Last week, Morocco fell victim to a major data breach after two of its public institutions were targeted in cyberattacks claimed by an Algerian hacking group. The incident has raised serious questions about the country's cybersecurity policies and the strategies in place to protect personal data and public institutions. Moroccan entrepreneur and consultant Youssef El Maddarsi, CEO of Naoris Consulting, offers insight. He leads initiatives at the crossroads of decentralized cybersecurity, blockchain, AI, and digital trust infrastructure. Could you provide an overview of the cyberattacks on Morocco's Employment Ministry and CNSS? What methods did the attackers likely use to gain access to these systems? The recent cyberattacks on Morocco's National Social Security Fund (CNSS) and the Ministry of Economic Inclusion have been described by analysts as the most significant data breach in the country's history. According to analyses by The Record and the cybersecurity firm Resecurity, the attacks, believed to have been carried out by the Algerian hacker group JabaRoot DZ, likely exploited a zero-day vulnerability in a third-party Oracle-based system, which enabled them to infiltrate the network without detection. Once inside, they reportedly bypassed internal security protocols and accessed large volumes of unencrypted data. Rather than deploying ransomware or demanding payment, the attackers appear to have quietly exfiltrated the data and later published it on Telegram. The absence of financial demands, combined with the strategic nature of the leak, has led some experts to suggest a political motive—although attribution in such cases should always be treated with caution pending official confirmation. CNSS had warnings about its weak cybersecurity. Now that 2 million people's salary info got leaked, how could they have prevented this? What makes this breach especially concerning is that it was not the first. In 2020, a previous incident exposed the personal data of over 3.5 million users due to an unsecured access point. Despite that earlier warning, several vulnerabilities persisted—particularly around access control, encryption practices, and third-party system oversight. This incident underscores the urgent need to modernize and strengthen cybersecurity measures across Morocco's critical digital infrastructure. With well-established best practices—such as end-to-end encryption, zero-trust architecture, timely patching, and real-time threat detection—the risks could have been significantly reduced. Like in many public systems worldwide, this breach highlights the importance of elevating cybersecurity from a purely technical domain to a matter of strategic national importance. These cyberattacks have been claimed by Algerian hackers, representing a continuation of mutual cyberattacks between Algerian and Moroccan hacker groups. How would you describe this cyber warfare? These recent incidents did not occur in isolation—they form part of an increasingly visible pattern of mutual cyber operations between non-state actors in Algeria and Morocco. What we are witnessing is a form of undeclared, asymmetric cyber conflict, where hacker groups aligned with national narratives carry out attacks that reflect broader geopolitical tensions. This tit-for-tat dynamic has clearly intensified over the past few years. What began as symbolic acts—such as website defacements—has evolved into high-impact data breaches affecting millions of citizens. If this cycle of escalation continues unchecked, we may eventually see attacks targeting critical infrastructure: power grids, financial systems, telecommunications, or transport networks. While these are often framed as actions by unofficial groups, the strategic consequences are real. It underscores the urgent need for regional cyber diplomacy, stronger cross-border digital norms, and national-level cyber resilience to prevent these operations from triggering broader instability. What are your immediate recommendations to address this situation swiftly and effectively? The breach must be treated as both a national security risk and a wake-up call for long-overdue reform. In the immediate term, authorities should act on several urgent fronts. 1- They must contain the damage by monitoring where the leaked data is spreading and working with platforms to restrict its circulation. The National Commission for Personal Data Protection (CNDP) has already cautioned against unauthorized use—this message must be enforced. 2- Morocco's public institutions need to conduct a full security audit of critical systems; particularly where third-party software is involved. Patching known vulnerabilities, strengthening authentication protocols, and deploying continuous threat detection systems are immediate priorities. 3- Cyber awareness across all government IT personnel must be significantly upgraded. Social engineering and phishing remain the most common points of entry for attackers. Training, red teaming, and policy enforcement must all be intensified. 4- Authorities should consider engaging with international cybersecurity experts to help fortify the country's digital infrastructure and ensure best-in-class practices are implemented without delay. 5- This escalating pattern of cyber retaliation between non-state actors in the region calls for the establishment of regional diplomatic frameworks around cyber norms and shared digital resilience. Without coordinated response mechanisms, the risks of disruption and escalation will only grow. How do these cyberattacks impact public trust in government institutions, particularly concerning data protection and digital services? This breach has had a significant impact on public trust. When an institution like CNSS—responsible for pensions, health coverage, and social benefits—is compromised so extensively, it casts doubt on the security of all digital public services. Citizens are understandably concerned about identity theft, fraud, and how their most sensitive information is being managed. But this goes beyond one breach. It exposes a systemic issue: centralization. When security depends on a single point of failure, the entire infrastructure becomes fragile. Once that single door is forced open, everything behind it is exposed. This is precisely what happened. To rebuild trust, Morocco must go beyond short-term fixes. The country needs to rethink the foundation of its cybersecurity approach. Decentralized cybersecurity architectures replace centralized bottlenecks with a mesh of interconnected nodes that validate, isolate, and respond to threats autonomously. Had such a system been in place, the impact would have been drastically reduced. Compromised systems could have been automatically quarantined, sensitive data would have remained encrypted and unreadable, and essential services could have continued operating securely even under attack. This isn't theoretical. In real-world use, decentralized cybersecurity models have already blocked billions of threats, detecting and neutralizing anomalies before they cause harm. They create self-healing, sovereign digital ecosystems that become more resilient with every attempted breach.
