An investigation by Access Now, Citizen Lab, Amnesty Internationalʼs Security Lab and independent Armenian mobile-security researcher Ruben Muradyan found the Israeli-made spyware tool on phones of then-Armenian official ombudsman Kristinne Grigoryan, two journalists from Radio Free Europe, a United Nations official and a former spokesperson for the country’s foreign ministry.
“Inserting harmful spyware technology into the Armenia-Azerbaijan conflict shows a complete disregard for safety and welfare, and truly unmasks how depraved priorities can be,” said Natalia Krapiva, tech-legal counsel at digital rights group Access Now and one of the authors of the report, told POLITICO.
Nagorno-Karabakh is a disputed territory in Azerbaijan, where the country has been in a protracted conflict with Armenia since the 1980s, with open war breaking out in 2020.
Thursday's report found infections with Pegasus software — one of the most sophisticated spyware tools created by Israel's NSO Group — in Armenia as early as 2020, during some of the most intense fighting of the war, and again when peace talks were taking place in October and a cease-fire was struck in November 2020. Overall, between 2020-2021, the researchers recorded over 30 successful Pegasus infections. The groups behind the research — which include some of the world's most renowned forensic analysts on spyware — said it was the first known case of spyware being used in an active conflict.
“This is the first documented evidence of the use of Pegasus spyware in an international war context,” the researchers wrote.
While there is no unequivocal evidence linking a specific government to the hack, the timing and the victims "strongly suggest" the intrusions were part of active warfare on Azerbaijan's behalf, the report suggested. However, it added that because the victims also included members of civil society that have been critical of Armeniaʼs government, it is possible Armenian services conducted the hack themselves.
Both governments were previously found to have purchased spyware; Azerbaijan-linked domains were identified in Pegasus one-click SMS infection infrastructure. Meta's December 2021 "Threat Report on the Surveillance-for-Hire Industry" also identified an Armenia-based customer of mercenary spyware firm Cytrox.
The Armenian and Azerbaijani government did not respond to a request for comment.
One of the victims of the hacking, Anna Naghdalyan, served as spokesperson for the Ministry of Foreign Affairs at the time her device was hacked. Her work “put her squarely in the middle of the most sensitive conversations," researchers wrote.