Cyber Incident Victim: Orange Cameroun

On April 9, 2022, two Cameroonian websites—ekiosque.cm (an online news kiosk operated by KIAMA S.A.) and pulse.orange.cm (an educational platform managed by Orange Cameroun)—were compromised by an Algerian hacker identifying as El Harrachi B.A.Z. Team. The attacker executed web defacement attacks, altering the homepages of both sites to display political messages referencing Algeria's contentious World Cup qualification loss to Cameroon on March 29, 2022. The defacement included the Algerian flag, the phrase "1,2,3 Viva Algérie," and a specific threat directed at Gambian referee Bakary Gassama, who officiated the match: "Bakary Gassama your Instagram account is just a warm-up for Cameroon. The next one will be bigger." This referenced the prior hacking of Gassama's Instagram account (bakary.gassama8) one week earlier, where false apologies to Algeria were posted. The attacks exploited security vulnerabilities, likely through SQL injection, though technical specifics were not disclosed by the victims.

eKiosque responded with a public statement on April 9 confirming the breach and attributing it to Algerian hackers protesting Cameroon's World Cup qualification. KIAMA S.A.'s representative, Marius Lambou Mbogning, condemned the act and confirmed engineers were working to restore and stabilize the platform. The site became accessible again within a day. Orange Cameroun did not issue a formal statement but restored pulse.orange.cm within hours by removing the defaced content. No data theft or financial impacts were reported, with the incident limited to temporary service disruption and reputational damage. The attacks aligned with a pattern of Algerian hacktivist activity, including prior defacements of Moroccan and Israeli targets, though no direct organizational links to those incidents were established in this case.