A threat actor known as bxxxx1 has claimed responsibility for a server breach affecting multiple government projects in Morocco, including the Geoportal of the Old City of Casablanca for Demolition projects. The attacker revealed they gained administrator-level access to the control panel managing this geoportal and other related systems.
According to the post, the compromised panel contains live satellite imagery, maps of buildings, roads, and alleys, as well as sensitive planning documents. One of the exposed files includes a blank compensation list, intended to detail the beneficiaries of the demolition, raising concerns about possible manipulation or misuse of government housing data.
More critically, the attacker published that they accessed login credentials of seven administrators, including names, emails, ranks, and the ability to add or remove users. The attacker confirmed full admin rights, meaning they could edit, delete, or add new content to the projects listed on the portal.
To further back up the claims, multiple screenshots of the compromised environment were shared via image hosting links. The breach is said to extend to additional unnamed government projects, including some involving the city of Mohammedia and the Moroccan Agricultural Mutual Fund.
This level of access poses a serious risk to both urban infrastructure integrity and citizen safety, especially if demolition schedules or relocation data is tampered with. In a worst-case scenario, this could lead to the mismanagement of government funds or misdirection of demolition efforts.
Authorities in Morocco need to swiftly investigate the extent of this breach, verify the attacker’s claims, and assess whether any data has been altered. Given the mention of full admin privileges, urgent action is needed to secure all connected systems.