3C-INT logo [Cyber]Crime Characterization for Intelligence FREE PREVIEW
You are exploring the Free preview. To unlock full read-only access to all public profiles and in-app notifications, create a free research account. For analyst / premium plans capabilities (editing, advanced tabs, exports), please contact us

Threat Actor Characterization

Back
You’re viewing the read-only version. Sign in for analyst tools (editors, promote draft, file/relations management, etc.)
Anonymous Moroccan

Anonymous Moroccan

ID: e6095978daeec4d5975cf12723fabc68
Hacktivist Group DDoS Crew Defacement Crew Hacktivism
Threat types: DDoS Attack, Hacktivism, Defacement
Morocco
Updated: 2026-02-18
Created: 2026-01-27
Progress: 67% Completeness: 66% Freshness: 70%
Operation zone:
Aliases Limited alias preview
AnonymousMoroccan
Actor Network Graph
Open Network Graph
Read-only preview for anonymous visitors. Sign in with a free Research account for full workspace.
MITRE ATT&CK®
confidence: medium
Actor Techniques page ATT&CK® Diagram

Anonymous Moroccan (also referenced as Anonymous Morocco) is an OSINT-observed hacktivist branding associated with geopolitical disruption operations, primarily DDoS-style availability attacks and occasional defacement-style messaging. The label appears in multiple conflict- and alliance-related reports from 2023–2025, but continuity as a single cohesive organization is uncertain.


Technique Technique name Tactics Evidence
T1498 Network Denial of Service TA0040
  • 2023-12-05 — OSINT roundup includes Anonymous Morocco among groups active in conflict-linked cyber operations; DDoS is highlighted as a prevalent tactic in this ecosystem. INFERENCE (confidence: medium): maps to network DoS behavior typically used by hacktivist cadres. · ref
  • 2025-03-27 — Cyble reporting on hacktivist activity lists Cyber Jund (formerly Anonymous Morocco) among groups targeting France; this context is consistent with disruptive attack patterns (DDoS). INFERENCE (confidence: medium). · ref
T1491.002 External Defacement TA0040
  • 2010-10-31 — Historical reporting on Moroccan hacktivism describes militant hacktivists and defacement-style online protest behaviors; used as historical pattern context for external defacement. INFERENCE (confidence: medium). · ref
  • 2015-02-12 — News report describes takeover of a Saudi government website by Moroccan hackers for political protest messaging; aligns with defacement/website compromise used for messaging. INFERENCE (confidence: medium). · ref
T1585.001 Social Media Accounts TA0042
  • 2024-02-18 — Operation Deface reporting describes Telegram-coordinated alliance where participants use group branding; INFERENCE (confidence: low): use of online accounts/handles as operational identity and recruitment signal. · ref
T1595.002 Vulnerability Scanning TA0043
  • 2024-02-18 — INFERENCE (confidence: low): defacement operations typically involve reconnaissance of vulnerable web applications/CMS endpoints; alliance reporting provides context but not technical telemetry. · ref
T1190 Exploit Public-Facing Application TA0001
  • 2015-02-12 — INFERENCE (confidence: low): website takeovers and defacements commonly leverage exploitation of public-facing apps or weak admin access; source provides incident context without technical vector details. · ref
T1566 Phishing TA0001
  • 2025-04-10 — AP reporting discusses a major Moroccan breach and Telegram leak with unclear attribution; included as regional context. INFERENCE (confidence: low): phishing/social-engineering is a common initial access vector in regional cyber campaigns, but not directly attributed to Anonymous Morocco. · ref
Strategic Intelligence
Limited preview
Last updated: 2026-02-18T18:28:43+00:00

Anonymous Moroccan — Moroccan-aligned hacktivist branding (DDoS/Defacement)

Classification: TLP: WHITE — Open Source Intelligence (OSINT)

Full strategic intelligence is available in Analyst and Premium plans.
Executive Analyst Brief for CISO
Saved Limited preview

Executive Analyst Brief for CISO — Anonymous Moroccan

Classification: Unclassified / Open Source Intelligence (OSINT) — TLP:WHITE

Upgrade to access the full executive brief.
Tip: Hover the section title to learn what’s included in Analyst / Premium plans.
Executive brief now
Saved successfully.
Hunting Playbook
Saved Limited preview

Hunting Playbook — Anonymous Moroccan (Hacktivism: DDoS/Defacement)

Priority: Medium–High during geopolitical flashpoints. Focus on availability, web integrity, and rapid verification of public claims.

Upgrade to access the full hunting playbook.
Tip: Hover the section title to learn what’s included in Analyst / Premium plans.
Hunting Playbook now
Saved successfully.
IOC Appendix
Saved Limited preview
Last updated: 2026-02-18T18:31:44+00:00

IOC Appendix — Anonymous Moroccan

Classification: Unclassified / Open Source Intelligence (OSINT) — TLP:WHITE

More IOC context for Research. Full appendix for Analyst and Premium plans.
IOC Appendix now
Saved successfully.
OSINT Library
Saved Limited preview
Last saved: 2026-02-18T18:31:56+00:00

OSINT Library — Anonymous Moroccan


2025-03-27 — Cyble — “Hacktivists Target France Over Diplomatic Moves”

Full OSINT references available for Research / Analyst.
OSINT Library now
Saved successfully.
Social Medial & Communication
SOCMINT integrated: 0/0
No social links registered for this profile.
Notes: preview mode hides sensitive social/contact details.
Reference Images/Associated Evidence Limited
No images found for this threat.