Security researchers and digital rights organizations believe the government of Azerbaijan used spyware created by NSO Group to target a government employee, journalists, activists and the human rights ombudsman in Armenia, after a year-long conflict As part of which broke several times. all out war.
The cyberattacks may be the first public cases where commercial spyware was used in the context of war, according to Access Now, a digital rights group that investigated some of the cases. The hack happened between November 2021 and December 2022. The clash between Armenia and Azerbaijan – known as the Nagorno-Karabakh conflict – has been ongoing for years, and it flared up again in May 2021, when Azerbaijani troops entered Armenia and occupied parts of it. of the field.
“While many of the infected individuals are also members of the Armenian opposition or otherwise critical of the current government, the infection occurred at a critical time in the Nagorno-Karabakh conflict and the conflict has led to a deep political crisis, resulting in an important crisis over the future of the country’s leadership and Karabakh.” Uncertainty over its status,” Natalia Kareva, technical legal advisor at AccesNow told TechCrunch. “Some of the victims worked with or [Armenia’s] Nikol was directly involved in negotiating or investigating human rights abuses committed by Azerbaijan in Pashinyan’s administration and in the conflict.
The Azerbaijani Embassy in Washington DC did not respond to a request for comment.
NSO Group did not respond to a request for comment.
Access Now was assisted by Citizen Lab, another digital rights organisation, spyware, Amnesty International and local cyber security researchers.
According to Access Now, the victims include Kristin Grigoryan, the top human rights defender in Armenia; Karlen Aslanyan and Astghik Bedevyan, two Radio Free Europe/Radio Liberty (RFE/RL) Armenian Service journalists; two unnamed UN officials; former spokesman for the Ministry of Foreign Affairs of Armenia (now an NGO activist); As well as activists, media owners and academics.
Samvel Firmanian, a former co-founder and host of Opposition Television in Armenia, told TechCrunch that the hack he faced was “a form of terror.”
“Not only was this a clear violation of human rights, my rights to privacy and private communication, but it was [an] huge psychological impact,” he said in an online chat. “It’s hard to describe what you feel when you’re sure you’re under surveillance illegally, without any knowledge of what government might be standing behind and that What are the real motives behind the illegal interference.”
Farmanyan, as well as other victims, realized they were victims of a hack when Apple sent them a notification that they might be targeted with government spyware, as the company had done with many other victims in other countries. He then contacted Access Now, Citizen Lab or Amnesty International to get his phone checked.
In the case of Grigoryan, Armenia’s top human rights defender, Access Now said his phone was infected “shortly after he shared his phone number with his Azerbaijani counterpart.”
Over the years, there have been countless cases of misuse of NSO spying tools in Mexico, Saudi Arabia, Bahrain and many other countries, but Access Now considers this a special case.
“Providing Pegasus spyware to any party in the context of violent conflict poses a substantial risk of potentially contributing to and facilitating serious human rights violations and even war crimes,” the organization wrote in its press release.
There is no conclusive evidence that the government of Azerbaijan is behind these attacks, but a coalition of media organizations known as the Pegasus Project showed that the country is one of the NSO’s clients. Nevertheless, Ruben Muradyan, a mobile security researcher who analyzed the phones of five victims in Armenia, said that some of them believe that Armenia’s government may have been behind the hack, as they were part of the local government at the time. were criticizing.
The Armenian Embassy in Washington DC did not respond to a request for comment.
In any case, it is not clear whether the use of spyware such as Pegasus in the context of armed conflict is a violation of international law, according to Anna Pagnaco, a cybersecurity policy researcher at Oxford Information Labs.
“International law is silent on the subject of peacetime espionage, which is widely criminalized at the national level; Yet all states still spy. Intelligence activities conducted by members of a belligerent party’s armed forces in uniform during an international armed conflict are legitimate — that is, espionage is not a war crime, Pagnaco told TechCrunch.
Do you have more information about NSO Group? Or any other monitoring technology provider? We’d love to hear from you. You can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Wickr, Telegram and Wire @lorenzofb, or email lorenzo@techcrunch.com. You can also contact TechCrunch through SecureDrop.
