Cyber Threat Actor: A.S.A.L.A.
| Actor Type | Location | Known Incidents |
Activist
|
Armenia
|
5 incidents |
|---|
Profile
The Armenian hacker collective known as A.S.A.L.A., which operates from Armenia, has been publicly identified in multiple incidents targeting Azerbaijani online assets. The group’s name appears in reports detailing a November 2015 cyberattack that defaced the Mortgage Fund sub‑domain of the Azerbaijan Central Bank and resulted in the exfiltration and public release of customer data including names, email addresses, phone numbers, passwords and administrative credentials. Earlier in July 2015, the same or a closely affiliated Armenian faction, referenced as the Monte Melkonian Cyber Army, compromised the Azerbaijani customs website and stole personal information of approximately 5 650 citizens. These actions demonstrate a pattern of focusing on governmental and financial sector web properties within Azerbaijan, suggesting that the group’s strategic objectives include disrupting adversary services and exposing sensitive information to undermine confidence in the targeted institutions. The public leaking of stolen data, accompanied by statements of pride from the attackers, indicates an intent to achieve psychological impact and propaganda value rather than direct financial gain.
In terms of tactics, the publicly available sources describe website defacement and data theft as the primary methods employed by A.S.A.L.A., with no explicit mention of specific malware families, exploit kits, or particular initial access vectors such as phishing or supply‑chain compromise. The group’s tooling style appears to rely on straightforward web‑application attacks that enable unauthorized access to databases and the subsequent extraction of records, which are then dumped in a disorganized format that complicates analysis. Attribution to the group is based on their self‑identification in the leaked data and the accompanying communications; no public sources have linked A.S.A.L.A. to a state sponsor or a formal criminal consortium, leaving its affiliation as an independent hacker collective motivated by the broader Armenian‑Azerbaijani conflict over Nagorno‑Karabakh. The most notable campaign attributed to A.S.A.L.A. remains the November 2015 Azerbaijan Central Bank breach, which exemplifies the group’s capability to conduct coordinated defacement, data exfiltration and public disclosure operations against high‑profile targets in the region.
