Thirteen government officials, human rights activists, journalists and academics from Armenia fell victim to spying by a foreign country using Pegasus spyware from the Israeli NSO Group, a new report from Amnesty International’s Security Lab and The Citizen Lab released on Thursday found.
Among the victims were the spokeswoman of Armenia’s Foreign Ministry, who is now an NGO worker, and then-Human Rights Defender (Ombudsman) of Armenia, who investigated suspicions of war crimes against Azerbaijan.
The researchers found circumstantial evidence linking the espionage to the war in the disputed territory of Nagorno-Karabakh, and suspect that the Azerbaijan is behind the hacking.
The roots of the affair go back to November 2021, after Apple sent the first round of warnings to some of those attacked, telling them they had been the victims of a cyberattack by a foreign nation.
People look at the destroyed houses a day after shelling by Armenian's artillery during fighting over the separatist region of Nagorno-Karabakh, in Ganja, Azerbaijan, October 12, 2020. Credit: AP Photo
The forensic examination of their phones was conducted by The Citizen Lab at the University of Toronto, the Access Now digital civil rights organization, Amnesty Tech and CyberHUB-AM, the emergency cyber response center for civil society organizations in Armenia.
Azerbaijan has previously been suspected of deploying Pegasus spyware against journalists and civil society activists in its own country, after the infections were exposed in July 2021 as part of the Pegasus project, led by Forbidden Stories and Amnesty, and in cooperation with Haaretz-TheMarker.
- 92 flights from Israeli base reveal arms exports to Azerbaijan
- Armenia and Azerbaijan are at a boiling point. Another conflict is just a matter of time
- Israel torpedoed Morocco spyware deal - and NSO competitor QuaDream shut down
President Ilham Aliyev has total control over the country, and his rule has a long history of arrests and repression of civil rights and opposition activists. In 2017, the U.S. State Department released a harsh report on the state of the LGBTQ community in Azerbaijan, which suffers from persecution, murder and disappearances, arrests, torture and discrimination.
NSO was not the only Israeli company that supplied advanced military and intelligence systems to Azerbaijan. Israel has consolidated its strategic ties with Azerbaijan in recent years, exporting billions of dollars of arms to the country, which shares a border with its regional foe Iran.
But this time the targets of the spying were Armenians. Forensic evidence and the identity of the victims indicate that the government of Azerbaijan was likely behind the spying campaign.
The researchers said the spyware campaign began as a result of the tensions in the Nagorno-Karabakh region, a disputed enclave with a mostly ethnic Armenian population and a separatist government in the heart of Azerbaijan. During the Second Nagorno-Karabakh War, also known as the 44-day War, in 2020, Azerbaijan captured large amounts of territory and the defeat led to a severe political crisis in Armenia.
A few days after the cease-fire agreement, it was reported that Armenia’s National Security Service had thwarted an assassination attempt against the Prime Minister Nikol Pashinyan. The prime minister then dissolved the parliament and announced new elections in June 2021, which he won.
“We identified the first wave of infections in May to July 2021 at the time that Armenia was in a severe constitutional and political crisis over the loss of Nagorno-Karabakh,” Natalia Krapiva, the tech legal counsel for Access Now told Haaretz.
The talks between Azerbaijan and Armenia under the auspices of Russia continued during that period, and the prime minister’s resignation only made the political uncertainty even worse. Acting Foreign Minister Ara Ayvazyan resigned at the end of May, after he harshly criticized his own government’s policies. That same day, the telephone of Anna Naghdalyan, the then-spokeswoman of the Armenian Foreign Ministry, was infected, and she was not the only one.
A week later, all of the foreign minister’s deputies announced their resignations. Twenty-four hours earlier, according to the Citizen Labs report, Naghdalyan’s phone was infected for a second time. “I had a lot of important information, professional and also personal,” Naghdalyan told Haaretz. “I don’t know how much information they obtained, but this case proves that none of us are safe. Such gadgets have become an inseparable part of our lives – and such discoveries cause a deep feeling of insecurity.”
Among the victims whose phones were found to be infected with the Pegasus spyware were two Armenian academics specializing in international relations and Azerbaijan, and one United Nations employee, whose identity was not revealed.
Kristine Grigoryan, the Human Rights Defender of Armenia until January 2023, told Haaretz that additional infections occurred close to later flare-ups in Nagorno-Karabakh. Grigoryan worked in the office of Armenia’s human rights ombudsman, an accredited national institute of the United Nations, and she was responsible for investigating suspicions of war crimes.
