In recent weeks, Morocco has been rocked by two major data breaches: one involving the CNSS (National Social Security Fund) and the other targeting the Tawtik platform, used by notaries to handle sensitive legal transactions. While the headlines focused on data exposure, the real story is deeper – and more dangerous.
The leaks have handed Algerian hacking group Jabaroot DZ something far more valuable than raw documents: a 360-degree profile of Morocco’s power structure – including senior executives, public officials, business leaders, and institutional insiders.
This blog takes a closer look at what was exposed, how it can be used, and why Morocco needs to completely rethink its cybersecurity strategy.
🧠 The Real Risk: Not Just the Data, But the People Behind It
These breaches didn’t just leak documents — they created a blueprint for targeted attacks. The individuals affected are not your average users. Many of them:
Are highly active online
Access government and institutional platforms directly
Lack cyber-awareness or basic defence training
Rely on personal assistants, shared credentials, or simple passwords
The result: they’re perfect targets for quiet, tailored, and highly effective digital attacks.
🔍 What Was Leaked?
From the CNSS:
Payroll data
Personal identification info
Employer records
From Tawtik:
Sale/purchase contracts
Power of attorney documents
ID cards, passports, civil status docs
Business registration records
Bank statements and financial forms
The volume of data claimed: over 4 terabytes
The number of documents claimed: millions
This includes documents allegedly linked to high-ranking officials, such as Morocco’s intelligence chief and prominent business owners.
Currently – about 8GB of pdf files have been leaked as this now one of the major data leak incident in the history of Morocco
🎯 What’s Coming Next: A New Generation of Precision Attacks
Armed with this level of visibility, attackers don’t need to break into systems anymore. They can go directly after the people inside them. Here’s what that looks like:
1. Spear Phishing with Insider-Level Detail
Emails crafted using real data (e.g., contract numbers, legal case references, internal contact names), pretending to come from a ministry or agency the target regularly works with.
2. Phone-Based Social Engineering
Hackers calling targets and quoting real transaction details, making it easy to gain trust. Example: “We’re calling from the CNSS about your March 2023 submission…”
3. Deepfake Identity Spoofing
Using AI to clone the voice or face of a known person (like a colleague, supervisor, or family member), then using it in a video call or audio message to extract info or authorise transfers.
4. Behavioural and Schedule Mapping
With access to email metadata, calendar info, or meeting logs, attackers can identify when you’re most likely to be online and distracted – and launch attacks then.
5. Indirect Access Through Your Circle
Attackers might go after your assistant, your IT support, or even a relative. Anyone in your immediate network becomes a way in – often with fewer barriers.
🤖 The Role of AI in Modern Attacks
This isn’t guesswork. Attackers are using AI tools to:
Parse massive datasets quickly
Cluster individuals by role, risk level, and system access
Build tailored attack playbooks
Generate fake emails, fake voices, and even fake documents that match Moroccan administrative formats
They’re not attacking blindly. They’re running operations based on clear, data-driven profiling – and they’re refining their tactics in real time.
🚨 The Takeaway: Morocco’s Cybersecurity Needs a People-Centric Rethink
Most security investment today goes into infrastructure – firewalls, encryption, backups. That’s necessary, but no longer sufficient. The weakest point isn’t the tech. It’s the user.
What’s Needed Now:
Targeted training for executives, not just IT staff
Zero-trust access policies with multi-factor authentication
Simulation drills for phishing, deepfake recognition, and social engineering
Audits of staff digital behaviour, especially those with elevated access
Crisis protocols for fast response to identity spoofing or fraudulent actions
✅ Final Word: If You’re High-Risk, You’re High-Value
If you’re a public official, director, legal professional, or executive, and your data was part of these leaks – assume you’ve already been profiled.
From here on out, attacks will not be broad or random. They’ll be targeted, personal, and silent. And without serious preparation, the financial and reputational cost will be enormous.
Cybersecurity isn’t a technical issue anymore. It’s a leadership issue, and it needs to be treated like one.
