Latest news with #DGSSI
Morocco World
a day ago
- Politics
- Morocco World
DGSSI: Data Breach Affected Only Tawtik Platform Used by Notaries
Doha – The General Directorate of Information Systems Security (DGSSI) has concluded its investigation into the recent data breach initially reported on June 2. According to an official statement released on Friday, the compromised data originated exclusively from the platform, which is used by the National Council of Notaries. The DGSSI has clarified that contrary to earlier reports, the systems of the National Agency for Land Conservation, Cadastre and Cartography (ANCFCC) were not compromised. This statement aims to dispel confusion about the scope of the incident that has concerned users since reports first emerged. As an immediate response, authorities took the platform offline to identify and address the security vulnerabilities that led to the data exfiltration. 'Exploiting vulnerabilities in inadequately protected computers' Enhanced security measures have been implemented in accordance with DGSSI cybersecurity recommendations, with additional proactive actions deployed to prevent future incidents. The incident gained attention when the Algerian hacking group 'Jabaroot' claimed responsibility for the attack on June 2. The group alleged they had stolen approximately 10,000 property ownership certificates, 20,000 personal documents including sales deeds, civil status documents, ID cards, passports, and banking records. They claimed the breach amounted to 4 terabytes of data. This attack follows a similar breach in April when the same group targeted Morocco's National Social Security Fund (CNSS), exposing personal data of nearly 2 million Moroccan employees across approximately 500,000 businesses. The CNSS later stated that many of the leaked documents were 'often false, inaccurate or truncated.' Sources from ANCFCC had previously denied that their systems were directly compromised. As reported by Le360, an authorized source from the agency stated that no intrusion or data leak was detected in their information system. The source suggested the hackers may have accessed data on the notaries' platform by 'exploiting vulnerabilities in inadequately protected computers.' The Jabaroot group justified their attack as a response to what they called 'Moroccan media's false propaganda' regarding rumors about France freezing assets belonging to high-ranking Algerian officials. They described this alleged propaganda as 'an unjustified intervention and an opportunistic way to attack Algeria again on the international stage.' Morocco faces growing cybersecurity threats Documents leaked by the group reportedly included sensitive information of Moroccan officials. The group specifically claimed to have released documents belonging to senior officials, including alleged documents of Mohamed Yassine Mansouri, the director general of foreign intelligence. Cybersecurity experts have warned citizens not to open any of the leaked files circulating online, as they may contain security threats that could compromise personal data. This incident occurs amid increasing cybersecurity concerns in Morocco. In April, cybersecurity company Kaspersky reported that Morocco ranks third among African countries facing web-based threats, with 12.6 million attack attempts documented in 2024. Kenya leads with nearly 20 million incidents, followed by South Africa with approximately 17 million. A string of recent cyberattacks targeting Moroccan institutions has exposed serious gaps in the country's digital defenses. Between June 1 and June 3, 2025, multiple attacks targeted various Moroccan institutions, including the Ministry of Health, Bank Al-Maghrib, Maroc Telecom, and several educational institutions. Read also: Transparency Maroc: CNSS Data Breach Exposes Critical Flaws in Morocco's Cybersecurity Tags: Algerian hackersancfcccyberattack
Morocco World
06-05-2025
- Morocco World
Critical Android Malware Alert: DGSSI Warns of Banking Data Theft
Doha – Morocco's General Directorate for Information Systems Security (DGSSI) has issued a critical alert regarding a sophisticated malware targeting Android smartphones. The malware, named 'BTMOB RAT,' was first detected in February and primarily aims to steal sensitive information, including banking data. According to the DGSSI alert released on Monday, this Remote Access Trojan (RAT) is distributed through phishing websites and malicious applications available on the Google Play Store. What makes this threat particularly concerning is its exploitation of Android's accessibility services to obtain legitimate permissions while bypassing the system's security mechanisms. The malware employs advanced techniques to maintain persistent access to compromised devices. Once installed, BTMOB RAT can access the user interface to collect sensitive information displayed on screen, such as login credentials, private messages, and banking details. It also monitors the clipboard, capturing temporarily stored data like passwords and payment information. 'These services are designed to help users with specific needs, but when misused by malware, they allow security restrictions to be circumvented,' explains the Center for Monitoring, Detection and Response to Computer Attacks. The malware operates stealthily in the background without alerting users and can evade detection by traditional antivirus solutions. This warning lands amid growing concerns about digital financial security in Morocco. Last March, cybersecurity firm Cypherleak revealed that data from over 31,000 Moroccan bank cards appeared for sale on dark web marketplaces, with over 5,500 cards remaining active and vulnerable to fraud. Read also: Morocco's DGSSI Warns of Critical WhatsApp Windows Vulnerability Security experts note that BTMOB RAT is being offered as 'Malware-as-a-Service' (MaaS), allowing various cybercriminals to purchase or rent it for their malicious campaigns, significantly increasing its distribution and potential impact. According to estimates from Kaspersky and Lookout Mobile Security, more than 500,000 installations of malware exploiting Android accessibility features were recorded in 2024. This trend is particularly troubling as users often activate these services for practical reasons such as screen reading or voice navigation. Kaspersky reported last April that Morocco ranks third among African countries facing web-based threats, with 12.6 million attack attempts documented in 2024, behind Kenya and South Africa. The DGSSI recommends integrating the provided compromise indicators into detection systems and immediately alerting the Moroccan Computer Emergency Response Team (maCERT) if any activity related to this malware is identified. Users are advised to exercise caution when downloading applications, verify permissions granted to apps, and regularly check for suspicious activities in Android settings. This alert also comes amid a rising trend in mobile cyberattacks. In 2023, Zimperium reported a 51% increase in attacks targeting Android globally, with a preference for emerging countries with expanding digital infrastructures. Tags: android smart phonesDGSSI
