Cyber Incident Victim: Microsoft

On July 25, 2015, a hacker group identifying as The Exploit3rs compromised multiple high-profile domains associated with Morocco’s country code top-level domain (ccTLD), including Microsoft’s .ma domain. The attackers targeted domain.ma (Morocco’s domain registry), google.co.ma, google.ma, microsoft.ma, and kaspersky.ma, replacing legitimate content with a defacement page displaying a message claiming control over Morocco’s domain infrastructure. The defacement text asserted, "We control the domains including NIC morocco! We Want To Inform You That We Can OwnAny .Ma Website Now," indicating the attackers believed they had systemic access to all .ma domains. Microsoft.ma was identified as a parked domain rather than an active corporate site, while google.co.ma and kaspersky.ma served as official regional platforms for their respective companies. The incident mirrored a February 2015 DNS hijacking attack against Google Vietnam, suggesting similar exploitation of domain management vulnerabilities. No data theft or malware deployment was reported in this defacement incident.

The Exploit3rs, known for prior breaches of Yahoo, HSBC, Norton, and other multinational corporations, executed the attack to demonstrate technical prowess rather than for immediate financial gain. All affected domains were restored by the time the incident was publicly reported, though the article did not specify remediation steps taken by Microsoft, Google, or Kaspersky. The hack temporarily disrupted access to the targeted Moroccan domains but did not impact global services of the affected companies. Zone-h archives provided evidence of the defacements, confirming the scope limited to Morocco’s ccTLD infrastructure. This marked another instance of regional domain registry vulnerabilities enabling symbolic compromises of major brands’ localized web presences.