Content note: The following post contains references to alleged murder and war crimes.
NSO Group’s Pegasus spyware is now being used as a weapon in international military conflict, targeting civil society as Armenia is under attack.
A new investigation by Access Now and partners, Hacking in a war zone: Pegasus spyware in the Azerbaijan-Armenia conflict, exposes the depth and breadth of this ongoing, expanding assault on privacy, freedom of expression, and human rights online. Currently, there are at least 12 civil society victims, including journalists, human rights defenders, activists, academics, and a United Nations official that have been targeted in the midst of the brutal Azerbaijan-Armenia war over the Nagorno-Karabakh territories.
These infections add to the growing list of known Pegasus attacks across the globe, but are the first documented cases of this dangerous technology in international war between two sovereign states.
Helping attack those already experiencing violence is a despicable act, even for a company like NSO Group. Inserting harmful spyware technology into the Armenia-Azerbaijan conflict shows a complete disregard for safety and welfare, and truly unmasks how depraved priorities can be. People must come before profit — it’s time to disarm spyware globally.Natalia Krapiva, Tech-Legal Counsel at Access Now
Targets include:
- Kristinne Grigoryan, former Human Rights Defender of the Republic of Armenia — an Ombudsperson — whose device was infected as she spoke out about alleged atrocities being committed against Armenian soldiers by Azerbaijani forces;
- Karlen Aslanyan, RFE/RL’s Armenian Service journalist and a host of a popular political show; and
- Anna Naghdalyan, an NGO representative and former Spokesperson of the Republic of Armenia privy to the sensitive conversations and negotiations related to the Nagorno-Karabakh crisis.
This investigation shows that despite the barrage of scandals and the associated lawsuits and sanctions, NSO Group has blatantly chosen to continue facilitating abuses around the world. Providing Pegasus spyware in the context of a violent conflict — to any sides — has the obvious, substantial risk of contributing to and facilitating serious human rights violations and war crimes.
The act of deploying invasive spyware in a conflict already marred by grave humanitarian law violations demonstrates an appalling, blatant disregard towards the most basic humanitarian principles of distinction and precaution — that civilians, human rights defenders, and journalists must not be targeted, and risks against them must be minimized. Those responsible for selling, managing, or servicing these tools cannot claim ignorance when they are used in vicious cyber-attacks against people protected under international humanitarian law.Giulio Coppi, Senior Humanitarian Officer at Access Now
The investigation began after Apple warned people in November 2021 that they may be targeted with state-sponsored spyware. Civil society actors from Armenia contacted CyberHUB-AM and Access Now’s Digital Security Helpline to check their devices, and the true extent of Armenia hacking started coming to light.
This new analysis — which also includes recommendations for governments, the private sector, and other actors — is a joint investigation between Access Now, CyberHUB-AM, the Citizen Lab, Amnesty International’s Security Lab, and independent mobile security researcher, Ruben Muradyan.