Morocco World
21-04-2025
- Morocco World
Security Alert: Critical Vulnerability Found in WordPress Plugin
Rabat — Moroccan authorities have warned WordPress users about a critical security flaw in a popular plugin. The General Directorate of Information Systems Security (DGSSI), operating under the National Defense Administration, issued the alert through its cybersecurity monitoring center. The vulnerability specifically affects the 'InstaWP Connect' plugin in versions older than 0.1.0.88. Identified as CVE-2025-2636. This security hole allows unauthorized hackers to remotely execute malicious PHP code on affected websites. WordPress has already released a security patch to fix the issue. Site administrators are strongly urged to update their plugins immediately through the WordPress dedicated page to protect against potential attacks. This warning comes amid recurring cyberattacks targeting Moroccan government websites, chiefly carried out by hacker groups believed to be from or linked to Algeria. The country's critical infrastructure faces persistent threats, while GITEX Africa 2025 revelations from Kaspersky paint a concerning picture. Morocco now ranks third continent-wide for web-based attacks, with hackers launching over 12.6 million attempts against Moroccan targets in 2024 alone. Bank Al-Maghrib has stepped forward with comprehensive security guidelines, aiming to protect citizens navigating an increasingly digitized financial landscape. These developments underscore an urgent reality: strengthening Morocco's digital defenses has become an essential pillar for national security. Read also: Bank Al-Maghrib Issues Digital Banking Security Guide as Online Services Grow
Morocco World
16-04-2025
- Morocco World
Morocco's DGSSI Warns of Critical WhatsApp Windows Vulnerability
Doha – Morocco's General Directorate of Information Systems Security (DGSSI) issued a security bulletin warning citizens about a critical vulnerability in WhatsApp's Windows application that could allow remote attackers to execute malicious code. The security flaw, tracked as CVE-2025-30401, affects all WhatsApp versions prior to 2.2450.6 on Windows operating systems, according to the bulletin released by the Center for Monitoring, Detection and Response to Computer Attacks. Meta, WhatsApp's parent company, acknowledged the vulnerability in its security advisory, stating that 'a maliciously crafted mismatch could have caused the recipient to inadvertently execute arbitrary code rather than view the attachment when manually opening the attachment inside WhatsApp.' The DGSSI has urged all Moroccan users to immediately update their WhatsApp applications by referring to Meta's security bulletin and installing the necessary patches. Issued amid rising cybersecurity threats, the warning follows a wave of cyberattacks on Moroccan government platforms that exposed sensitive data and compromised digital infrastructure. In a separate advisory, the DGSSI also cautioned about a critical vulnerability affecting WordPress websites using the 'SureTriggers' plugin versions prior to 1.0.79, documented under vulnerability identifier CVE-2025-3102. The country has faced an increasingly unstable cybersecurity environment in recent days, with the National Social Security Fund (CNSS) suffering a major breach. The Algerian hacking group 'JabaRoot DZ' claimed responsibility for the attack, which reportedly resulted in the exposure of salary information of 2 million individuals across 500,000 companies. This incident was followed by a series of retaliatory attacks, including distributed denial-of-service (DDoS) campaigns. Most recently, the Algerian group DDOS54 launched what they described as a 'major campaign' against Moroccan government systems, affecting several ministerial websites, including the Ministry of Agriculture's portal and the national tax portal Addressing the WhatsApp vulnerability, security consultants described it as 'a particularly nasty vulnerability for the everyday user,' noting that it could be exploited for data theft, malware deployment, account hijacking, identity theft, or virtually any action a malicious actor chooses to carry out. The DGSSI's latest warnings reflect an ongoing national effort to monitor digital vulnerabilities and protect users against the rising tide of cyberattacks targeting Moroccan institutions and citizens. Read also: Moroccan Authorities Warn of Unauthorised Use of Personal Data Following CNSS Leak Tags: CybersecurityDGSSIWhatsApp
Ya Biladi
12-03-2025
- Business
- Ya Biladi
Morocco approves Damanesign as Qualified Trust Service Provider for e-signatures
Damanesign, a Moroccan startup for the verification of e-signatures and other digital services, has officially received the Qualified Trust Service Provider certification from the General Directorate of Information Systems Security (DGSSI). This recognition enables the company to issue qualified electronic signature certificates that meet the required security standards, particularly for public contracts and sensitive transactions. With this certification, Damanesign can provide businesses and administrations with qualified electronic signature keys, ensuring the authenticity, integrity, and legal value of signed documents. This type of signature, considered the most stringent in terms of regulation, becomes a key tool for stakeholders wishing to secure their digital transactions and ensure their legal recognition. As a Qualified Trust Service Provider, Damanesign offers a complete range of e-signatures (simple, advanced, and qualified), enabling organizations to optimize their exchanges while complying with current regulatory requirements. The qualified signature keys issued by Damanesign offer several advantages: • The ability to sign contracts, public contracts, and sensitive documents in compliance with regulations; • Enhanced authentication, ensuring the signer's identity with a high level of reliability;
