moroccan_black_cyber_army
Moroccan Black Cyber Army is a pro-Iran, anti-Israel hacktivist group operating from Morocco. The content identifies it as part of the Cyber Islamic Resistance (CIR) / Cyber Islamic Resistance Electronic Operations Room coalition and as one of the globally distributed pro-Iran groups active in the Middle East cyber ecosystem. Reported activity attributed to the group includes telecom-layer targeting and disruptive operations against Israeli entities. Specifically, it claimed a large-scale cyberattack against TCS Communications in Tel Aviv on March 1, 2026, alleging disruption of communication and server services; the content also describes this as targeting TCS Communications and disrupting communication services. Separately, the group claimed an attack on an Israeli gaming site and purported theft of sensitive Israeli documents during the Gaza conflict period. The broader reporting context characterizes the surrounding ecosystem as heavily driven by hacktivist operations, with DDoS and disruptive attacks common, but the content does not provide additional verified technical detail specific to Moroccan Black Cyber Army beyond these claims and coalition affiliation. Known alias in the content: moroccan_black_cyber_army.
Know when an actor pivots toward your sector
Mallory correlates actor tradecraft and target patterns against your stack, your sector, and your geography. See overlap before they land.
Targeting
Who, where, and (when attributed) which flag flies behind the operation. Pulled from open-source reporting and Mallory's analyst review.
Who they target
Sectors the actor has been observed targeting.
- Telecommunication Services
- Banks
Where they target
Geographies tied to known operations.
- 🇮🇱 Israel
Where they're from
Attributed origin per open-source reporting.
- MA
Tradecraft
2 distinct techniques observed across reporting, grouped by tactic. Hover any cell for the evidence excerpt; click through for MITRE's full description.
Recent activity
4 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.
Hacktivist group within the CIR coalition focused on telecom-sector disruption against Israeli communications targets.
Moroccan hacktivist actor conducting DDoS and defacement-style operations against Israeli telecom and banking targets, often using exaggerated compromise language.
Pro-Iran hacktivist group operating from Morocco as part of Iran’s globalized recruitment ecosystem.
Moroccan Black Cyber Army is a hacktivist group targeting Israeli organizations for data theft and leaks.
The version that knows your environment.
Match sector + geo + tech-stack targeting against your real footprint.
Every observed MITRE ATT&CK technique, grouped by tactic.
Families this actor is known to deploy, with IOCs and behavior.
CVEs this actor has used in known campaigns.
YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.
Domains, IPs, and hashes tied to this actor, refreshed continuously.