Algeria Under Siege: 70 Million Cyber Attacks and the New National Defense Framework

Algeria does not typically make headlines in global cybersecurity circles. But the numbers demand attention: in 2024, Algerian cybersecurity systems detected and blocked over 70 million cyber attacks, according to Kaspersky data — a figure that placed the country 17th globally among the most targeted nations. Among that total, Kaspersky reported blocking over 13 million phishing attempts and neutralizing nearly 750,000 malicious email attachments targeting Algerian users and organizations.

According to Positive Technologies research, published by the Cybersecurity Review, Algeria ranked as a top-three target for cyberattacks in Africa in 2024, alongside Nigeria and South Africa. South Africa attracted 25% of cybercriminal interest on the dark web, Nigeria 18%, and Algeria 13%. The distribution of attacks on government institutions reflects Algeria’s strategic profile: 17% of government-sector attacks in Africa targeted Algerian institutions.

The New Legal Architecture: Three Decrees in 30 Days

The most consequential development in Algerian cybersecurity is not any single attack but a legislative sprint at the end of 2025 and beginning of 2026 that fundamentally restructured the country’s defensive architecture.

Presidential Decree No. 25-321 (December 30, 2025) formally adopted the National Cybersecurity Strategy 2025–2029 — a five-year roadmap setting binding targets for the protection of public administrations and state digital infrastructures, incident response capabilities, and international cooperation frameworks.

Presidential Decree No. 25-320 (December 30, 2025) established a national data governance framework, introducing mandatory data classification, a national data catalog for public institutions, and secure interoperability standards between government systems — closing a loophole that had previously allowed agencies to operate siloed, unaudited data infrastructures.

Presidential Decree No. 26-07 (January 7, 2026) is the most operationally significant: published in the Official Gazette on January 21, it mandates that every public institution establish a dedicated cybersecurity unit, entirely separate from IT management functions, reporting directly to the head of the institution. These units must design and oversee cybersecurity policies, develop threat maps, deploy remediation plans, and coordinate with ANSSI on incident response. The decree also mandates compliance with personal data protection legislation and requires cybersecurity clauses in outsourcing contracts.

ANSSI and CNSSI: The Institutional Backbone

Algeria’s cybersecurity governance rests on two pillars established by Presidential Decree No. 20-05 of January 20, 2020, recently amended by Decree 25-298 (November 2025):

• CNSSI (Conseil National de Sécurité des Systèmes d’Information): The strategic policy body responsible for developing and adopting the national information systems security strategy, with strategic guidance approved by presidential decree.
• ANSSI (Agence Nationale de Sécurité des Systèmes d’Information): The operational technical agency that coordinates strategy implementation, manages DZ-CERT, conducts vulnerability assessments, and leads incident response.

DZ-CERT, operated by CERIST, serves as the national computer emergency response team — the first responder for significant cyber incidents, providing collection, analysis, and dissemination of threat intelligence to both public and private sector entities, with coordination links to international CERTs.

Sonatrach: The Crown Jewel Under Threat

Algeria’s greatest cybersecurity exposure sits in its energy sector. Sonatrach, the state oil and gas company that generated approximately $45 billion in export revenue in 2024 and funds a significant share of the national budget, represents a high-value target for organized cybercriminal groups.

In February 2025, threat intelligence firm Resecurity reported that the Belsen Group — which debuted on BreachForums in January 2025 by leaking 15,000+ FortiGate firewall credentials exploiting CVE-2022-40684 — had listed a North African energy sector network access for sale on the dark web at $20,000 USD, with Sonatrach identified as the likely target. While no breach has been confirmed, the listing demonstrates that organized criminal groups have established persistent reconnaissance against Algerian energy infrastructure.

This threat has global context: ransomware attacks on the oil and gas sector surged 935% year-over-year between April 2024 and April 2025, according to the Zscaler ThreatLabz Ransomware Report, making energy infrastructure the fastest-growing ransomware target worldwide.

Attack Vector Analysis: How Algeria Is Being Targeted

Based on DZ-CERT advisories and international threat intelligence reports, the predominant attack vectors targeting Algeria include:

Phishing and Business Email Compromise (BEC)

With over 13 million phishing attempts blocked in 2024 alone, phishing remains the dominant attack vector. Government ministries and state-owned enterprises have been targeted by tailored spear-phishing campaigns impersonating officials from partner institutions. Several incidents of BEC targeting Sonatrach’s procurement division — attempting to redirect supplier payments — have been reported by cybersecurity firms active in North Africa.

Ransomware

Algerian SMEs in the manufacturing and distribution sectors have been hit by ransomware campaigns using commodity malware families (LockBit 3.0, ALPHV/BlackCat). The absence of backup policies and business continuity planning in most Algerian SMEs means ransomware incidents typically result in either full payment or permanent data loss.

DDoS Attacks

Government websites, national banking platforms, and media outlets have experienced distributed denial-of-service attacks, predominantly during periods of regional political tension. The attacks are typically unsophisticated in technique but effective at disrupting services that lack adequate mitigation infrastructure.

Supply Chain Compromise

The most sophisticated documented threat category: attackers compromise software or IT service providers with access to multiple Algerian targets, then use this access for reconnaissance and lateral movement. This vector is particularly concerning given Algeria’s growing IT outsourcing sector and the interconnected nature of government IT systems now subject to Decree 25-320’s interoperability requirements.

What Companies Operating in Algeria Must Do Now

Presidential Decree 26-07 creates direct compliance obligations for any organization with a public-sector relationship in Algeria. Private companies in sectors classified as critical infrastructure — energy, telecommunications, banking, water — should anticipate that similar mandatory cybersecurity unit requirements will be extended to their sectors.

Practical steps for 2026:

1. Map your attack surface: conduct a full inventory of OT/IT convergence points, especially in energy and industrial operations
2. Appoint a dedicated CISO reporting at C-suite level — the model now legally required in public institutions will become the private sector standard
3. Establish an incident response plan coordinated with DZ-CERT
4. Review data residency obligations under Law No. 18-07 and the new Decree 25-320 data governance framework
5. Implement MFA across all remote access systems — the single highest-impact defensive measure against the phishing and credential theft vectors most commonly targeting Algerian organizations
6. Test ransomware resilience: tabletop exercises simulating a Sonatrach-style attack are the most realistic threat scenario for critical infrastructure operators
7. Register with DZ-CERT to receive threat advisories and vulnerability notifications

Algeria’s cybersecurity posture in 2026 is substantially stronger than it was even two years ago. But with 70 million attacks per year and rising — and organized threat groups actively targeting national infrastructure — the work is only beginning.