A joint investigation has revealed that at least twelve Armenian public figures and officials, including journalists and human rights defenders were targeted with NSO Group’s Pegasus spyware amid conflict in Nagorno-Karabakh, between October 2020 and December 2022. Evidence from the investigation, conducted with Amnesty International’s Security Lab, Access Now, the Citizen Lab, CyberHUB-AM, and an independent mobile security researcher Ruben Muradyan suggests that the conflict may have been the reason for the targeting.
Amnesty International’s Security Lab found infections of two journalists from the Armenian branch of Radio Free Europe/Radio Liberty (RFE/RL): Karlen Aslanyan and Astghik Bedevyan. Other victims include the Human Rights Defender (Ombudswoman) of Armenia, a United Nations official, a former spokesperson of Armenia’s Foreign Ministry, and seven other representatives of Armenian civil society.
“This investigation highlights the grave nature of spyware threats rippling across civil societies in Armenia and Azerbaijan. The authorities must stop all efforts to stifle freedom of expression and undertake an independent and transparent investigations into the attacks with Pegasus uncovered in both countries,” said Donncha Ó Cearbhaill, Head of Amnesty International’s Security Lab.
This investigation highlights the grave nature of spyware threats rippling across civil societies in Armenia and AzerbaijanDonncha Ó Cearbhaill, Head of Amnesty International’s Security Lab
Pegasus has been used extensively in Azerbaijan to target a wide range of journalists, civil society and political opposition figures. The Pegasus Project revealed that over 1,000 Azerbaijani numbers were selected for targeting by a Pegasus government customer. Amnesty International’s Security Lab has since forensically confirmed that at least five members of Azerbaijani civil society had their devices infected with Pegasus between 2019 and 2021, including a former Radio Free Europe/Radio Liberty Azerbaijan journalist, Khadija Ismayilova. Amnesty International has seen evidence suggesting that a different spyware product developed by Intellexa named “Predator” was deployed with server infrastructure located in Armenia. Security researchers at Meta also identified a likely customer of Predator in Armenia.
The investigation in Armenia began when Apple sent notifications to users in November 2021, warning them of potential state-sponsored spyware targeting. CyberHUB-AM and Access Now, with assistance from the Citizen Lab, subsequently confirmed some of these individuals’ Apple devices were infected with Pegasus.
Case studies of the victims reveal that the targeting was in the context of the Nagorno-Karabakh conflict. The first cluster of Pegasus infections in Armenia occurred during the political crisis following the country’s defeat in the 2020 Nagorno-Karabakh conflict with Azerbaijan and continued into 2021. The second cluster of infections took place in 2022, coinciding with major escalations and peace talks between Armenia and Azerbaijan in Sochi and Prague, and Azerbaijan’s ongoing blockade of the Lachin corridor starting in December.
During the first cluster of Pegasus infections in Armenia, the investigation discovered ten individuals who were targeted between 2020 and 2021, resulting in over 30 successful infections.
During the first cluster of Pegasus infections in Armenia, the investigation discovered ten individuals who were targeted between 2020 and 2021, resulting in over 30 successful infections
Among the victims were:
Five out of the 12 infected individuals in the investigation chose to remain anonymous, including media representatives, an activist, a civil society actor, and one undisclosed UN representative without employer consent. Other individuals received Apple notifications warning them of potential state-sponsored spyware targeting, but confirmation of their device infection remains inconclusive due to limited access to their data.
“These revelations are yet another illustration of the risks associated with these types of spyware attacks. The use of highly invasive spyware like Pegasus can evade detection and undermine even the most carefully crafted human rights safeguards. That’s why Amnesty International is calling for a ban on highly invasive spyware.” said Donncha Ó Cearbhaill, Head of Amnesty International’s Security Lab.
The use of highly invasive spyware like Pegasus can evade detection and undermine even the most carefully crafted human rights safeguardsDonncha Ó Cearbhaill, Head of Amnesty International’s Security Lab
“We urge authorities worldwide to act now to tackle the spyware crisis. The uncontrolled proliferation of spyware technology undermines the very foundations of civil society, journalism, and human rights. It is imperative for governments and technology companies to establish robust regulation and oversight mechanisms to prevent the wanton abuse of surveillance technologies, as well as enforce a ban on highly invasive spyware like Pegasus, against which even the best safeguards cannot offer protection,” said Donncha Ó Cearbhaill, Head of Amnesty International’s Security Lab.
Tags: Armenia, Azerbaijan, Pegasus spyware, public figures.
Azerbaijan: Authorities must immediately release scholar Gubad Ibadoghlu
Dominican Republic: Pegasus spyware discovered on prominent journalist’s phone
Azerbaijan: Blockade of Lachin corridor must be immediately lifted
Thailand: Pegasus spyware found on phones of dissidents involved in protests
Los Estados deben frenar las masacres de civiles