Numerous Official and Confidential Documents Have Fallen Into Azerbaijan's Hands - Samvel Martirosyan

We present an excerpt from Samvel Martirosyan's article titled “Cyber Attacks in Armenia in the Second Half of 2020.” 2020 was arguably the most challenging year for Armenia in terms of cyber threats. In the first half of the year, the main issues were related to the coronavirus quarantine, as a large number of individuals with little online experience were forced to use the internet, which activated cybercriminals. The second half of the year was influenced by two major events: the Artsakh War and the July events in Tavush. There was a noticeable increase in hacking activity during both events.

Artsakh War

In this case, the quantity and quality of attacks indicated that supporting forces were also involved on the Azerbaijani side. These may have included Turkish hacker groups as well as mercenary hacker units. From the very first day of the war, on September 27, hackers succeeded in changing the DNS queries of nearly 90 websites, redirecting them to propaganda pages. In fact, a single Cloudflare account that was linked to all those websites was compromised, and all visitors were redirected to another location. Ten media websites became targets of the attack—fortunately, for a short duration: 1in.am, a1plus.am, armenpress.am, armtimes.com, blognews.am, hetq.am, mamul.am, mediamax.am, news.am, zhamanak.com.

On October 10, an unprecedented attack occurred, resulting in the compromise of nearly all government websites, including those of the Constitutional Court, the Human Rights Defender, and more. The state websites of the Republic of Artsakh were also compromised. Around fifty crucial websites were taken offline, severely disrupting the entire governmental domain of both Armenia and Artsakh.

At the same time, infiltrations into government servers were carried out. To this day, it is not entirely clear how much information was stolen. Some of the stolen files are available online in an open format. From this, it can be concluded that Azerbaijan has obtained numerous official and confidential documents from the Presidential Administration, the Ministry of Foreign Affairs, the Ministry of Defense, and so on. Some of the documents were dated September 2020, suggesting that the attack was carried out during the new war and is not directly related to any potential leaks that may have occurred in July. Personal data files of subscribers from Karabakh Telecom have also been leaked online. Such massive and unprecedented leaks due to cyber-attacks against Armenia had never been carried out until now.

Meanwhile, there were ongoing and forceful DDoS attacks against both state and media websites, which I have already addressed. Throughout this period, phishing attacks continued against social media users. Targeted attack attempts against high-ranking officials and military personnel were also conducted through messaging platforms.