Cyber Incident Victim: Morocco

Late on Saturday night, a wave of cyberattacks struck multiple Moroccan government websites, causing serious disruptions across several ministries. The attack temporarily knocked out the website of the Ministry in charge of relations with Parliament, while the sites of the Ministry of Agriculture and the Tax Directorate remained offline. Cybersecurity experts characterized the incidents as Distributed Denial of Service (DDOS) attacks, in which thousands of devices flood targeted servers with traffic to overload them. Hassan Kharjouj, a digital security specialist, explained that the goal of such attacks is to render websites either painfully slow or completely inaccessible. He further described the methodology as a “Kill Chain” approach, wherein attackers first obtain sensitive data before launching DDOS strikes to destabilize multiple targets simultaneously. The attacks were described by experts as well‑planned and highly organized.

Early on Sunday, Tayeb El Hazzaz, another cybersecurity expert, confirmed that additional Moroccan sites had been hit, including the websites of the Ministries of Agriculture, Employment, and Parliament Affairs. El Hazzaz stated that he had observed online hacker groups from the Maghreb region preparing the attacks and asserted that Algeria was employing “digital militias” to conduct cyber warfare against Morocco. He noted that the timing of the assaults—late at night when technical staff are less likely to be on duty—appears to be a deliberate element of the attackers’ strategy. The prolonged downtime has prompted concerns about the long‑term visibility of Moroccan government pages on search engines such as Google, should the outages persist. In a separate statement, the Ministry of Economic Inclusion and Small Business acknowledged that its news‑focused institutional site had been targeted, but emphasized that the information it hosts is publicly available. Officials noted that it remains unclear whether the current outage stems from the initial Saturday night incident or a subsequent fresh attack.

The incidents have resulted in measurable service interruptions, with users unable to access the affected government portals during the attack windows. Experts warned that the combination of DDOS flooding and prior data access could exacerbate the impact on governmental operations and public trust. Observers highlighted that the attacks were carried out in a coordinated fashion, reflecting a level of organization that suggests pre‑attack reconnaissance and resource mobilization. The statements from Kharjouj and El Hazzaz collectively indicate that the threat actors leveraged both technical means and timing considerations to maximize disruption. No official confirmation of attribution has been provided beyond the expert assertions linking the activity to Algerian‑based groups. The situation remains under monitoring by Moroccan cybersecurity authorities as they work to restore full functionality to the compromised websites.