Cyber Incident Victim: ekiosque.cm
Date:
Apr 2022
Location:
Cameroon
Summary
A Cameroonian online newspaper platform and a telecommunications company's educational site were compromised via web defacement by an Algerian hacker identified as El Harrachi B.A.Z. Team, motivated by Algeria's football defeat against Cameroon. The attacker replaced homepage content with a political message referencing the match's referee and Algerian national slogans, accompanied by the Algerian flag. The affected platform issued a public statement condemning the act and worked to restore services, while the telecommunications company's site was rectified within hours. This incident reflects a pattern of Algerian hackers targeting digital assets in rival nations following contentious sporting events, with similar defacements previously documented against Moroccan and Israeli entities. Both organizations experienced temporary disruption, though operational continuity was restored promptly.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On April 9, 2022, two Cameroonian websites—ekiosque.cm, an online news kiosk operated by KIAMA S.A., and pulse.orange.cm, an educational platform owned by Orange Cameroun—were compromised by an Algerian hacker identifying as El Harrachi B.A.Z. Team. The attacker executed a web defacement attack, altering the homepages of both sites to display a political message protesting Cameroon’s qualification for the 2022 FIFA World Cup at Algeria’s expense following a contentious match on March 29, 2022. The defacement included the text "Bakary Gassama your Instagram account is just a warm-up for Cameroon. The next one will be bigger," referencing the Gambian referee officiating the match, whose Instagram account had been hacked the prior week. The message was accompanied by the Algerian flag, the phrase "1,2,3 Viva Algérie," and the hacker’s signature. The attack exploited security vulnerabilities, likely through SQL injection, temporarily disrupting public access to both platforms. KIAMA S.A. confirmed the breach via a statement on the same day, attributing it to Algerian hackers motivated by sporting rivalry. Orange Cameroun’s technicians restored pulse.orange.cm within hours, while ekiosque.cm became accessible again the following day.
KIAMA S.A. publicly condemned the attack, emphasizing efforts by its engineers to stabilize and restore ekiosque.cm, though no technical details of the remediation were disclosed. Orange Cameroun did not issue a formal response but rectified its platform promptly. The incident mirrored prior cyber activities attributed to Algerian actors, including a November 2021 defacement of Morocco’s CGEM business confederation website and a September 2021 phishing campaign against France’s Crédit Agricole bank that stole 1,700 clients’ financial data. Historical context also included Algerian hackers targeting Israeli infrastructure in September 2021 and the 2013 conviction of Algerian hacker Hamza Bendelladj for distributing the SpyEye malware. The ekiosque.cm defacement highlighted recurring geopolitical and sporting motivations behind such attacks, though no direct retaliation by Cameroonian hackers was documented in the immediate aftermath. Service disruptions were limited to several hours, with no reported data theft or financial losses from this specific incident.