Ransomware victim disclosure
← All victimsInstitut Royal des Études Stratégiques
listed as ires.ma · Claimed by Apt73 · listed 3 months ago
Status timeline
- ListedApr 27, 2026
- Data leakeddate unknown
At a glance
About the victim
AI dossier — public-source company profileL'Institut Royal des Études Stratégiques (IRES) is a state-owned strategic analysis center in Morocco, operating under the authority of the King. Its mission is to conduct strategic studies and analyses on national and international issues, covering domestic structural questions, Morocco's foreign relations, and global strategic topics to inform high-level government decision-making.
- Industry
- Government Strategic Research & Policy Analysis
- Address
- Rabat, Morocco
Attack summary
Severity: critical — IRES is a state-owned institution directly serving the Moroccan monarchy with strategic and national security analysis. Data exfiltration from such an entity likely involves sensitive government policy, intelligence assessments, and strategic reports, constituting a critical national-security-level breach with confirmed data publication.APT73 claims to have attacked IRES and has published data (disclosed status: data_published), asserting access to internal data of this Moroccan royal state-owned analytical institution. No ransom amount or specific data volume was stated.
Data the group says was taken
AI dossier — extracted from the leak post- Internal government strategic analyses
- Policy research documents
- Organizational data
- Potentially classified national/international strategic reports
What the group claims
Institut Royal des Études Stratégiques is a state—owned analytical center in Morocco, which i...
Sources
Source
Indexed 3 months agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