She was tasked with the role after videos circulated in 2022 showing Azerbaijan commandos killing Armenian prisoners of war.
One of the clips depicts the abuse of a female Armenian sniper who was captured and later murdered. “She had three children,” said Grigoryan. “The family came to my office and begged for us to stop the distribution of the videos, but we couldn’t do anything.”
Due to her special role in investigating Azerbaijani war crimes, Grigoryan became a well-known figure in the media – and as a result was also the target Azerbaijan’s spying, said the researchers. In October 2022, she was notified by Apple that her phone had been infected. In December, her phone was infected a second time.
“Helping attack those already experiencing violence is a despicable act, even for a company like NSO Group,” said Natalia Krapiva from Access Now. “Inserting harmful spyware technology into the Armenia-Azerbaijan conflict shows a complete disregard for safety and welfare, and truly unmasks how depraved priorities can be. People must come before profit — it’s time to disarm spyware globally.”
NSO Group responded to Haaretz' questions:
While NSO is unable to confirm or deny the identity of its customers, past reports proved that various groups continue to produce inconclusive reports that are unable to differentiate between the various cyber tools in use. As always, these groups refuse to share their reports with the company, hence we cannot address any specific allegations we didn’t see.
NSO has the industry’s leading compliance and human rights policy and as always will investigate all credible allegations of misuse. Past NSO investigations have resulted in the termination of multiple contracts regarding the improper use of our technologies.
NSO has repeatedly called for a global regulatory cyber intelligence framework to address the responsibility of governmental operators to prevent technological misuse.
Donncha Ó Cearbhaill, the Head of Amnesty Tech Security Lab, responded to The comapny's claims about the report:
“NSO Group refuses to engage with or acknowledge the overwhelming weight of forensic evidence proving ongoing Pegasus abuses published by Amnesty International, Citizen Lab and civil society partners. Time and again this research been later validated by subsequent official investigations, government statements and major technology vendors.”
“NSO Group’s evidently inadequate human rights policy is little comfort to the journalists and human rights defenders who continue to be victimized by the company’s spyware
almost a decade after abuses were confirmed. We urgently need a ban on these most invasive forms of spyware to stop the ongoing crisis enabled by this industry.”
The Azerbaijan Ministry of Foreign Affairs and Israel’s Defense Ministry have not responded to requests from Haaretz.
Click the alert icon to follow topics:
- NSO Group
FAQs
Armenian officials hacked with Israeli spyware. The suspect: Azerbaijan? ›
The Suspect: Azerbaijan. Thirteen government officials, human rights activists, journalists and academics from Armenia fell victim to spying by a foreign country using
A joint investigation has revealed that at least twelve Armenian public figures and officials, including journalists and human rights defenders were targeted with NSO Group's Pegasus spyware amid conflict in Nagorno-Karabakh, between October 2020 and December 2022.
Who owns Pegasus? ›Pegasus is spyware developed by the Israeli cyber-arms company NSO Group that can be covertly installed on mobile phones (and other devices) running most versions of iOS and Android. Pegasus is able to exploit iOS versions up to 14.7, through a zero-click exploit.
Which country made Pegasus software? ›Pegasus (spyware), spyware developed by Israeli cyber-intelligence firm NSO Group (founded in 2010) for eavesdropping on mobile phones and harvesting their data. The spyware has been highly controversial, used to track politicians, government leaders, human rights activists, dissidents, and journalists.
What does NSO stand for in spyware? ›NSO Group Technologies (NSO standing for Niv, Shalev and Omri, the names of the company's founders) is an Israeli cyber-intelligence firm primarily known for its proprietary spyware Pegasus, which is capable of remote zero-click surveillance of smartphones. It employed almost 500 people as of 2017.
Who legally owns Nagorno-Karabakh? ›Nagorno-Karabakh is a disputed territory, internationally recognized as part of Azerbaijan, but most of it is governed by the unrecognised Republic of Artsakh (also known as the Nagorno-Karabakh Republic (NKR)) since the first Nagorno-Karabakh War.
Does the US recognize Nagorno-Karabakh? ›The Republic of Artsakh and the United States do not have official diplomatic relations as the United States is among the vast majority of countries that does not recognize Artsakh as a sovereign nation and instead recognizes the region of Artsakh, or Nagorno-Karabakh, as part of Azerbaijan.
