Today, we identified that a threat actor known as Phantom Atlas has listed more than 13GB of internal data from Algeria’s state-run MGPTT (Post & Telecom) for sale on breachforums. The listed material reportedly includes personal data, confidential documents, strategic records, and full databases tied to the organization.
In addition to MGPTT, Phantom Atlas also claims to have accessed sensitive files belonging to Algeria’s Ministry of Labor, stating an intent to expose what they describe as structural inefficiencies and mismanagement.
Cross-Border CyberWar
The threat actor Phantom Atlas also claims this cyberattack is a direct response to the data breach involving Morocco’s CNSS (National Social Security Fund), which we reported on April 8.
🚨 Data Breach Alert 🚨
A threat actor “jabaroot” on BreachForums claims to have leaked data from CNSS (Morocco’s National Social Security Fund). #databreach #Morocco pic.twitter.com/vUgk5hSSsQ— CyberSecurity88 (@CSec88) April 8, 2025
In that breach, a threat actor named Jabaroot leaked a large volume of data in Breachforums for free including:
- A CSV containing details of 499,881 companies, including bank information and contact details
- 53,574 PDF files listing company employees and their declared salaries
- Personal information of 1,996,026 employees, including various PII elements
The CNSS leak was one of the most extensive breaches seen in the region, and while Moroccan authorities have not fully acknowledged the scale of the breach, the release by Phantom Altas appears to signal an escalation in cyber retaliation between the two countries. However, the authenticity of the both the claims cannot be verified by us.
At this stage, Jabaroot is widely suspected to be based in Algeria, though the actor has not shared a clear motivation or any direct message with the data release. On the other hand, Phantom Altas is believed to be from Morocco, although information about their background remains limited.
Conclusion
This exchange of cyberattacks highlights the increasingly active role of digital operations in regional rivalries, drawing comparisons to patterns seen in other global conflicts such as Ukraine–Russia and Israel–Palestine, where cyber activities run in parallel to political and military tensions.
Follow us on X and Linkedin for the latest cybersecurity news
