A joint investigation between Access Now, CyberHUB-AM, the Citizen Lab at the Munk School of Global Affairs at the University of Toronto (the Citizen Lab), Amnesty International’s Security Lab, and an independent mobile security researcher Ruben Muradyan, has uncovered hacking of civil society victims in Armenia with NSO Group’s Pegasus spyware.
The investigation has identified 12 individuals whose Apple devices were targeted with Pegasus spyware at various times between October 2020 and December 2022.
The Armenia spyware victims include a former Human Rights Defender of the Republic of Armenia (the Ombudsperson), two Radio Free Europe/Radio Liberty (RFE/RL) Armenian Service journalists, a United Nations official, a former spokesperson of Armenia’s Foreign Ministry (now an NGO worker), and seven other representatives of Armenian civil society.
Circumstantial evidence suggests that the targeting is related to the military conflict in the Republic of Artsakh. This is the first documented evidence of the use of Pegasus spyware in an international war context.
The investigation began after Apple sent its first wave of notifications to their users in November 2021, warning them that they may have been targeted with state-sponsored spyware.
NSO Group claims that their technology is exclusively sold to governments, which is broadly consistent with past findings by research groups and investigative journalists. The researchers believe that this operation is the work of a governmental Pegasus customer.
Neither Access Now nor the technical partners at the Citizen Lab and Amnesty International conclusively link this Pegasus hacking to a specific governmental operator. The targeting occurred during the Azerbaijan-Armenia conflict, and the Armenia spyware victims’ work and the timing of the targeting strongly suggest that the conflict was the reason for the targeting.
Substantial evidence exists, meanwhile, to suggest that Azerbaijan is a Pegasus customer, and the targets would have been of intense interest to Azerbaijan, the report says.
Pegasus has been used extensively in Azerbaijan to target a wide range of journalists, civil society and political opposition figures. The Pegasus Project revealed that over 1,000 Azerbaijani numbers were selected for targeting by a Pegasus government customer. Amnesty International’s Security Lab has since forensically confirmed that at least five members of Azerbaijani civil society had their devices infected with Pegasus between 2019 and 2021.