{ "id": "14d1831d-da0e-4c8d-8e78-a955f882a868", "created_at": "2026-04-06T00:08:55.24753Z", "updated_at": "2026-04-10T13:12:29.726747Z", "deleted_at": null, "sha1_hash": "4c9485393bdc558e107119d0b16bf8b5be09f756", "title": "Algeria’s Ministry of Pharmaceutical Industry Data Leaked in Retaliatory Cyberattack - Cybersecurity88", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 190005, "plain_text": "Algeria’s Ministry of Pharmaceutical Industry Data Leaked in\r\nRetaliatory Cyberattack - Cybersecurity88\r\nBy Chetna Sehgal\r\nPublished: 2025-04-12 · Archived: 2026-04-05 13:00:18 UTC\r\nToday, we identified a new data breach involving the Algerian Ministry of Pharmaceutical Industry, with\r\nthreat actor MORH4x listing 34.4GB of internal data for sale on breach forums. The actor claims the breach\r\nincludes extensive documentation related to Algeria’s pharmaceutical imports, personnel, inventory management,\r\nand psychotropic drug control.\r\nThe actor explicitly framed the breach as retaliation for the April 8 CNSS breach in Morocco, making this the\r\nlatest move in a growing cycle of cyber escalation between Algeria and Morocco-while also aiming to expose the\r\nflow of medical imports into Algeria, identify which companies are profiting, and reveal how psychotropic\r\nmedications are being distributed.\r\nContext \u0026 Attribution\r\nThis breach is the third major incident in an escalating pattern of cyber activity involving Algerian and Moroccan\r\nentities as previously reported by us,\r\nApril 8, 2025: Threat actor Jabaroot leaked extensive records from Morocco’s CNSS, exposing data of\r\nnearly 2 million employees and over 499,000 companies.\r\nApril 9, 2025: Threat actor Phantom Altars released 13GB of internal files from Algeria’s MGPTT,\r\nreportedly in retaliation for the CNSS breach.\r\nApril 10, 2025: MORH4x now targets the Algerian Ministry of Pharmaceutical Industry, citing the same\r\nmotivation.\r\nThis series of events suggests a coordinated or ideologically-driven campaign of reciprocal cyberattacks,\r\nreflecting growing tensions between the two countries. Attribution remains uncertain, but indicators suggest\r\nhttps://cybersecurity88.com/news/algerias-ministry-of-pharmaceutical-industry-data-leaked-in-retaliatory-cyberattack/\r\nPage 1 of 2\n\ngeopolitical motivations.\r\nRelated Reading: Algeria’s MGPTT Data Listed for Sale After CNSS Breach\r\nThe Listed Data\r\nAccording to the listing, the leaked data spans from 2019 to 2025 and includes sensitive information across\r\nmultiple areas of Algeria’s pharmaceutical supply chain. The dataset includes:\r\n3,368 folders: Monthly records of imported medical devices and drugs (État mensuel des importations des\r\ndispositifs médicaux)\r\nInvoices and customs declarations: Product types, quantities, countries of origin, pricing, and importer\r\ndetails.\r\n2,163 folders: Files on commercial registers of pharmaceutical import firms.\r\n804 folders: Personnel data of company managers and technical directors, including criminal records,\r\nlicenses, and ministry approval letters\r\n64 folders: Declarations of discrepancies in psychotropic drug inventories\r\n1,754 folders: Inventory declarations submitted by pharmaceutical distributors\r\nDrug stock reports, distribution lists for psychotropic substances, and official authorization documents\r\nAdditional files include internal notes on supply priorities by Wilaya (province), employee names and contacts\r\nfrom both ministry staff and private pharmaceutical companies, and folders labeled Inventaire, Autorisation\r\npsychotrope, and Déclaration des écarts.\r\nNote: While the threat actor also posted various documents as samples to validate the breach, we do not find it\r\nappropriate to share or republish those materials due to the sensitivity of the information involved. We also cannot\r\nindependently verify the authenticity of the breach at this time.\r\nConclusion\r\nThis breach is the third major cyber event in what now appears to be a tit-for-tat campaign between threat actors\r\noperating in or aligned with Algeria and Morocco — a sequence we’ve actively reported on. These incidents\r\nhighlight how cyberwarfare has become an extension of traditional geopolitical struggles, with political\r\naspirations now fought on the digital front. As a result, the privacy of ordinary citizens is increasingly at risk, with\r\nsensitive personal data being exposed in the crossfire of these digital battles.\r\nSource: https://cybersecurity88.com/news/algerias-ministry-of-pharmaceutical-industry-data-leaked-in-retaliatory-cyberattack/\r\nhttps://cybersecurity88.com/news/algerias-ministry-of-pharmaceutical-industry-data-leaked-in-retaliatory-cyberattack/\r\nPage 2 of 2", "extraction_quality": 1, "language": "EN", "sources": [ "Malpedia", "MISPGALAXY" ], "origins": [ "web" ], "references": [ "https://cybersecurity88.com/news/algerias-ministry-of-pharmaceutical-industry-data-leaked-in-retaliatory-cyberattack/" ], "report_names": [ "algerias-ministry-of-pharmaceutical-industry-data-leaked-in-retaliatory-cyberattack" ], "threat_actors": [ { "id": "98b2ddb2-12ba-435b-b2f7-9f10865a0313", "created_at": "2025-05-29T02:00:03.219128Z", "updated_at": "2026-04-10T02:00:03.870939Z", "deleted_at": null, "main_name": "MORH4x", "aliases": [], "source_name": "MISPGALAXY:MORH4x", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "8d1b9519-4634-40b9-94a4-96183539090c", "created_at": "2025-05-29T02:00:03.192356Z", "updated_at": "2026-04-10T02:00:03.849442Z", "deleted_at": null, "main_name": "Jabaroot", "aliases": [ "Jabaroot DZ" ], "source_name": "MISPGALAXY:Jabaroot", "tools": [], "source_id": "MISPGALAXY", "reports": null } ], "ts_created_at": 1775434135, "ts_updated_at": 1775826749, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/4c9485393bdc558e107119d0b16bf8b5be09f756.pdf", "text": "https://archive.orkl.eu/4c9485393bdc558e107119d0b16bf8b5be09f756.txt", "img": "https://archive.orkl.eu/4c9485393bdc558e107119d0b16bf8b5be09f756.jpg" } }