Cyber Incident Victim: Monte Melkonian Cyber Army
Date:
Jan 2016
Location:
Azerbaijan
Summary
Armenian hackers from the Monte Melkonian Cyber Army executed a cyber attack against Azerbaijani government portals, employing DDoS tactics to disrupt critical services including the E-Government Portal, Ministry of Taxes, and State Bodies' official internet resource. The group further breached servers under the President's administration, compromising and leaking sensitive data encompassing names, emails, encrypted passwords, ID cards, and passport details of over 76,000 citizens. This incident, occurring amid heightened tensions linked to the Nagorno-Karabakh conflict, exposed unprecedented volumes of personal information and government credentials, marking a significant breach of citizen privacy and state infrastructure.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 2 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On January 28, 2016, the Monte Melkonian Cyber Army (MMCA), an Armenian hacker group, executed a coordinated cyberattack against multiple Azerbaijani government digital assets. The attackers deployed distributed denial-of-service (DDoS) techniques to disrupt critical online services, successfully incapacitating three primary government portals: the E-Government Portal (e-gov.az), the Ministry of Taxes portal (taxes.gov.az), and the central hub for state bodies (gov.az). Concurrently, MMCA infiltrated the Civil Service Commission’s server (csc.gov.az), a body operating under the Azerbaijani president, exfiltrating sensitive user data. The compromised dataset included login credentials—names, email addresses, and encrypted passwords—belonging to 5,960 registered citizens. Subsequent analysis confirmed the authenticity of this data, which had not previously been exposed online. The attackers further leaked two CSV files: one containing credentials for 76,211 citizens and another housing identity documents, passport images, usernames, passwords, and additional personal information. This breach represented a significant compromise of citizen data directly tied to state infrastructure.
The incident’s impact extended beyond service disruption, exposing thousands of Azerbaijani citizens to potential identity theft and fraud due to the dissemination of sensitive documents. The timing coincided with Armenian Army Day, aligning the operation with symbolic national significance. This attack occurred within the context of an ongoing cyber conflict between Armenian and Azerbaijani groups, following a prior offensive by Azerbaijani hackers that targeted Armenian government websites and embassies in 40 countries. No technical mitigation efforts or official responses from Azerbaijani authorities were detailed in available reporting. The intrusion underscored systemic vulnerabilities in state digital systems amid the protracted Nagorno-Karabakh conflict, where both nations remain technically at war with no formal diplomatic relations. The absence of recovered data or restored service timelines in public records left the full operational and reputational consequences unquantified.