Armenians Targeted with Pegasus Spyware During the War with Azerbaijan

Published: 25 May 2023

Cellphone MalwarePegasus spyware gives its operator full control of the device. (Photo: Blogtrepreneur, Flickr, License)

By Fatima Karimova

An investigation published on Thursday revealed that the mobile phones of at least 12 Armenian public figures and officials, including journalists and human rights defenders, were infected with the cutting-edge spyware Pegasus during the country's war with Azerbaijan.

This marks the first time that experts have been able to prove the use of the notorious software during an armed conflict. Created by the Israeli company NSO Group, the spyware has been used by governments worldwide to spy on political opponents, human rights activists and journalists.

Access Now, a New York-based NGO, in collaboration with Citizen Lab, Amnesty International, and a group of cybersecurity researchers, initiated the investigation after Apple sent notifications to users in November 2021, warning them that they may have been targeted with state-sponsored spyware.

Several individuals from Armenia reached out to local digital security support and threat research hub CyberHUB-AM and Access Now's Digital Security Helpline to request a double-check of their devices for infection.

"The backdrop of the first cluster of civil society Pegasus infections found in Armenia is the bloody 2020 Nagorno-Karabakh (also referred to as the Republic of Artsakh in Armenia) war with Azerbaijan, the associated peace talks in October 2020, and the November 9, 2020 ceasefire agreement that locked territorial gains for Azerbaijan," stated the investigation.

Despite the ceasefire, the conflict escalated, and over 30 devices were infected with the spyware during that time.

One of the victims identified by Access Now and Citizen Lab is Anna Naghdalyan, a former Armenian Foreign Ministry Spokesperson and current NGO worker.

Her phone was hacked at least 27 times between October 2020 and July 2021 during her tenure at the ministry. This placed her in the center of sensitive conversations and negotiations regarding the Nagorno-Karabakh crisis, including ceasefire mediation attempts by France, Russia, and the United States, as well as official visits to Moscow and Karabakh, according to the report.

In her conversation with Access Now, Naghdalyan expressed that she had "all the information about the developments during the war on [her] phone" and that she feels there is no way for her to feel completely safe since discovering her phone was hacked.

Another victim identified by Citizen Lab is Kristinne Grigoryan, who served as Human Rights Ombudsperson of Armenia. Her phone was infected with Pegasus on or around October 4, 2022, according to the findings.

Grigoryan's role involved the protection of human rights for members of the armed forces. Her phone was infected after September 5, when she met with her Azerbaijani counterpart, Sabina Aliyeva.

"On that day, they exchanged mobile numbers; however, the Azerbaijani Human Rights Commissioner never reacted to Kristinne's messages or calls," the report stated.

The following week, the conflict between the two countries reignited, resulting in losses on both sides.

Among the spyware victims are two journalists from Radio Free Europe/Radio Liberty (RFE/RL) Armenian Service, a United Nations official, and seven other representatives of Armenian civil society.

Astghik Bedevyan, one of the journalists from RFE/RL, had her phone hacked on or around May 11, 2021, while covering the Armenian snap parliamentary elections that were heavily focused on the conflict and the consequences of Armenia's defeat in the 44-day war.

Bedevyan's phone, which contained personal information about herself and her children, was infected in the month leading up to the parliamentary elections.

"I felt that my personal privacy was rudely violated," Astghik told Access Now.

According to the investigation, neither Access Now nor the technical partners at Citizen Lab and Amnesty International can conclusively link this Pegasus hacking to a specific governmental operator.

"The targeting occurred during the Azerbaijan-Armenia conflict, and the victims' work and the timing of the targeting strongly suggest that the conflict was the reason behind it," stated the investigation.

It also mentioned that considering the victims were members of civil society organizations critical of Armenia's current government, it is possible that Armenia would have had a significant interest in their activities.

However, Access Now does not have any technical evidence suggesting that Armenia has ever used Pegasus. Instead, it is believed that Armenia may be using a different spyware product.

Azerbaijan was revealed as a major user of the spyware in the Pegasus Project, a collaborative journalism project coordinated by Forbidden Stories in 2021. This implies that the targeted individuals would also be of great interest to Azerbaijan.