Chop
At least a dozen victims were found to have been hacked by Pegasus during clashes in the region in 2021
Researchers have documented the first known case of NSO Group spyware being used in a military conflict after discovering that journalists, human rights activists, a United Nations official and members of civil society in Armenia were being hacked by a government using the spyware .
The hacking campaign, which targeted at least a dozen victims from October 2020 to December 2022, appears to be closely linked to events in the long-running military conflict between Armenia and Azerbaijan over the contested Nagorno-Karabakh region.
Previous investigations into spyware abuses by NSO Group customers have already revealed – with “considerable evidence” according to researchers – that Azerbaijan is a state-owned customer of NSO Group.
Microsoft says China-backed hackers have targeted critical infrastructure in the US and Guam
The news is significant because the use of Pegasus, a military spyware capable of hacking into any phone and controlling it remotely, has never been documented in a military conflict.
An NSO spokesman said the company could not comment on the new report from Access Now and others because it had not been shared with NSO.
Previous investigations into allegations of “improper use of our technologies” by customers had resulted in the termination of several contracts, it said.
The research was conducted by researchers from Access Now, CyberHUB-AM, the Citizen Lab at the University of Toronto’s Munk School of Global Affairs, Amnesty International’s Security Lab, and Ruben Muradyan, an independent mobile security researcher.
The hacking of Armenian residents was first discovered in November 2021, two months after a series of clashes along the Armenian-Azerbaijani border claimed at least 200 lives in the worst escalation in violence since the 2020 Nagorno-Karabakh war.
Apple began sending notifications to cellphone users who they believed were victims of government-sponsored spyware. Anna Naghdalyan, a former spokeswoman for the Armenian Foreign Ministry, was hacked at least 27 times between October 2020 and July 2021, when she was still the ministry’s spokeswoman.
Researchers said the timing of the attacks put them “straight into the most sensitive talks and negotiations related to the Nagorno-Karabakh crisis,” including attempts at ceasefire mediation by France, Russia and the US, and official visits to Moscow and Karabakh.
Naghdalyan told Access Now she had “all the information about developments during the war.” [her] phone” at the time of her hacking and that she now feels that there is no way for her to feel completely safe.
“Even if your phone has the most secure system, you can’t be sure,” she said.
Experts said the development highlights the danger that spyware is being used to fuel geopolitical fires.
“This raises important security questions for international organizations, journalists, humanitarian workers and others working in the conflict area. It should also send chills down the spine of any foreign government whose diplomatic service is involved in the conflict,” said John Scott-Railton, a senior researcher at Citizen Lab.
Other victims include Karlen Aslanyan, a journalist with Radio Azatutyun who covered the political crisis in Armenia that erupted after Armenia’s defeat in the 2020 conflict. At least one guest on Aslanyan’s popular Armenian show – Kristinne Grigoryan – was hacked a month after appearing on the show. Another journalist, Astghik Bedevyan, who covered the conflict extensively, was also hacked in May 2021. The report lists several other journalists, professors and human rights defenders whose work has focused on the military conflict.
Access Now said five of the 12 people hacked asked to remain anonymous, but included one UN official who didn’t have UN approval to come forward.
Access Now and its partners said they believe the hack was carried out by a customer of NSO Group, although the data could not be positively linked to a specific customer.
They added that given the people’s work in the conflict, it’s possible that the Armenian government was also interested in hacking the people, but said there was no other evidence Armenia was ever a Pegasus user may be. In fact, the country is believed to be using another spyware product called Predator, developed by Cytrox, a business competitor of NSO.
Other evidence suggests that Azerbaijan is an NSO client, including Citizen Lab findings that some Pegasus One-Click infections were related to infrastructure disguised as Azerbaijani political websites. Amnesty Tech’s research has also identified domains linked to Azerbaijan that point to Azerbaijan as a likely Pegasus customer.
The embassies of Armenia and Azerbaijan did not immediately respond to a request for comment.
NSO has stated that it is investigating credible reports of its spyware being misused by government customers. NSO Group was blacklisted by the Biden administration in 2021 after the Commerce Department said it had found the company had supplied its technology to foreign governments, who used it for malicious attacks on government officials, journalists, businesspeople, Activists and embassy staff took advantage.
{{#Ticker}}
{{top left}}
{{bottom left}}
{{top right}}
{{bottom right}}
{{#goalExceededMarkerPercentage}}{{/goalExceededMarkerPercentage}}{{/ticker}}
{{Headline}}
{{#paragraphs}}
{{.}}
{{/paragraphs}}{{highlightedText}}
{{#choiceCards}}{{/choiceCards}}We will contact you to remind you to contribute. Look out for a message in your inbox. If you have any questions about contributing, please contact us.