Critical Cyber Breach in Tunisia: Government Systems and Banks Hacked, Confidential Data for Sale

A coordinated cyberattack led by Moroccan hacker Jokeir 07x and groups Dark Hell 07x and Dr. Shell 08x compromises key Tunisian institutions, exposing government systems, banking infrastructure, and personal data to global exploitation.

Tunis, July 2025 — In an alarming escalation of cyber threats across North Africa, Tunisia has become the latest victim of a highly organized and devastating cyberattack. Orchestrated by Moroccan threat actor Jokeir 07x, in partnership with the groups Dark Hell 07x and Dr. Shell 08x, the operation has compromised critical national infrastructure—from government domains to private financial institutions.

“This is not just a defacement campaign—it’s full infrastructure penetration,” declared Jokeir 07x on Telegram.

The targets include the Ministry of Finance, Bank of Tunisia, BTK, and the Tunisian Academy of Banking and Finance, among others. The attackers claim full access to internal systems, including emails, financial records, developer platforms, and sensitive citizen data.

🏛️ Government Domain Breached: Ministry of Finance

The domain finances.gov.tn was infiltrated through 16 high-risk subdomains such as auth., gitlab.intra., mail., and login-tej. According to hacker statements, these allowed access to:

• Internal recruitment systems
• Budgetary information
• Developer repositories
• Administrative emails

This level of penetration indicates control over Tunisia’s digital authentication infrastructure and DevOps environment, raising severe concerns for national cybersecurity.

🏦 Banking Sector Compromised and Data Sold

Several banks were also impacted:

• Bank of Tunisia (bt.com.tn):
  • Full customer database allegedly available for $4,000
  • Individual bank accounts offered at $100
  • 5-account bundles sold for $450
• BTK Bank (btknet.com) and Academy of Banking and Finance (abf.tn) also suffered complete breaches, including control over the sites and underlying systems.

The incident signals not just a data breach but the active commercialization of sensitive financial information on the dark web.

🔍 Technical Breakdown: How It Happened

Cybersecurity analysts have pointed to multiple failure points within Tunisia’s digital infrastructure:

• Web Application Vulnerabilities:
  • SQL Injection
  • File Upload flaws
  • XSS
  • Remote File Inclusion (RFI)
• SSO and Mail System Exploitation:
  • Session hijacking likely
  • Weak session/cookie management
• GitLab Exposure:
  • Unauthorized access to internal GitLab revealed API tokens, credentials, and system architecture
• Lack of Security Infrastructure:
  • No evidence of WAF, IDS, or SIEM defense
  • No active monitoring or response systems
• Inadequate Data Protection:
  • Absence of encryption, data masking, or tokenization
  • Entire banking datasets available in plain text

⚠️ The Fallout: Trust, Security, and Reputation

This attack lays bare the vulnerabilities in Tunisia’s cyber defenses, damaging public trust in both government institutions and the banking sector. The country’s financial and administrative data has now surfaced on international black markets, with potential long-term repercussions for national security and economic stability.

💡 Urgent Recommendations for Recovery and Reform

Cybersecurity professionals are urging Tunisia to immediately:

• Establish internal SOC (Security Operations Centers)
• Mandate routine penetration testing
• Enforce multi-factor authentication (MFA)
• Implement end-to-end data encryption
• Audit and secure GitLab instances
• Conduct staff training on social engineering threats
• Deploy real-time code and data monitoring

“Being hacked is not the shame—failing to learn from it is,” noted a Tunisian cybersecurity analyst. “The future belongs to those who invest in digital resilience, not legacy infrastructure.”