The hacktivist group OurSec announced a new defacement attack against the Institut agronomique et vétérinaire Hassan II (IAV Hassan II) in Morocco. The attackers claimed responsibility by replacing content on the institution’s website with a defacement page reading “# Hacked by OurSec #”.
They also shared a link to download a database allegedly stolen from the institution, hosted on AnonFiles. This indicates that the attack may have extended beyond a simple defacement to include data exposure.
Earlier in the same week, the group had defaced multiple Moroccan websites, including mrcatalogue.ma and orientalinvest.ma, publishing mirrored versions on Zone-H and OwnzYou. These incidents highlight a coordinated wave of digital vandalism against Moroccan online platforms.
In a follow-up message, OurSec stated that these operations were merely “opening moves” and emphasized that they would only launch larger-scale campaigns if Algeria were directly affected. This statement suggests the group’s primary motivations are political, aligning with their repeated references to Algerian interests.
Why This Matters
- Defacement + Data Theft: While defacement is often symbolic, the claim of stolen databases raises the severity of the incident.
- Hacktivist Messaging: Their communication frames attacks as retaliatory, signaling future campaigns may escalate.
- Regional Impact: This adds to rising tensions in North Africa’s cyber landscape, with Moroccan institutions repeatedly targeted by politically motivated groups.
CyHawk Africa advises Institutions in Morocco to:
- Conduct immediate website security audits (focus on CMS vulnerabilities and outdated plugins).
- Harden defenses against SQL injection and file upload vulnerabilities, which are common in defacements.
- Monitor for data leaks on forums and file-sharing platforms following these alleged exposures.