Cyber Threat Actor: Azeri Ministry of Internal Affairs
| Actor Type | Location | Known Incidents |
Nation State
|
Azerbaijan
|
2 incidents |
|---|
Profile
The threat actor is known by the alias Azeri Ministry of Internal Affairs and is associated with Azerbaijan. This alias indicates a purported link to the Azerbaijani Ministry of Internal Affairs. The actor’s location is identified as Azerbaijan in the available reporting. No further geographic details are provided in the source material.
The actor has been observed conducting distributed denial‑of‑service operations against Ukrainian military agencies and state‑owned banks. These attacks targeted the defense and financial sectors within Ukraine. The stated purpose of the activity was to create disruption and undermine public confidence as part of a hybrid warfare campaign. The incidents resulted in website outages, online banking interruptions, payment processing failures and the spread of false text messages about ATM outages. Authorities responded by implementing geofencing rules to block foreign IP traffic targeting the affected services. Efforts also included dismantling bot farms that were spreading false information about ATM outages.
Attribution of the February 15 2022 DDoS effort has been made to hybrid warfare tactics, with analysts linking the activity to the Gamaredon threat group that is associated with Russian intelligence services. The connection to Gamaredon, which is associated with Russian intelligence services, indicates a link to Russian‑backed activity. The February 2022 operation against Ukrainian military and banking entities stands as the most prominently reported campaign linked to this actor. No additional malware families, initial access vectors or specific tooling are described in the cited sources. Beyond the February 2022 incident, no other distinct operations have been publicly attributed to this actor in the source material.
