This image was generated using an AI tool
In what is described as a politically motivated attack, Morocco’s National Social Security Agency (CNSS) computer systems have been constantly attacked, leading to a leak of its customers’ data.
The threat actor operating under the name “jabaroot” claimed responsibility for the attack and leaked the stolen data on one underground forum on the dark web on April 8th.
According to Resecurity, a cybersecurity company, the threat actor leaked a CSV file containing the personal information of about 1,996,026 employees from various enterprises operating in Morocco.
Another source confirms over 53,000 PDF files were exposed detailing records of nearly 500,000 companies and close to 2 million employees.
CNSS’s response to the breach
Morocco’s National Social Security Agency (Caisse Nationale de Sécurité Sociale – CNSS) is a public institution responsible for managing the compulsory social security plan for salaried employees in Morocco’s private sector, covering healthcare, disability, and retirement benefits.
Responding to the attack, the agency acknowledged the data breach did occur and is actively investigating further into the origins and details of the attack.
That said, initial checks of certain leaked data by the agency were described as false and inaccurate reported by a local media.
However, investigations by Resecurity after collecting feedback from affected victims confirmed the data is valid.
Also read: Hackers Finally Publish Cell C Stolen Data
The attack appears to be politically motivated
In a statement made by the threat actor on Telegram, the CNSS breach is suspected to be politically motivated. According to the threat actor, he launched the attack as a retaliation for a previous compromise of the Algerian Press Service (APS) Twitter account —something believed to have been caused by Moroccan-affiliated threat actors.
In that incident, the APS account was renamed “Sahara Marocain”, reflecting the long-standing geopolitical conflict between Morocco and Algeria over the Western Sahara region. The account was later suspended following widespread media coverage.
Still on the telegram statement, the threat actor added “Every future hostile action towards Algerian interests will be followed by even stronger responses.”
As it stands, the real motive of the attack is unclear although it resembles a hacktivist move.
The bottom line
The ongoing cyberwarfare between Morocco and Algeria reiterates global trends of such incidents in the cyberspace. It calls for the need to strengthen government systems particularly critical information infrastructure systems to protect sensitive information.
About Author
