Security researchers and digital rights organizations believe the Azerbaijani government used NSO Group spyware to target a government worker, journalists, activists, and Armenia’s human rights ombudsperson as part of a years-long conflict that has sometimes escalated into war.
Access Now, a digital rights group that investigated some of the cyberattacks, believes they may be the first public cases of commercial spyware being used in war. Hacks occurred between November 2021 and December 2022. The Nagorno-Karabakh conflict between Armenia and Azerbaijan flared up again in May 2021 when Azerbaijani soldiers invaded Armenia and occupied parts of its territory.
Natalia Kariva, AccessNow’s tech legal counsel, told , “While a number of infected individuals are also members of the Armenian opposition or are otherwise critical of the current government, the infections took place at critical times in the Nagorno Karabakh conflict and a deep political crisis caused by the conflict, which resulted in a significant uncertainty over the future of the country’s leadership and its position on Karabakh.” “Some of the victims worked closely in or with [Armenia’s] Nikol Pashinyan’s administration and were directly involved in the negotiations or investigation of human rights abuses committed by Azerbaijan in the conflict.”
Azerbaijan’s embassy in Washington D.C. did not comment.
Requests for comment from NSO Group were not answered.
Citizen Lab, another spyware-focused digital rights organization, Amnesty International, CyberHUB-AM, an Armenian civil society cybersecurity organization, and local cybersecurity researchers assisted Access Now.
Kristinne Grigoryan, Armenia’s top human rights defender; Karlen Aslanyan and Astghik Bedevyan, two Radio Free Europe/Radio Liberty (RFE/RL) Armenian Service journalists; two unnamed United Nations officials; Anna Naghdalyan, a former Foreign Ministry spokesperson (now an NGO worker); activists, media owners, and academics were among the victims, according to Access Now.
Samvel Farmanyan, the former co-founder and host of an Armenian opposition television station, told that the hack was “terror.”
He said in an online chat that it violated his human rights, privacy, and private communication. “It is difficult what you feel when you are sure that you are illegally under surveillance with no knowledge which government may stand behind and what the real purposes are.”
Apple notified Farmanyan and other victims of a hack that they may have been targeted by government spyware, as it did with several other victims in other countries. They checked their phones with Access Now, Citizen Lab, or Amnesty International.
Access Now reported that Grigoryan, Armenia’s top human rights defender, “was infected not long after she shared her phone number with her Azerbaijani counterpart.”
This case is unique, according to Access Now, because NSO spying tools have been abused in Mexico, Saudi Arabia, Bahain, and other countries for years.
In its press release, the organization stated that providing Pegasus spyware to either side in a violent conflict risks contributing to and facilitating serious human rights violations and even war crimes.
The Pegasus Project, a coalition of media organizations, found that Azerbaijan is one of NSO’s customers. However, Ruben Muradyan, a mobile security researcher who analyzed the phones of five Armenian victims, said that some of them believe the Armenian government was behind the hacks because they were critical of it at the time.
Washington’s Armenian embassy declined to comment.
According to Oxford Information Labs cybersecurity policy researcher Anna Pagnacco, it’s unclear whether using spyware like Pegasus in an armed conflict violates international law.
“International law is silent on peacetime espionage, which is broadly criminalized at the national level, yet all states conduct it. “Spying by uniformed members of a belligerent party’s armed forces during international armed conflict is legitimate,” Pagnacco said.