Algerian hackers expose sensitive data in Moroccan land registry breach

The Moroccan National Agency for Land Conservation, Cadastre and Cartography (ANCFCC) has been targeted by a significant cyberattack attributed to the hacker group “Jabaroot.” This incident marks a continuation of the group's malicious activities, following their previous breach of the National Social Security Fund (CNSS) in April.

On Monday, Jabaroot, which claims to be an Algerian entity, announced that it had stolen and leaked thousands of sensitive property documents from ANCFCC's databases. The attack reportedly led to the exfiltration of a staggering 10,000 property ownership certificates from a total database of over 10 million land titles.

The compromised data is said to include cadastral information, identities of property owners, real estate references, and various personal and administrative documents. Alongside these property documents, approximately 20,000 additional files—encompassing sales deeds, civil status documents, ID cards, passports, and banking records—were also leaked, amounting to around 4 terabytes of data.

In response to the earlier CNSS breach, the ANCFCC had temporarily suspended access to its online platform, particularly affecting notarial services. The agency reverted to traditional paper-based filing and in-person payments, urging all professionals—including notaries and lawyers—to process their filings directly at land registry offices until further notice.

Jabaroot has justified its actions as retaliation against what it perceives as “false propaganda” from Moroccan media regarding alleged asset freezes affecting high-ranking Algerian officials by France. The group characterized these political tensions as an “unjustified intervention” against Algeria on the international stage.

Among the documents released by Jabaroot are purportedly sensitive files linked to senior Moroccan officials, including Mohamed Yassine Mansouri, the director general of foreign intelligence. The hackers allege that Mansouri misappropriated funds, claiming he spent over MAD 3.5 million ($350,000) between 2022 and 2023 and established companies under his daughter's name.

At present, the ANCFCC has not issued a formal statement regarding the authenticity of the leaked documents or the specific methods used for the intrusion. The ongoing investigation aims to determine whether the approach utilized in this breach mirrors that of the earlier CNSS attack.