Cybercriminals Attacked National Social Security Fund of Morocco – Millions of Digital Identities at Risk of Data Breach

By /

Listen to this Post

Resecurity has identified a threat actor, using the alias ‘Jabaroot,’ targeting government systems in Morocco to exfiltrate sensitive citizen data. The attacker claims to have compromised the National Social Security Fund of Morocco (CNSS), potentially exposing millions of digital identities. The breach is linked to ongoing cyber conflicts between Algerian and Moroccan hacking groups, with Jabaroot citing retaliation for previous attacks.

You Should Know:

1. Detecting Data Exfiltration Attempts

Use these commands to monitor suspicious network activity:

 Check active connections (Linux) 
netstat -tulnp

Monitor real-time traffic 
tcpdump -i eth0 -w traffic.pcap

Analyze exfiltration attempts with Zeek (Bro) 
zeek -i eth0 -C

2. Securing Government & Enterprise Systems

  • Patch Management: 
    Check for pending updates (Debian/Ubuntu) 
sudo apt update && sudo apt list --upgradable

Apply critical patches immediately 
sudo apt-get --only-upgrade install <package>

  • Windows Defender for Threat Detection: 

    Scan for malware 
Start-MpScan -ScanType FullScan

Check firewall rules 
Get-NetFirewallRule | Where-Object { $_.Enabled -eq 'True' }

3. Analyzing Threat Actor Infrastructure

Extract IOCs (Indicators of Compromise) from logs:

 Search for suspicious IPs in logs 
grep -E "(Jabaroot|CNSS)" /var/log/auth.log

Query Threat Intelligence APIs (e.g., AbuseIPDB) 
curl -s https://api.abuseipdb.com/api/v2/check?ipAddress=<SUSPECT_IP>

4. Mitigating Telegram-Based Threats

  • Block Telegram C2 traffic: 
    iptables -A OUTPUT -p tcp --dport 443 -d telegram.org -j DROP

5. Hardening Moroccan CNSS-like Systems

  • Disable Unused Services: 
    systemctl list-unit-files --state=enabled | grep -E "(ftp|telnet)" 
systemctl disable <service>

  • Enable Multi-Factor Authentication (MFA): 

    Linux PAM module for MFA 
sudo apt install libpam-google-authenticator

What Undercode Say:

This breach underscores the critical need for real-time threat intelligence and cross-border cyber collaboration. Governments must adopt AI-driven anomaly detection and enforce zero-trust architectures. For defenders:
– Log everything: `journalctl -u ssh –no-pager`
– Isolate critical networks: Use VLANs and firewalld.
– Train staff: Simulate phishing with gophish.

Expected Output:

A hardened system with blocked exfiltration paths, logged IOCs, and proactive threat hunting.

Reference:

Resecurity Report

References:

Reported By: Mthomasson Since – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅

Join Our Cyber World:

💬 Whatsapp | 💬 TelegramFeatured Image

Related Posts: