Russian hackers have reportedly hacked into an Armenian government-operated database. Armenia has previously been the target of a number of cyberattacks by Russian hackers amidst an ongoing deterioration of its relations with Russia.
Reports of the attack first emerged on Wednesday, with RFE/RL citing a Telegram post in a private, inaccessible channel allegedly run by a Russian hacking group that claimed to have successfully infiltrated the database using an FTP code transfer system.
‘The database is at our disposal’, the hackers declared.
The group reportedly demanded that the government transfer them $2.5 million within the next 48 hours, or else the database would be destroyed.
Later that evening, the Prime Minister's Office told Armenpress that the relevant authorities were verifying the authenticity of these reports, noting that they ‘do not have confirmation at this moment.’
Artur Papyan, the co-founder of CyberHub, a group of cyber security experts providing support to Armenian civil society, journalists, and independent media, told OC Media that the attack did not appear to be noteworthy. According to him the Russian group Cyber Wolves claimed responsibility for the attack, and soon after dropped the demanded ransom to $30,000.
Based on the information published by the group, viewed by Papyan and other CyberHub employees, the group hacked a government FTP server that provided semi-public access to unedited government footage.
In June, several government websites, including those of the National Security Service, the police, the official websites of the Prime Minister and the President, and of the Armenian Embassy in Ukraine, were targeted by the People’s Cyber Army of Russia, a group known for launching coordinated cyberattacks, particularly Distributed Denial of Service (DDoS) attacks.
‘The attacks appear to be politically motivated, targeting Armenia’s perceived shift towards Western alignment and away from traditional ties with Russia,’ said CyberHub at the time.
‘This group operates primarily through Telegram channels where they invite collaborators, provide them with the necessary tools and techniques, and coordinate their attacks. They offer detailed instructions on how to download, install, and configure DDoS attacking software, facilitating widespread participation in their campaigns,’ CyberHub explained.
CyberHub also said that the People’s Cyber Army of Russia has been involved in various significant cyber incidents in Ukraine, Estonia, and Georgia, among other countries, and that ‘their activities are motivated by geopolitical tensions and are often directed at countries and entities perceived as adversaries of Russia’.
In Armenia’s case, the group announced that these attacks were due to Armenia’s failure to strengthen historical ties with Russia and its growing alignment with Western countries, including the possibility of Armenia leaving the CSTO and Armenian government support for Ukraine.
They also expressed support for the anti-government Tavush for the Motherland movement.
Armenian government websites, as well as banks and telecom operators, have faced a number of cyberattacks this year, all of which, CyberHub has claimed, were launched by Russian or Russian-affiliated groups.
This most recent cyberattack occurred the same day Pashinyan accused the Russian-led CSTO of creating ‘threats to the security of Armenia, its future existence, sovereignty and statehood’.
The statements were dismissed by Moscow, with Russia’s presidential spokesperson Dmitri Peskov saying the security bloc ‘guards the sovereignty of its member states’.