A report issued by “Unit 42” of the American company Palo Alto Networks, which specializes in cybersecurity, stated that a hacking group linked to the Palestinian movement Hamas, known as Ashen Lepus, has attempted to infiltrate several governmental and diplomatic institutions in Morocco. This was done by using documents infected with malware.
The report, published by The Record on Friday, December 12, indicated that the company attributed this group to Hamas based on years of monitoring and analyzing its activities. This analysis showed a clear alignment with the strategic interests of the movement.
The report noted that the group’s recent activities relied on a new malware called AshTag, which enables them to steal sensitive information from important entities in the Middle East. Since 2020, Ashen Lepus has shown a remarkable development in its skills, including the use of infrastructure obfuscation techniques and new tools to complicate cyber infiltration operations.
The infected documents often relate to Turkey’s involvement with Palestinian entities. In the recent campaign, Morocco was specifically targeted via documents bearing titles related to Moroccan-Turkish partnerships and Turkish defense initiatives. This suggests that Moroccan entities may be within the new interest scope of this group.
Attacks typically begin with a fake PDF file that prompts the victim to download a RAR archive containing the malware. After gaining access to the victims’ systems, hackers in some cases manually steal data, including diplomatic files and sensitive correspondence.
The report confirmed that Ashen Lepus’s activities continue even after the ceasefire in Gaza in October 2025, unlike other groups linked to Hamas that experienced a noticeable decline in their activity. It also pointed out that the group has enhanced its operational security measures to ensure the continuation of information gathering without exposure.
Previous analyses have shown that this group has been associated with other names in the cybersecurity field, such as WIRTE. It has also been linked to major hacking groups like Gaza Cybergang and Molerats. Meanwhile, another group connected to Hamas named SysJoker has targeted Israeli educational institutions.
Follow Tangier7 on GOOGLE NEWS and Facebook. And on the platform Instagram. In addition to the platform X and Nabd App.
