During skirmishes in the region in 2021, at least a dozen victims were found to have been hacked by Pegasus
Researchers have documented the first known case of NSO Group spyware being used in a military conflict after discovering that journalists, human rights lawyers, a United Nations official and members of civil society in Armenia were hacked by a government using the spyware .
The hacking campaign, which targeted at least a dozen victims from October 2020 to December 2022, appears to be closely linked to events in the long-running military conflict between Armenia and Azerbaijan over the disputed region of Nagorno-Karabakh.
Previous investigations into spyware abuse by NSO Group customers have already shown — with “substantial evidence,” researchers said — that Azerbaijan is a government customer of NSO Group.
The news is important because the use of Pegasus, military-grade spyware that can hack into and remotely control any phone, has never been documented in a military conflict.
An NSO spokesperson said the company could not comment on the new report from Access Now and others because it was not shared with NSO.
It said previous investigations into allegations of “improper use of our technologies” by customers resulted in the termination of several contracts.
The research was conducted by researchers from Access Now, CyberHUB-AM, the Citizen Lab at the Munk School of Global Affairs at the University of Toronto, Amnesty International’s Security Lab and Ruben Muradyan, an independent mobile security researcher.
The hacking of the Armenia-based individuals was first discovered in November 2021, two months after a series of clashes along the Armenia-Azerbaijan border claimed at least 200 lives in the most serious escalation of violence since the 2020 Nagorno-Karabakh war.
Apple began sending notifications to cell phone users they believed were being targeted by state-sponsored spyware. Anna Naghdalyan, a former spokesman for the Armenian Ministry of Foreign Affairs, was hacked at least 27 times between October 2020 and July 2021, during a time when she was still serving as spokesperson for the ministry.
Investigators said the timing of the attacks placed her “frankly in the most sensitive of talks and negotiations related to the Nagorno-Karabakh crisis,” including France, Russia and the US’s mediation efforts for a ceasefire and official visits. to Moscow and Karabakh.
Naghdalyan told Access Now that she “had all the information about the developments during the war on (her) phone” at the time of her hacking, and that she now feels she cannot feel completely safe.
“Even if you have the most secure system on your phone, you can’t be safe,” she said.
Experts said the development showed the risks of using spyware to fuel geopolitical fires.
“This raises important questions about the safety of international organizations, journalists, humanitarian workers and others working on conflict. It should also send a chill to any foreign government whose diplomatic service is involved in the conflict,” said John Scott-Railton, a senior researcher at the Citizen Lab.
Other victims include Karlen Aslanyan, a Radio Azatutyun journalist who covered the Armenian political crisis that erupted after Armenia’s defeat in the 2020 conflict. At least one guest on Aslanyan’s popular Armenian show – Kristinne Grigoryan – became a month after she appeared on the program. Another journalist, Astghik Bedevyan, who kept a close eye on the conflict, was also hacked in May 2021. The report lists several other journalists, professors and human rights defenders whose work focused on the military conflict.
Access Now said five of the 12 people hacked chose to remain anonymous, but among them is a UN representative who does not have UN clearance to come forward.
Access Now and its partners said they believe the hacking was done by an NSO Group customer, although the data cannot be conclusively linked to a specific customer.
They added that given the individuals’ work on the conflict, it is possible that the government of Armenia was also interested in hacking the individuals, but said there is no other evidence to suggest that Armenia ever had a Pegasus user has been. The country is believed to be a user of another spyware product called Predator, made by Cytrox, a business rival of NSO.
Other evidence points to Azerbaijan being an NSO client, including Citizen Lab findings that some Pegasus one-click infections were linked to infrastructure masquerading as Azerbaijani political websites. Amnesty Tech’s research has also identified Azerbaijan-linked domains that point to Azerbaijan as a likely Pegasus customer.
The embassies of Armenia and Azerbaijan did not immediately respond to a request for comment.
NSO has said it is investigating credible reports of spyware abuse by government customers. NSO Group was blacklisted by the Biden administration in 2021 after the Commerce Department discovered that the company had supplied its technology to foreign governments who used it to maliciously target government officials, journalists, businessmen, activists and embassy personnel.
{{top left}}
{{bottom left side}}
{{top right}}
{{bottom right}}
{{/ticker}}
{{headline}}
{{#paragraphs}}
{{.}}
{{/paragraphs}}{{highlightedText}}
{{#choiceCards}}{{/choiceCards}}