In June 2025, Morocco’s legal and digital infrastructure faced a major cyberattack. A hacking group named Jabaroot DZ, believed to operate out of Algeria, targeted the Tawtik platform — a digital system used by Moroccan notaries for property transactions and legal documentation. Here’s a breakdown of what’s been confirmed so far.
🔍 What Was Targeted?
Tawtik, not the ANCFCC:
Early reports suggested Morocco’s land registry (ANCFCC) was compromised. That turned out to be false. The breach affected Tawtik, which is run by the National Council of the Order of Notaries, not by the land registry.
Individual notary accounts:
Attackers accessed 713 notary accounts, likely through poor individual security practices, not a core system vulnerability.
📦 Claimed vs. Actual Data Volume
Jabaroot DZ’s Claim: The group alleges they exfiltrated over 4 terabytes of data, including samples of over 10,000 property certificates and 20,000 various documents.
Expert Analysis: Cybersecurity experts suggest the actual volume is significantly less, encompassing only documents available on Tawtik at a specific time.
🧾 What Was Leaked?
Types of documents:
Sales contracts
Power of attorney documents
Company formation paperwork
Copies of ID cards and banking information
No land titles:
Despite initial panic, official land titles from ANCFCC were not compromised.
Available on the dark web:
Many of the stolen documents are now circulating online, particularly on dark web forums.
🎯 Motivation Behind the Attack
Jabaroot DZ stated that the leak was a direct response to what they perceive as anti-Algerian propaganda by Moroccan media, particularly concerning reports about France considering freezing assets of senior Algerian officials.
🔍 Legitimacy and Verification
Sample Files: The group provided sample files on dark web forums, including documents allegedly belonging to high-profile Moroccan officials.
Skepticism: Some users on these forums questioned the legitimacy of the leak, noting that the full dataset was not made available and that some links were broken or removed.
🇩🇿 Who’s Behind It?
Jabaroot DZ is a known Algerian hacking group.
They previously claimed responsibility for other breaches, including attacks on social security systems.
Their motivation appears partly political, especially after recent international support for Morocco’s Sahara autonomy plan.
🛡️ What’s Being Done?
Security audits: Morocco’s cybersecurity agency, the DGSSI, launched an investigation.
Preliminary results: Point to weak personal account protections rather than system-wide vulnerabilities.
Recommended actions:
Better password hygiene for notaries
Mandatory two-factor authentication
Regular audits and access monitoring
This breach should be a wake-up call for legal professionals and public institutions across Morocco. Even with secure infrastructure, the human factor remains the weakest link. The need for secure credentials, user training, and incident response planning is more apparent than ever.
Sources:
