Content note: The following post contains references to alleged murder and war crimes.
NSO Group’s Pegasus spyware is now being used as a weapon in international military conflict, targeting civil society as Armenia is under attack.
A new investigation by Access Now and partners, Hacking in a war zone: Pegasus spyware in the Azerbaijan-Armenia conflict, exposes the depth and breadth of this ongoing, expanding assault on privacy, freedom of expression, and human rights online. Currently, there are at least 12 civil society victims, including journalists, human rights defenders, activists, academics, and a United Nations official that have been targeted in the midst of the brutal Azerbaijan-Armenia war over the Nagorno-Karabakh territories.
These infections add to the growing list of known Pegasus attacks across the globe, but are the first documented cases of this dangerous technology in international war between two sovereign states.
- Kristinne Grigoryan, former Human Rights Defender of the Republic of Armenia — an Ombudsperson — whose device was infected as she spoke out about alleged atrocities being committed against Armenian soldiers by Azerbaijani forces;
- Karlen Aslanyan, RFE/RL’s Armenian Service journalist and a host of a popular political show; and
- Anna Naghdalyan, an NGO representative and former Spokesperson of the Republic of Armenia privy to the sensitive conversations and negotiations related to the Nagorno-Karabakh crisis.
This investigation shows that despite the barrage of scandals and the associated lawsuits and sanctions, NSO Group has blatantly chosen to continue facilitating abuses around the world. Providing Pegasus spyware in the context of a violent conflict — to any sides — has the obvious, substantial risk of contributing to and facilitating serious human rights violations and war crimes.
The investigation began after Apple warned people in November 2021 that they may be targeted with state-sponsored spyware. Civil society actors from Armenia contacted CyberHUB-AM and Access Now’s Digital Security Helpline to check their devices, and the true extent of Armenia hacking started coming to light.
This new analysis — which also includes recommendations for governments, the private sector, and other actors — is a joint investigation between Access Now, CyberHUB-AM, the Citizen Lab, Amnesty International’s Security Lab, and independent mobile security researcher, Ruben Muradyan.