Armenia/Azerbaijan: Pegasus spyware targeted Armenian public figures amid conflict

  • At least 12 Armenian public figures, including journalists and human rights defenders, were targeted with Pegasus spyware
  • The Pegasus Project has revealed more than 1,000 Azerbaijani numbers were selected for targeting by a Pegasus customer
  • Amnesty Tech urges authorities worldwide to ban highly invasive spyware that evades detection and undermines human rights safeguards

joint investigation has revealed that at least twelve Armenian public figures and officials, including journalists and human rights defenders were targeted with NSO Group’s Pegasus spyware amid conflict in Nagorno-Karabakh, between October 2020 and December 2022.  Evidence from the investigation, conducted with Amnesty International’s Security Lab, Access Now, the Citizen Lab, CyberHUB-AM, and an independent mobile security researcher Ruben Muradyan suggests that the conflict may have been the reason for the targeting.

Amnesty International’s Security Lab found infections of two journalists from the Armenian branch of Radio Free Europe/Radio Liberty (RFE/RL): Karlen Aslanyan and Astghik Bedevyan. Other victims include the Human Rights Defender (Ombudswoman) of Armenia, a United Nations official, a former spokesperson of Armenia’s Foreign Ministry, and seven other representatives of Armenian civil society.

“This investigation highlights the grave nature of spyware threats rippling across civil societies in Armenia and Azerbaijan. The authorities must stop all efforts to stifle freedom of expression and undertake an independent and transparent investigations into the attacks with Pegasus uncovered in both countries,” said Donncha Ó Cearbhaill, Head of Amnesty International’s Security Lab.

This investigation highlights the grave nature of spyware threats rippling across civil societies in Armenia and Azerbaijan.

Donncha Ó Cearbhaill, Head of Security Lab, Amnesty International

Pegasus has been used extensively in Azerbaijan to target a wide range of journalists, civil society and political opposition figures. The Pegasus Project revealed that over 1,000 Azerbaijani numbers were selected for targeting by a Pegasus government customer. Amnesty International’s Security Lab has since forensically confirmed that at least five members of Azerbaijani civil society had their devices infected with Pegasus between 2019 and 2021, including a former Radio Free Europe/Radio Liberty Azerbaijan journalist, Khadija Ismayilova. Amnesty International has seen evidence suggesting that a different spyware product developed by Intellexa named “Predator” was deployed with server infrastructure located in Armenia. Security researchers at Meta also identified a likely customer of Predator in Armenia.

The investigation in Armenia began when Apple sent notifications to users in November 2021, warning them of potential state-sponsored spyware targeting. CyberHUB-AM and Access Now, with assistance from the Citizen Lab, subsequently confirmed some of these individuals’ Apple devices were infected with Pegasus.

Journalists, human rights defenders and officials victims of surreptitious spyware

Case studies of the victims reveal that the targeting was in the context of the Nagorno-Karabakh conflict. The first cluster of Pegasus infections in Armenia occurred during the political crisis following the country’s defeat in the 2020 Nagorno-Karabakh conflict with Azerbaijan and continued into 2021. The second cluster of infections took place in 2022, coinciding with major escalations and peace talks between Armenia and Azerbaijan in Sochi and Prague, and Azerbaijan’s ongoing blockade of the Lachin corridor starting in December.

During the first cluster of Pegasus infections in Armenia, the investigation discovered ten individuals who were targeted between 2020 and 2021, resulting in over 30 successful infections.

During the first cluster of Pegasus infections in Armenia, the investigation discovered ten individuals who were targeted between 2020 and 2021, resulting in over 30 successful infections

Donncha Ó Cearbhaill

Among the victims were:

  • Karlen Aslanyan and Astghik Bedevyan, journalists from Radio Azatutyun, the Armenian Service of Radio Free Europe/Radio Liberty, whose devices were infected in April and May 2021, respectively, while they were covering the Armenian political crisis and the aftermath of the Nagorno-Karabakh war.
  • Ruben Melikyan, former Human Rights Ombudsman of the Republic of Artsakh, had his device infected in May 2021 while he was actively monitoring the 2021 parliamentary elections.
  • Anna Naghdalyan, former Spokesperson of the Ministry of Foreign Affairs, had her device infected multiple times between October 2020 and July 2021, during her involvement in sensitive conversations and negotiations related to the Nagorno-Karabakh crisis.
  • Dr. Varuzhan Geghamyan, an Assistant Professor and Turkologist, had his iPhone infected in June 2021 while he was providing analysis and lectures on the regional and external politics of Azerbaijan.
  • Samvel Farmanyan, co-founder of ArmNews TV which is known to be critical of the administration of Prime Minister Nikol Pashinyan, had his device infected with Pegasus in June 2022 during the second wave of infections.
  • Kristinne Grigoryan, the Human Rights Defender of Armenia, who is vocal about alleged atrocities by Azerbaijani forces during the conflict, experienced Pegasus infections in October 2022.

Five out of the 12 infected individuals in the investigation chose to remain anonymous, including media representatives, an activist, a civil society actor, and one undisclosed UN representative without employer consent. Other individuals received Apple notifications warning them of potential state-sponsored spyware targeting, but confirmation of their device infection remains inconclusive due to limited access to their data.

Calls to ban highly invasive spyware

“These revelations are yet another illustration of the risks associated with these types of spyware attacks. The use of highly invasive spyware like Pegasus can evade detection and undermine even the most carefully crafted human rights safeguards. That’s why Amnesty International is calling for a ban on highly invasive spyware.” said Donncha Ó Cearbhaill, Head of Amnesty International’s Security Lab.

The use of highly invasive spyware like Pegasus can evade detection and undermine even the most carefully crafted human rights safeguards

Donncha Ó Cearbhaill, Head of Amnesty International’s Security Lab

“We urge authorities worldwide to act now to tackle the spyware crisis. The uncontrolled proliferation of spyware technology undermines the very foundations of civil society, journalism, and human rights. It is imperative for governments and technology companies to establish robust regulation and oversight mechanisms to prevent the wanton abuse of surveillance technologies, as well as enforce a ban on highly invasive spyware like Pegasus, against which even the best safeguards cannot offer protection,” said Donncha Ó Cearbhaill, Head of Amnesty International’s Security Lab.