Kasablanka: The Emerging North African Cyber Threat Actor

Kasablanka is an emerging North African cyber threat actor active since 2021 that has matured from hacktivist website defacements into a hybrid APT conducting targeted phishing, credential theft, and espionage against governments, energy, and media organizations; the report outlines its TTPs (spearphishing, watering holes, cloud token theft, persistence via RATs), observed operations from 2021–2025, use of cloud-based C2/exfiltration (Dropbox, Google Drive, Telegram), and defensive recommendations.