Morocco’s Marjane Group Hit by Stormous Ransomware Attack
Morocco’s largest retail company, Marjane Group, has been targeted in a ransomware attack by the threat actor group Stormous, which publicly claimed responsibility on November 6. The attack specifically disrupted marjane.ma, the company’s digital infrastructure, with the group threatening to leak stolen data unless contacted by a Marjane representative.
The incident coincides with a recent leadership transition at Marjane, where Mourad Alem replaced Ayoub Azami as president and CEO last month. Azami had led the company for a decade before moving to a new role within Al Mada, Marjane’s majority shareholder.
Stormous, first detected on Telegram in April 2021, gained prominence in February 2022 and has since aligned itself with Russia, even issuing threats against France following the Ukraine war. After a lull in late 2022, the group resurged in early 2023, claiming around 30 attacks between March 21 and April 3 alone.
Security researchers, including ZeroFox, have questioned the group’s credibility, noting that past claims often involved reposting already leaked data rather than verified breaches. Stormous operates under a double extortion model, encrypting systems while exfiltrating data. The group claims to avoid targeting critical infrastructure, such as hospitals, and excludes Russian entities from its operations—though it briefly claimed an attack on a U.S. hospital before retracting.
The attack on Marjane underscores the persistent threat posed by ransomware groups, particularly those with geopolitical motivations.
MARJANE GROUP cybersecurity rating report: https://www.rankiteo.com/company/marjane-group
"id": "MAR1767800307",
"linkid": "marjane-group",
"type": "Ransomware",
"date": "11/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'industry': 'Retail',
'location': 'Morocco',
'name': 'Marjane Group',
'size': 'Large',
'type': 'Retail'}],
'data_breach': {'data_encryption': True, 'data_exfiltration': True},
'date_detected': '2023-11-06',
'date_publicly_disclosed': '2023-11-06',
'description': 'Marjane Group, Morocco’s largest retail company, fell victim '
'to a ransomware attack by the threat actor group Stormous. '
'The attack targeted marjane.ma, with the group threatening to '
'publish stolen data unless contacted by a company '
'representative.',
'impact': {'brand_reputation_impact': True,
'data_compromised': True,
'systems_affected': 'marjane.ma digital infrastructure'},
'motivation': 'Financial gain, potential geopolitical alignment (pro-Russia)',
'ransomware': {'data_encryption': True,
'data_exfiltration': True,
'ransom_demanded': True},
'recommendations': 'Continuous monitoring for breached credentials, '
'conducting compromise assessments, validating backups, '
'applying threat intelligence, hardening employee '
'defenses, and engaging professional response teams before '
'initiating any dialogue with ransomware groups.',
'references': [{'date_accessed': '2023-11-06',
'source': 'Cybersecurity monitoring firms'}],
'threat_actor': 'Stormous',
'title': 'Ransomware Attack on Marjane Group',
'type': 'Ransomware'}