A joint investigation by a group of watchdog organisations has claimed that 12 individuals in Armenia, including former officials and several members of civil society groups, were targeted with Pegasus spyware during and after the Second Nagorno-Karabakh War.
The investigation was carried out by Access Now, a New York-based international digital rights advocacy group, CyberHUB-AM, the Citizen Lab, Amnesty International's Security Lab, and Ruben Muradyan, an independent mobile security expert.
It revealed that at least 12 Armenians were targeted with Pegasus spyware by a ‘governmental Pegasus customer’ between October 2020 and December 2022.
Among those reportedly targeted by the spyware were Anna Naghdalyan, a former Armenian Defence Ministry spokesperson, former Armenian Human Rights Defender Kristinne Grigoryan, and Ruben Melikyan, Nagorno-Karabakh’s former Human Rights Defender.
Citizen Lab claims that Anna Naghdalyan’s device was infected with Pegasus as early as 11 October 2020 — less than a month after the beginning of the Second Nagorno-Karabakh War. Access Now noted that the ‘timing of the targeting strongly [suggests] that the conflict was the reason for the targeting’.
Amnesty International reports that Melikyan ‘had his device infected in May 2021 while he was actively monitoring the 2021 parliamentary elections’.
According to Amnesty International’s Security Lab, the Pegasus spyware grants the operator almost unrestricted administrative access to the target's phone, including its microphone and camera, and the ability to monitor keystrokes.
‘Pegasus infections continued into at least December 2022, during the time this investigation was still ongoing’, stated Access Now.
Other reported targets of the spyware include Varuzhan Geghamyan, a Turkology professor at Yerevan State University, Samvel Farmanyan, prominent government critic and co-founder of ArmNews, and two RFE/RL reporters — Karlen Aslanyan and Astghik Bedevyan.
Access Now noted that this was ‘the first documented evidence of the use of Pegasus spyware in an international war context’.
The groups, according to Access Now, were able to confirm that the victims’ phones were infected after Apple notified them about a potential infection in November 2021.
The joint investigation stopped short of ‘conclusively’ identifying any government actors behind the hacking, but noted that Azerbaijan had previously been repeatedly accused of using spyware against domestic critics and journalists, including Pegasus.
In 2021, the Organized Crime and Corruption Reporting Project reported that Pegasus spyware was used to compromise the phones of independent Azerbaijani journalists Khadija Ismaylova and Sevinj Vagifgizi.
Access Now referred to the suspected perpetrator as a ‘governmental Pegasus customer’ while Citizen Lab identified two ‘suspected Pegasus operators’ based in Azerbaijan: BOZBASH and YANAR.
‘The BOZBASH operator has targets including a broad range of entities within Armenia’, Access Now noted.
While Access Now did not rule out Armenia’s ‘interest’ in obtaining information pertaining to the activities of their local critics, they stated that they were ‘unaware of any technical evidence’ to suggest that Armenia had used Pegasus.
Armenia had previously been implicated in using the hacking services of Cytrox, a North Macedonian company, in 2021.
Pegasus spyware was developed by the Israel-based cyber-surveillance company NSO Group and has been used against government officials as well as human rights activists and other civil society actors since at least 2015, in countries including Mexico, Rwanda, and India.
In November 2021, the US Department of Commerce sanctioned NSO Group for supplying spyware to 'foreign governments that used these tools to maliciously target government officials, journalists, businesspeople, activists, academics, and embassy workers'.
After the investigation’s publication on Thursday, Martinez de la Serna, Program Director at the Committee to Protect Journalists, called for Armenian and Azerbaijani authorities to allow ‘transparent inquiries’ into the targeting of Armenian journalists with Pegasus.
‘NSO Group must offer a convincing response to the report’s findings and stop providing its technologies to states or other actors who target journalists’, added de la Serna.
In 2020, international media rights group Reporters Without Borders included NSO Group in their annual ‘list of 20 worst digital predators’.
NSO maintains that it only offers Pegasus to governmental entities to help them ‘collect data from the mobile devices of specific suspected major criminals’.
For ease of reading, we choose not to use qualifiers such as ‘de facto’, ‘unrecognised’, or ‘partially recognised’ when discussing institutions or political positions within Abkhazia, Nagorno-Karabakh, and South Ossetia. This does not imply a position on their status.