Security researchers and digital rights organizations believe that the government of Azerbaijan used spyware developed by NSO Group to target a government worker, journalists, activists, and the Armenian human rights ombudsperson, as part of a year-long conflict that sometimes erupted into a full-scale war.
The cyberattacks may be the first public cases where commercial spyware has been used in the context of a war, according to Access Now, a digital rights group that has investigated some of the cases. The hacks took place between November 2021 and December 2022. The conflict between Armenia and Azerbaijan – known as the Nagorno-Karabakh conflict – has been going on for years, and it flared up again in May 2021, when the Azerbaijani soldiers crossed into Armenia and occupied parts. in its territory.
“While a number of infected individuals are also members of the Armenian opposition or otherwise critical of the current government, the infections occurred at critical times of the conflict in Nagorno Karabakh and a deep political crisis caused by the conflict, resulting in a significant. uncertainty about the future of the country’s leadership and its position in Karabakh,” Natalia Kariva, AccessNow’s tech legal counsel, told TechCrunch. “Some of the victims worked closely with or with [Armenia’s] Nikol Pashinyan and is directly involved in the negotiation or investigation of human rights abuses committed by Azerbaijan in the conflict.”
Azerbaijan’s embassy in Washington DC did not respond to a request for comment.
NSO Group did not respond to a request for comment.
Access Now is supported by Citizen Lab, another digital rights organization that specializes in investigating spyware, Amnesty International, CyberHUB-AM, an Armenian cybersecurity organization that helps civil society, and local cybersecurity researchers.
According to Access Now, the victims include Kristinne Grigoryan, Armenia’s leading human rights defender; Karlen Aslanyan and Astghik Bedevyan, two Radio Free Europe/Radio Liberty’s (RFE/RL) Armenian Service reporters; two unnamed United Nations officials; Anna Naghdalyan, former spokesperson of the Foreign Ministry of Armenia (now an NGO worker); as well as activists, media owners, and academics.
Samvel Farmanyan, the former co-founder and host of an Armenian opposition television station, told TechCrunch that the hack he suffered was “a form of terror.”
“Not only is this a clear violation of human rights, my rights to privacy and private communication, but it has [an] very big psychological impact,” he said in an online chat. “You feel hard when you’re sure you’re being illegally monitored without knowing which government to stand on and what the real purpose of behind the illegal intervention.”
Farmanyan, as well as other victims, realized they were victims of a hack when Apple sent them a notice that they may have been targeted by government spyware, as the company has done with many others. victims in other countries. They then approached Access Now, Citizen Lab, or Amnesty International to have their phones checked.
In the case of leading Armenian human rights defender Grigoryan, Access Now said his phone “was infected shortly after he shared his phone number with his Azerbaijani counterpart.”
Over the past few years, there have been countless cases of abuse of NSO surveillance tools in Mexico, Saudi Arabia, the Bahamas, and many other countries, but Access Now considers this a special case. .
“The provision of Pegasus spyware to either side in the context of a violent conflict carries a great risk that it may contribute to and facilitate serious violations of human rights and even war crimes,” letter to the news release organization.
There is no conclusive evidence that the government of Azerbaijan is behind these attacks, but a coalition of media organizations known as the Pegasus Project indicates that the country is one of NSO’s customers. However, Ruben Muradyan, a mobile security researcher who analyzed the phones of the five Armenian victims, said that some of them believed that the Armenian government was behind the hacks, because they were critical of the local government of the time.
The Armenian embassy in Washington DC did not respond to a request for comment.
In any case, it is unclear whether using spyware like Pegasus in the context of an armed conflict is a violation of international law, according to Anna Pagnacco, a cybersecurity policy researcher at Oxford Information Labs.
“International law is silent on the subject of peacetime espionage, which is widely criminalized at the national level; yet all states still conduct espionage. Intelligence activities carried out by members of the armed forces of a warring parties uniformed during an international armed conflict are legitimate — that is, spying is not a war crime,” Pagnacco told TechCrunch.
Do you have more information about NSO Group? Or another surveillance tech provider? We love hearing from you. You can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Wickr, Telegram and Wire @lorenzofb, or email lorenzo@techcrunch.com. You can also contact TechCrunch through SecureDrop.