Around twelve individuals were discovered as victims of Pegasus hacking during 2021 conflicts in the area
The initial recorded instance of NSO Group’s spyware employed in a military conflict has been documented by researchers. Their findings reveal that journalists, human rights advocates, a United Nations official, and members of civil society in Armenia fell victim to government-sponsored hacking utilizing the spyware. This extensive hacking campaign, spanning from October 2020 to December 2022, demonstrates a strong correlation with the ongoing military dispute between Armenia and Azerbaijan concerning the disputed Nagorno-Karabakh region.
This development carries considerable importance as the utilization of Pegasus, a potent spyware capable of infiltrating and manipulating any mobile device, has never been recorded in the context of a military conflict.
In response to the recent report by Access Now and other entities, an NSO spokesperson declined to provide a comment, stating that the report had not been shared with the company.
Furthermore, the spokesperson highlighted that previous inquiries into accusations of “inappropriate utilization of our technologies” by clients had led to the termination of several contracts.
The inquiry was undertaken by a collective of researchers from Access Now, CyberHUB-AM, the Citizen Lab at the Munk School of Global Affairs (University of Toronto), Amnesty International’s Security Lab, and Ruben Muradyan, an independent mobile security researcher.
The targeting of individuals in Armenia came to light in November 2021, following a series of border clashes between Armenia and Azerbaijan that resulted in the loss of at least 200 lives, marking the most significant escalation of violence since the Nagorno-Karabakh conflict in 2020.
Apple initiated the process of notifying mobile phone users who were believed to have been targeted by state-sponsored spyware. One of the victims, Anna Naghdalyan, a former spokesperson for the Armenian foreign ministry, encountered 27 separate hacking incidents between October 2020 and July 2021, while she was still serving in her spokesperson role.
This raises significant concerns regarding the security of international organizations, journalists, humanitarians, and other individuals operating in conflict zones. It should also serve as a warning to foreign governments whose diplomatic services have been involved in the conflict,” commented John Scott-Railton, a senior researcher at the Citizen Lab, highlighting the broader implications of the hacking incidents.
Among the victims, Karlen Aslanyan, a journalist from Radio Azatutyun, was targeted while reporting on the Armenian political crisis that ensued after Armenia’s defeat in the 2020 conflict. Notably, one of the guests on Aslanyan’s prominent Armenian show, Kristinne Grigoryan, was hacked approximately one month after her appearance on the program. Astghik Bedevyan, another journalist closely covering the conflict, also fell victim to hacking in May 2021. The report identifies several additional journalists, professors, and human rights defenders whose work revolved around the military conflict.
Additional evidence suggests Azerbaijan’s involvement as an NSO customer, as highlighted by the Citizen Lab’s discoveries of Pegasus one-click infections connected to infrastructure posing as Azerbaijani political websites. Amnesty Tech’s research also identifies Azerbaijan-related domains, further indicating Azerbaijan as a probable Pegasus customer.
Requests for comments from the Armenian and Azerbaijani embassies in the United States have not received an immediate response.
NSO has stated that it investigates credible reports of misuse of its spyware by government clients. In 2021, the Biden administration blacklisted NSO Group after the commerce department determined that the company had supplied its technology to foreign governments, who subsequently exploited it to target government officials, journalists, businesspersons, activists, and embassy workers maliciously.