Does the US use Pegasus? ›The order comes as it was revealed evidence of spyware has been found on the devices of 50 US government officials.
Is Pegasus spyware still active? ›As of right now, Pegasus is still a very dangerous spyware. In 2021, in a joint investigation into a leaked list of more than 50,000 phone numbers, 17 media organizations found a high concentration of individuals from countries known to engage in surveillance.
Can Pegasus be detected? ›Although the MVT mostly caters to iOS devices, it can still detect Pegasus on Android. If you are wondering how to detect Pegasus spyware on Android with the MVT, the first places to start looking are potentially malicious text messages and APKs on your smartphone.
Can you remove Pegasus from your phone? ›
How to remove Pegasus spyware from an Android phone. If you suspect your Android is infected with Pegasus spyware, you can use the Mobile Verification Toolkit (MVT) — a specific spyware removal tool developed by Amnesty International.
Does Germany use Pegasus? ›Sources have confirmed media reports that federal criminal police purchased and used the controversial Israeli surveillance spyware despite lawyers' objections.
Who exposed Pegasus? ›Government investigations
France's national agency for information systems security (ANSSI) identified digital traces of Pegasus on three journalists' phones and relayed its findings to the Paris public prosecutor's office, which is overseeing the investigation into possible hacking.
These belonged to people flagged for attack by a cybersurveillance software package called Pegasus. The investigation that followed is the subject of Pegasus: The story of the … world's most dangerous spyware, a non-fiction thriller and a must-read for all, not just those interested in cryptography and communications.
What is the most powerful spyware? ›What Exactly Is Pegasus and How Does It Work? Pegasus is a spyware designed by an Isreali cybersecurity company that allows government agencies to precisely target, track, and spy on individuals that they classify as a security threat.
Can antivirus detect Pegasus spyware? ›Unfortunately, traditional antivirus software cannot detect Pegasus. If you are worried that you have Pegasus on your Android, iPhone, or iPad, you can use MVT, a free tool designed by Amnesty International's Security Lab, to scan your phone or tablet.
Does the US support Armenia or Azerbaijan? ›Since then, the US has supported Armenia in many of its endeavours such as encouraging a peaceful resolution to the Nagorno-Karabakh conflict, reopening the closed borders with Azerbaijan and Turkey, and promoting regional prosperity.
Why does Pakistan not recognize Armenia? ›The international and bilateral relations between Armenia and Pakistan are poor. Pakistan is the only country in the world that does not recognize Armenia as a state, although most Pakistanis are not aware of this fact. The primary cause of the two countries' diplomatic rift is the Nagorno-Karabakh conflict.
Why is Azerbaijan split by Armenia? ›The declaration of secession from Azerbaijan was the final result of a territorial conflict regarding the land. As Azerbaijan declared its independence from the Soviet Union and removed the powers held by the enclave's government, the Armenian majority voted to secede from Azerbaijan.
Is Armenia safe for US citizens? ›U.S. citizens should avoid the area. Exercise caution on roads near Armenia's border with Azerbaijan. Be aware that some portions of the road may cross international boundaries without notice. Roads may be controlled by checkpoints or closed to travelers without notice.
Is Azerbaijan friendly to United States? ›
U.S.-AZERBAIJAN RELATIONS
The United States established diplomatic relations with Azerbaijan in 1992, following its independence from the Soviet Union. Together, the two countries work to promote European energy security, expand bilateral trade and investment, and combat terrorism and transnational threats.
Since its independence, Armenia has maintained a policy of complementarism by trying to have positive and friendly relations with Iran, Russia, and the West, including the United States and the European Union.
Can you tell if your phone is hacked? ›If you find apps you haven't downloaded, or calls, texts, and emails that you didn't send, that's a red flag. A hacker may have hijacked your phone to send premium-rate calls or messages or to spread malware to your contacts. Similarly, if you see spikes in your data usage, that could be a sign of a hack as well.
What is the US version of Pegasus? ›officials had also tested the NSO tool Phantom, a version of Pegasus capable of hacking phones with U.S. numbers. The F.B.I. eventually decided not to deploy Pegasus in criminal investigations in July 2021, amid a flurry of stories about how the hacking tool had been abused by governments across the globe.
Who bought Pegasus spyware? ›That year, the C.I.A. bought Pegasus to help Djibouti, an American ally, fight terrorism, despite longstanding concerns about human rights abuses there, including the persecution of journalists and the torture of dissidents.
