Marrakech – Cybersecurity experts report that Marjane Group, Morocco’s largest retail company, has fallen victim to a ransomware attack. The threat actor group Stormous publicly claimed responsibility for the cyberattack against Marjane’s digital infrastructure on November 6.
According to multiple security monitoring firms, the attack specifically targeted marjane.ma. The ransomware group posted a public threat stating, “The full leak will be published soon, unless a company representative contacts us via the channels provided.”
The timing of the attack is notable, coming just as Marjane Group undergoes an executive shake-up. Last month, Mourad Alem took over as president and CEO, replacing Ayoub Azami, who had led the company for ten years before moving to new responsibilities within Al Mada, Marjane’s reference shareholder.
Stormous has a well-documented record of high-profile cyberattacks. The group first appeared on Telegram in April 2021 but became truly active only in February 2022. Following the outbreak of the war in Ukraine, the group publicly positioned itself in support of Russia and even directly threatened France.
After a period of relative inactivity in late 2022, Stormous resurged in early 2023 with a dramatic increase in claimed victims. Between March 21 and April 3, 2023, the group claimed responsibility for approximately 30 cyberattacks.
Security researchers have previously expressed skepticism about Stormous’s claims. According to cybersecurity firm ZeroFox in February 2022, the group had typically “claimed successful ransomware deployments against victims whose data had already been leaked on dark web marketplaces,” and none of their intrusion claims had been verified at that time.
The group reportedly operates using the double extortion model, both stealing data and encrypting compromised systems with its own ransomware. A representative previously claimed they conduct operations daily, targeting organizations selected on a weekly basis.
Stormous allegedly avoids attacking “vital institutions such as hospitals or anything that could significantly impact people’s lives,” though they once claimed an attack on a US hospital before quickly retracting and apologizing. The group also maintains its policy of excluding Russian targets, continuing to back Moscow’s government.
For organizations facing similar threats, cybersecurity experts recommend continuous monitoring for breached credentials, conducting compromise assessments, validating backups, applying threat intelligence, hardening employee defenses, and engaging professional response teams before initiating any dialogue with ransomware groups.

Join on WhatsApp
Join on Telegram







