Cyber Incident Victim: Morocco
Date:
Mar 2025
Location:
Morocco
Summary
Morocco experienced a cyberattack that rendered several official websites inaccessible, displaying garbled characters and security warnings. The national data protection commission’s site showed delayed access and corrupted pages, while the public engineering school in Kénitra presented a certificate error warning users of possible data theft. The artificial intelligence center linked to a university returned a not‑found error. Similar disruptions affected other government domains, echoing earlier intrusions against a news outlet and the national press agency. Analysts note the kingdom ranks among the nations most frequently targeted by online threats.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On the evening of Sunday,March 9, 2025, several official Moroccan websites became completely inaccessible. Users attempting to reach these domains via Google observed that the search results displayed strings resembling Chinese characters. The anomaly was described as consistent with the effects of a cyberattack. The outage affected multiple government and public institution domains.
The Commission nationale de contrôle de la protection des données à caractère personnel (CNDP) exhibited two distinct behaviors: its primary address (cndp.ma) remained reachable but delayed several seconds before displaying the official mission page, while a secondary similar address was illegible yet eventually allowed access to the homepage after a longer wait. The public engineering school ENCG de Kénitra (encg.uit.ac.ma) presented a browser warning in French stating that the site’s certificate had likely expired, preventing a secure connection and warning that attackers could steal passwords, email addresses, or banking information. The AI movement site affiliated with UM6P (aim.um6p.ma) showed illegible symbols and returned a “Not Found. The requested URL was not found on this server.” error, rendering it totally inaccessible.
The article notes that this incident is not isolated; the Moroccan press site Maroc Hebdo was targeted in November of the previous year, and the national press agency’s website suffered a similar attack in February 2023. It also references studies that place Morocco among the top twenty‑five countries most exposed to cyberattacks globally, underscoring a pattern of recurring threats to the kingdom’s online infrastructure.