How many countries have Pegasus spyware? ›Pegasus Spyware Maker NSO Group Has Contracts In 12 EU Countries: Report.
Does the FBI use Pegasus spyware? ›It remains unclear why the FBI officially chose not to use the Pegasus software but the Times cited officials who said it was the decision was made largely due to intense negative publicity about how the tool had been abused by governments like Saudi Arabia, Mexico, Hungary, and India.
Why can't Pegasus be stopped? ›Hijacking by Pegasus
Once privileged, it installs the spyware files deep into the OS bypassing the OS security. In essence, as long as the victim has unpatched vulnerabilities in OS/Apps, nothing can stop Pegasus from entering the phone and taking full control of the phone.
"The most common signs that show that a device has been hacked are faster-than-normal battery drainage, sudden increases of internet usage unrelated to browsing habits by the user of the device, GPS and internet options turning on and off independently, randomly displayed advertisements, or unfamiliar apps installed ...
How does your phone act when there is Pegasus in? ›NSO Group's Pegasus spyware can turn any infected smartphone into a remote microphone and camera, spying on its own owner while also offering the hacker – usually in the form of a state intelligence or law enforcement agency – full access to files, messages and, of course, the user's location.
Can Apple protect against Pegasus? ›
Apple is launching a “lockdown mode” for its devices to protect people – including journalists and human rights activists – targeted by hacking attacks like those launched by government clients of NSO Group using its Pegasus spyware.
How does Pegasus spyware get installed? ›Pegasus can be installed on vulnerable phones through a web link or a missed call. The spyware can steal passwords, contacts, text messages, and photos. The only way to avoid Pegasus after it has infected a phone is by getting rid of the phone.
How is Pegasus spyware installed remotely? ›Simply by placing a WhatsApp call to a target device, malicious Pegasus code could be installed on the phone, even if the target never answered the call. More recently NSO has begun exploiting vulnerabilities in Apple's iMessage software, giving it backdoor access to hundreds of millions of iPhones.
Will factory reset remove Pegasus? ›There's nearly no way to detect Pegasus specifically. Does a factory reset on an iPhone remove malware? No, you do not need to do a factory reset. Unlike what others have said, simply backing up the phone and then using the erase all content and settings command will erase any malware.
Does Canada use Pegasus? ›OTTAWA, Ont. — Canada's national police force says it has used spyware to hack dozens of mobile devices in the past five years, and that it has used similar technology as far back as 2002. However, the Royal Canadian Mounted Police says it has never used controversial Pegasus software to spy on Canadians.
What company uses Pegasus? ›In 1931, when Vacuum merged with Socony, the red Pegasus – a symbol of speed and power – was adopted as its U.S. trademark. In 1968, Mobil adopted new-look Pegasus service stations. The red Pegasus remains among the most recognized corporate symbols in American petroleum history.
Does Pegasus work on iPhones? ›These methods allowed Pegasus to infect even the most advanced iPhones with the latest versions of Apple's operating system. Two of the exploits, which the researchers named LATENTIMAGE and FINDMYPWN – served to hack devices with iOS versions 15.5 and 15.6, while the PWNYOURHOME exploit was used to attack iOS 16.0.
Who was hacked by Pegasus? ›Ruben Melikyan is another member of the Armenian civil society whose iPhone was infected with Pegasus in May 2021. According to the Citizen Lab's forensic research, Ruben's device was infected on or around May 20, 2021.
Who was Pegasus best friend? ›With its origins in Greek mythology, Pegasus, child of Poseidon, was the OG bestie to the hero Bellerophon.
What is the problem with Pegasus spyware? ›Pegasus exploits unknown vulnerabilities in software, so-called zero-days. As a result, Pegasus can be installed completely unnoticed on victims' phones. They can be tracked, eavesdropped on, spied on and their data copied.
Can spyware watch you? ›
Regardless of whether you use an iPhone or an Android smartphone, it is possible for someone to install spyware onto your phone that secretly tracks and reports on your activity. It's even possible for someone to monitor your cell phone's activity without ever even touching it.
What device gets hacked the most? ›That one item, which has seen a drastic rise in sales as people are more apt to install cameras for security these days, is the one item most hacked by cyber thieves. The cheaper the camera quality, the more vulnerable it is.
What removes spyware? ›The best way to remove spyware is to use an anti-spyware scanner. Download and install a reliable free antivirus solution, and it will detect and remove the spyware from your device. Then, keep your device clean by removing junkware, PUPs, and other unnecessary software that can slow down your computer.
