Mohammedia – As revealed in the “Microsoft Digital Defense Report 2025,” nation-state actors have intensified espionage activities across key sectors, including IT, telecommunications, government, research institutions, and NGOs. The countries that registered the highest level of observed nation-state activities include the UK, the US, and the UAE, which recorded hundreds of incidents.
This rise occurred alongside a sharp increase in credential theft, new social engineering methods like “ClickFix,” and the wider use of AI to scale intrusion and influence operations.
Across regions, the pattern is consistent. Taiwan, Korea, India, and Hong Kong SAR topped the list of targets, followed by the US, the UK, and then Poland. In the Middle East and Africa, targets were led by Israel, followed by the UAE, Saudi Arabia, Türkiye, and then Iraq.
Although actors pursued various objectives, from long-term intelligence gathering, data theft, and other related aspects, the general trend indicates a scenario where both state-sponsored actors and organized cybercrime rings are increasingly becoming more active and better coordinated.
The findings in the report are based on data collected during Microsoft’s fiscal year 2025, which spans from July 1, 2024, to June 30, 2025.
The position of Morocco within the regional scene
Within this broader context, Morocco’s position is interesting. Based on the data compiled by Microsoft’s report, there are 26 observed nation-state cyber incidents that the country faced during the review period.
This indicates that the level of cyber incidents that the Moroccan government faced is relatively low, but not the lowest within the group of countries targeted by organized, state-linked actors.
Though the report fails to indicate the specific groups or industries the cyber attacks targeted, it notes that the Chinese threat actors target companies such as IT service providers, telecommunication firms, and other organizations like NGOs and government bodies.
These patterns suggest that Morocco, like many of its neighbors, may be exposed to intelligence-driven campaigns seeking access to sensitive networks and information.
Additional information from Kaspersky’s report from earlier this year adds another layer to the picture. The company reports that the total number of web-based attacks attempted against Morocco during 2024 stood at a staggering 12.6 million attempts.
While from a different source, the implication of such a large volume of attacks cannot be ignored. Combined with Microsoft’s findings, it suggests that Morocco is navigating a two-tiered threat environment: large volumes of general web attacks alongside more targeted operations aimed at strategic access.
This mirrors wider trends across the Middle East and Africa, where countries face both mass automated attacks and quieter, more persistent probing by state-linked groups.
Defensive measures highlighted in the Microsoft Report
In response to these issues, the report provides various key actions that governments and organizations should take. A major recommendation is to focus on identity protection because attackers are increasingly using stolen credentials instead of the usual hacking methods.
Infostealer malware will result in ransomware attacks, data breaches, and even extortion if it propagates and is not addressed immediately.
The report also emphasizes the importance of enhancing cloud security due to the observed use of cloud infrastructures for controlling and data exfiltration activities by various threat actors, particularly Iranian groups.
Organizations are recommended to ensure cloud asset visibility and monitoring, improve cloud access security, and utilize AI-powered cloud security solutions.
Microsoft’s other recommendations include implementing phishing-resistant multifactor authentication, participation in intelligence-sharing initiatives, and preparation for the emerging cloud security regulations and risks of AI and quantum computing.
Though the number of notifiable incidents related to the nation-state within Morocco is currently lower than other prominent hotspots around the world, the degree of targeted engagement and the sheer numbers of attempted cyber attacks suggest a complex and potentially burgeoning threat environment.
The discovery of these trends and challenges by Microsoft is illustrative of the degree to which attackers are leveraging old technologies, a lack of identity management, and a scarcity of security resources—not challenges that are exclusive to the African nation.
The continued evolving nature of such attackers, whether through the use of AI-driven capabilities and cloud-borne attacks, will be key to understanding the environment that the nation faces.
Read Also: Over 75,000 Cyberattacks Target Morocco in Early 2025

Join on WhatsApp
Join on Telegram







