In recent weeks, we’ve been tracking an alarming wave of cyberattacks sweeping across North Africa led by a newly emerged threat actor known as Server Dump. What started as isolated retaliatory strikes has quickly escalated into a much broader digital campaign targeting ministries, military systems, and even exposing a secret weapons depot.
The conflict began on June 11, when Server Dump announced their first attack, a full compromise of Algeria’s Ministry of Youth and Sports. They made it clear this was retaliation for an earlier breach of Morocco’s National Social Security Fund (CNSS.ma), allegedly carried out by Algerian actors. But the campaign has since expanded far beyond tit-for-tat attacks, laying bare critical weaknesses in North Africa’s cyber defenses.
A Rapidly Expanding Digital Battlefield
In a post on their Telegram channel, Server Dump wrote: “This is just the beginning. Any cyber-aggression against Morocco will be met with a stronger response.”
True to that threat, the group has moved aggressively, breaching the Algerian Ministry of National Defense, stealing sensitive military logistics data, and later compromising Algeria’s Customs Ministry. This effectively exposed systems responsible for trade security and border control.
The situation escalated further when Tunisia was drawn into the fray. Server Dump breached Tunisia’s Ministry of Defense, targeting its Armed Forces division. The group leaked thermal images, engineering diagrams, and an inventory of a secret underground weapons depot at Mount Chaâbanbi , a major intelligence coup with serious physical-world implications.
Cyberwar in a New Form
What we are seeing here is more than just hacking, this is a new form of regional conflict where cyber tools are being used to project power and influence. Server Dump now presents itself as Morocco’s “digital shield,” injecting itself into regional geopolitics in a way that conventional diplomacy can not match.
Their tactics mirror those of groups like WikiLeaks; public leaks of stolen documents on Telegram and dark web platforms, but with an overt nationalist motive. The campaign is designed not just to extract intelligence, but to embarrass governments and undermine public confidence in their cybersecurity capabilities.
Exposing Critical Gaps
Perhaps the most troubling insight from these events is just how easily Server Dump has moved between sensitive systems. Their campaign highlights major shortcomings in network segmentation, access controls, and threat detection across both civilian and military infrastructures.
For Algeria, the repeated breaches of both civilian ministries and military systems amount to a cybersecurity crisis. The theft of military logistics data and customs information also creates openings for real-world risks, from smuggling to more serious national security threats.
Regional Fallout
The ripple effects of this campaign are already being felt. Morocco now finds itself with an unofficial cyber guardian that may complicate diplomatic relations. Algeria is under immense pressure to shore up its defenses — and to manage the political embarrassment of leaked military secrets. Tunisia has been dragged into a conflict it did not initiate, facing the difficult task of rebuilding trust in its own military cyber defenses.
More broadly, this could mark the start of a dangerous cycle of cyber retaliation in North Africa. If unchecked, future attacks could escalate to critical infrastructure, with consequences far beyond the digital sphere.
At CyHawk, we believe this campaign is far from over. The tone of Server Dump’s communications suggests further disclosures are coming, and the success of their attacks so far may embolden them to target other governments or expand their reach.
The question now is: can regional governments act fast enough to contain this before the situation spirals out of control?
Ultimately, this campaign should serve as a wake-up call, not just for Algeria and Tunisia, but for the entire region. Cyber conflicts today move fast, cross borders easily, and can quickly escalate in ways that traditional military or political playbooks aren’t prepared for.
What began as retaliation for a single breach has become a regional crisis and a stark reminder of the urgent need to strengthen government cybersecurity across North Africa. If these lessons aren’t taken seriously, we could be witnessing the beginning of a new and dangerous era of digital warfare in the region.