New report denounces use of Pegasus during Armenia-Azerbaijan conflict

The smartphones of a former spokeswoman for the Ministry of Foreign Affairs, a representative of the United Nations and several members of Armenian civil society were attacked by the spyware Pegasus, in the context of a conflict between the country and the Azerbaijan, revealed Thursday, May 25 a new report from the NGO Access Now. The investigation, conducted in partnership with Citizen Lab, Amnesty International’s Security Lab, Armenian organization CyberHUB-AM and independent researcher Ruben Muradyan, identified twelve people whose phones were infected with the bug. controversial company NSO Group between October 2020 and December 2022.

The temporality of the infections and the choice of targeted phones suggest that these spy campaigns were motivated by the conflict that has pitted Armenia and Azerbaijan for more than thirty years, and the forty-four-day war that broke out in 2020. .

According to technical findings from Citizen Lab, the phone of Kristinne Grigoryan, at the time a defender of the rights of Armenia, was thus infected on October 4, shortly after the publication of a report on abuses committed by the Azerbaijani army and in the midst of a wave of reactions from the international community. “At the time I was so absorbed in work that I didn’t think so much of my private life (I didn’t really have one) as of my colleagues, of the people who came to see us for help. », she explains to Monde. “I felt responsible for the risks they incurred because of my phone, it tortured me. »

Similarly, numerous traces of Pegasus infection were found on Anna Naghdalyan’s phone between October 2020 and July 2021, when she was, for most of this period, spokesperson for the Ministry of Armenian foreign affairs. Technical analyzes have also identified several Armenian journalists and researchers targeted and monitored by Pegasus, most of whom have covered or spoken about the conflict. A journalist highly critical of the Armenian government, Samvel Farmanyan, was also hit by Pegasus in June 2022, according to Citizen Lab.

An unidentified customer

The investigation by Access Now and its technical partners did not make it possible to precisely attribute these new infections to a specific operator. NSO has always claimed to sell its products exclusively to States and police services. In 2021, the Project Pegasusa media consortium (including The world) conducted by Forbidden Stories, had identified a large number of Azeri telephone numbers, including those of political opponents and journalists, selected by a Pegasus operator for a potential infection attempt. Technical analysis had, for example, revealed than the reporter’s phone investigator Khadija Ismayilova showed traces of spyware infection between March 2018 and May 2021.

In addition, the Access Now report explains that the Citizen Lab, at the forefront of the analysis of the spyware market, has identified two potential Pegasus operators on Azerbaijani territory, connected, among other things, to domain names purchased in 2018. The first, nicknamed “YANAR”, “seems to select exclusively domestic targets in Azerbaijan while [le second], BOZBASH, has a large number of targets within Armenian entities. » For Kristinne Grigoryan, it seems obvious that the NSO client who wiretapped her is in Azerbaijan: “I know almost all of the Armenian victims, and all of these people were actively working in connection with the conflict, whether in the media or international organizations. »

For their part, the Armenian authorities have never been technically linked to espionage campaigns using Pegasus. On the other hand, analyzes carried out by Meta and the Citizen Lab made it possible to reveal in 2021 the existence in Armenia of a client of Cytrox, another surveillance mercenary established in North Macedonia.

A disturbing new use

Private companies selling increasingly sophisticated spyware to states have been singled out for years for the abuses and abuses they make possible. This “uberization” of espionage allows certain authoritarian countries to monitor opponents, journalists, human rights defenders thanks to tools sold by companies often considered to be too little controlled.

The new report from Access Now lifts the veil on a less studied case so far. “NSO has always claimed that Pegasus was sold to fight crime and terrorism. Project Pegasus revealed that this software was also used for espionage: this new investigation proves that Pegasus is also used during armed conflicts »emphasizes to the Monde John Scott Railton, expert at Citizen Lab. “Concretely, if I were a State whose diplomats were engaged in any form around this conflict [dans le Haut-Karabakh], I would be concerned that their activities and conversations might have been exposed to this surveillance. »