffic until they became inaccessible. Hassan Kharjouj, a digital security specialist, described the operation as a kill chain approach, whereby attackers first accessed sensitive data before launching the DDOS phase to destabilize multiple targets simultaneously.
The prolonged outage raised concerns about the long‑term visibility of the affected government sites on search engines such as Google, particularly if the downtime continued. The Ministry of Economic Inclusion and Small Business confirmed that its news‑focused institutional site had been targeted, but emphasized that the information hosted on that platform is publicly available. Officials noted that it remained unclear whether the ongoing outage stemmed from the initial attack wave or from a subsequent, fresh incident. No specific restoration timelines were provided in the reporting.
Tayeb El Hazzaz, another cybersecurity expert, corroborated that early Sunday morning additional sites, including those of the Ministries of Agriculture, Employment, and Parliament Affairs, were affected. El Hazzaz stated that he had observed online hacker groups from the Maghreb region preparing the attacks and asserted that Algeria was employing “digital militias” to conduct cyber warfare against Morocco. Experts warned that the choice to launch the attacks late at night, when technical staff are less likely to be on duty, reflected a calculated strategy to maximize impact. The reporting did not include any official response or mitigation measures undertaken by Moroccan authorities.