Can you tell if you have spyware? ›Look out for the following clues: Increasing sluggishness and slow response. Unexpected advertising messages or pop-ups (spyware is often packaged with adware). New toolbars, search engines and internet home pages that you don't remember installing.
Where is spyware most commonly found? ›Like most other malware, spyware can be sent in a link or an email attachment. Never click on an unfamiliar link or attachment, and don't open emails from an unknown sender. Doing so could result in spyware being downloaded and installed on your computer. Clicking on malicious links can also infect your PC with a worm.
What are the 4 types of spyware? ›Overview. Spyware is mostly classified into four types: adware, system monitors, tracking including web tracking, and trojans; examples of other notorious types include digital rights management capabilities that "phone home", keyloggers, rootkits, and web beacons.
Does McAfee protect against Pegasus? ›we would like to let you know that install McAfee mobile security on your mobile device which helps to identify the pegasus virus on your android phone.
Does Armenia still control Nagorno-Karabakh? ›The current conflict has its roots in events following World War I and today the region is de jure part of Azerbaijan, although large parts are de facto held by the internationally unrecognised Republic of Artsakh, which is supported by Armenia.
What countries are involved in Nagorno-Karabakh conflict? ›First Nagorno-Karabakh War (1988–1994)
As the war progressed, Armenia and Azerbaijan, both former Soviet Republics, entangled themselves in a protracted, undeclared war in the mountainous heights of Karabakh as Azerbaijan attempted to curb the secessionist movement in Nagorno-Karabakh.
The Republic of Artsakh is not recognized by any country, including Armenia; however, for the past 30 years international mediators and human rights organizations have made reference to the right of self-determination for the indigenous Armenian population.
What country controls Nagorno-Karabakh? ›
Under the agreement, Azerbaijan now again controls in full the seven districts adjacent to Nagorno-Karabakh that Armenian forces had held since the previous war. It also holds a substantial part of Nagorno-Karabakh itself.
Does Armenia support Russia? ›Military cooperation between Armenia and Russia is based on both states being members of the military alliance (CSTO) as well as participants in the Joint CIS Air Defense System.
Which is better Armenia or Azerbaijan? ›Overall, Armenia is ranked in the Prosperity Index much higher than Azerbaijan and Turkey. Armenia is ranked 61st in 2023, slightly down from 59th in 2022, but considerably up from 76th in 2013. Meanwhile, Azerbaijan is ranked much lower at 92nd in 2023, the same as in 2012 – somewhat higher than 104th in 2013.
Is it safe to visit Armenia now? ›Armenia - Level 2: Exercise Increased Caution. Last Update: Reissued with updates to the Travel Advisory level and “Do Not Travel” areas. Exercise increased caution in Armenia due to areas of armed conflict. Some areas have increased risk.
Who gave Nagorno-Karabakh to Azerbaijan? ›"The Soviet Union created the Nagorno-Karabakh Autonomous Region within Azerbaijan in 1924 when over 94 percent of the region's population was Armenian.
What is the US response to Nagorno-Karabakh? ›The United States expresses its deep concern over the reports of intensive fighting around Nagorno-Karabakh, including casualties and the loss of life. We are closely following the situation and urge immediate steps to reduce tensions and avoid further escalation.
What percentage of Nagorno-Karabakh is Armenian? ›Nearing the collapse of the Soviet Union in 1989, the Nagorno-Karabakh Autonomous Oblast boasted a population of 145,593 Armenians (76.4%), 42,871 Azeris (22.4%), and several thousand Kurds, Russians, Greeks, and Assyrians.
What religion are most Armenians? ›About 97% of citizens belong to the Armenian Apostolic Church, an Eastern Christian denomination in communion with the other Oriental Orthodox churches.
Is Armenia recognize Nagorno-Karabakh as Azerbaijan? ›Armenia's prime minister said on Monday that Yerevan is ready to recognize “Nagorno-Karabakh” as part of Azerbaijan, provided that the security of the Armenian population in the region is ensured.
What countries support Armenia? ›Since its independence, Armenia has maintained a policy of complementarism by trying to have positive and friendly relations with Iran, Russia, and the West, including the United States and the European Union.
Is Armenia a part of NATO? ›
It is a full member of the Atlantic Treaty Association. In 2002, Armenia became an Associate Member of the NATO Parliamentary Assembly. In 2004, Armenia established a Permanent Mission to NATO located in Brussels, Belgium.