Cyber Incident Victim: Official Internet resource of State Bodies of Azerbaijan

On January 28, 2016, the Monte Melkonian Cyber Army (MMCA), a hacker group affiliated with Armenian interests, executed a coordinated cyber attack against multiple Azerbaijani government online portals. The attackers employed distributed denial-of-service (DDoS) techniques to disrupt access to the E-Government Portal (e-gov.az), the Ministry of Taxes portal (taxes.gov.az), and the official State Bodies internet resource (gov.az), temporarily rendering these critical services unavailable. Following the DDoS disruption, MMCA penetrated the server infrastructure of Azerbaijan's Civil Service Commission (csc.gov.az), an entity operating under the President's administration, extracting sensitive user data. The compromised information included login credentials—names, email addresses, and encrypted passwords—belonging to 5,960 registered citizens. Additionally, the attackers exfiltrated and publicly released two CSV files containing substantially larger datasets: one file held records of 76,211 citizens with similar personal identifiers, while another contained thousands of documents, images, usernames, passwords, and other personally identifiable information, including national ID cards and passport details. Forensic analysis confirmed the authenticity of the leaked data, which had not previously appeared in public breaches.

The incident represented a significant compromise of Azerbaijani citizen data and governmental digital infrastructure, with immediate operational impacts on multiple public service portals during the attack window. MMCA publicly attributed the attack to Armenian Army Day celebrations, framing it as a retaliatory action within the broader context of ongoing cyber hostilities between Armenian and Azerbaijani hacker collectives. The breach exposed systemic vulnerabilities in the targeted systems, particularly the Civil Service Commission's data storage practices, enabling bulk extraction of sensitive records. No remediation efforts or technical countermeasures by Azerbaijani authorities were detailed in available reporting, though the attack occurred shortly after Azerbaijani hackers had allegedly compromised Armenian government websites and embassy portals in 40 countries. The mutually destructive cyber operations reflected the intensification of digital conflict paralleling the Nagorno-Karabakh territorial dispute, with both nations lacking formal diplomatic relations and remaining technically at war. The MMCA attack demonstrated heightened capabilities in combining service disruption with high-impact data exfiltration, significantly escalating risks to civilian privacy and governmental integrity.