Cyber Incident Victim: Ministry of Emergency Situations of the Republic of Azerbaijan
Date:
Dec 2015
Location:
Azerbaijan
Summary
Azerbaijani government ministries, including the Ministry of Emergency Situations, were breached by Armenian hackers from the Monte Melkonian Cyber Army, resulting in the theft of sensitive personal data such as identification documents, family records, and resumes. The attack was retaliation for recent border clashes that led to casualties, with the group exploiting undisclosed vulnerabilities to maintain server access for over a month before exposure. This incident is part of an ongoing cyber conflict between Armenian and Azerbaijani groups, following previous breaches targeting financial institutions and citizen data.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
In December 2015, the Monte Melkonian Cyber Army (MMCA), an Armenian hacker group, breached servers belonging to Azerbaijan’s Ministry of Labour and Social Protection and Ministry of Emergency Situations. The attack resulted in the theft of sensitive documents and images containing citizens' personal data, including resumes, family records, identification cards, and passport numbers. MMCA representatives stated the intrusion was a protest against border clashes that month involving the deaths of one Armenian soldier and three Azerbaijani soldiers. The hackers claimed to have maintained unauthorized access to the ministries’ systems for over a month prior to detection. After leaking the stolen data on Facebook, the compromised servers blocked the attackers’ IP address, terminating their access. MMCA declined to disclose the specific vulnerabilities exploited during the breach. Analysis of the leaked data confirmed its inclusion of personally identifiable information, though the full scope of affected individuals was not quantified in available reports. This incident followed MMCA’s prior cyber operations against Azerbaijani entities, including a November 2015 breach of the Central Bank that exposed banking details and personal information of thousands, and a July 2015 leak of ID cards and passports belonging to 5,000 citizens.
The attack occurred within a longstanding pattern of reciprocal cyber hostilities between Armenian and Azerbaijani groups, exacerbated by unresolved military and territorial disputes over Nagorno-Karabakh. Historical precedents included Azerbaijani hackers targeting Armenian government websites in June 2014, including the presidential site. Diplomatic relations between the two nations remained severed due to the ongoing conflict, creating a persistent environment for politically motivated cyber operations. No public statements from the Azerbaijani ministries regarding containment measures, forensic investigations, or victim notifications were documented in the source material. The data exposure via social media platforms represented a direct operational impact, potentially enabling identity fraud or surveillance against affected citizens. MMCA’s sustained access to ministerial servers indicated potential deficiencies in intrusion detection or vulnerability management, though no technical details about the compromised infrastructure were verified. The incident underscored the intersection of regional geopolitical tensions with cyber operations targeting civilian administrative systems and sensitive citizen data.