Morocco reportedly hit by Iranian malicious cyber attack

Iranian hacker group Lyceum has launched lately a cyber-attack against an internet service provider (ISP) in Morocco, according to the findings of Prevailion’s Adversarial Counterintelligence Team (PACT) and Accenture’s Cyber Threat (ACTI) group.

The attack, which was launched between July and October 2021, also targeted ISPs and telecommunication operators in Israel, Tunisia, and Saudi Arabia as well as a ministry of foreign affairs in Africa, said the PACT/ACTI computing security experts without disclosing the identities of the victims.

The Iranian cyber espionage threat group Lyceum (also known under the names HEXANE & Spirlin) used a backdoor to bypass detection by security software.

The new findings confirm previous ClearSky and Kaspersky research indicating a primary focus on computer network intrusion events aimed at telecommunications providers in the Middle East region.

Active since 2017, Lyceum targets organizations in sectors of strategic national importance, including oil and gas organizations and telecommunications providers.

According to ACTI/PACT team, Lyceum is likely to update its backdoors after the revelation of its cyber-attacks to stay ahead of defensive systems.

During the past years, Morocco has warned against the destabilizing threats posed by Iran and its proxies in North Africa and the Middle East.

In 2018, Rabat cut diplomatic ties with Tehran for providing military and financial support to the Algeria-backed Polisario armed militia through the Iranian embassy in Algiers via a Hezbollah operative.