Cyber Incident Victim: Ministry of Foreign Affairs of Azerbaijan
Date:
Sep 2016
Location:
Azerbaijan
Summary
Armenian hacker groups, including the Monte Melkonian Cyber Army, breached Azerbaijani government and financial systems, leaking sensitive data from military, police, and banking servers. The attackers exfiltrated personal information of thousands of individuals, including military officers and bank customers, and defaced multiple embassy websites along with the Ministry of Foreign Affairs' AIDA portal. Hackers cited retaliation linked to Armenian independence commemorations and provided deceased officials' records to validate the data's authenticity, continuing a longstanding cyber conflict rooted in the Nagorno-Karabakh dispute.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 2 actors | Available to members | Available to members |
Description
On September 25, 2016, Armenian hacking group Monte Melkonian Cyber Army (MMCA) executed a coordinated cyber attack against Azerbaijani government and financial institutions, coinciding with the 25th anniversary of Armenian independence. The group leaked multiple datasets allegedly containing sensitive information from Azerbaijani banks, military, and police servers. One leaked folder contained personal details of 1,200 Azerbaijani officers, including names, ID numbers, phone numbers, and residential addresses. A separate folder labeled "Azerbaijan military & police officer personal info" contained profiles of 46 officials, including deceased military officer Bayramov Vaqif Dilqem Oglu, whose records were used to authenticate the data's legitimacy. Simultaneously, another Armenian group operating under the aliases "Noyer_1K" and "n0p_c0ntr01" leaked a customer database from an Azerbaijani bank containing personal information of approximately 10,000 individuals. Independent analysis by cybersecurity journalists confirmed three additional folders with banking details affecting over 9,000 customers.
The attackers complemented data leaks with website defacements targeting multiple Azerbaijani diplomatic missions, including embassies in Bulgaria, Netherlands, Qatar, and the Ministry of Foreign Affairs AIDA portal. Zone-h mirror records provided public evidence of these compromises. While forensic examination revealed no substantial intelligence value in the leaked data, the incident escalated ongoing cyber hostilities between Armenia and Azerbaijan dating to 2013. This attack followed MMCA's previous compromise of 5,000 Azerbaijani citizen ID cards and passports. The operation occurred against the backdrop of unresolved military conflict over Nagorno-Karabakh, with both nations maintaining no formal diplomatic relations. No official remediation efforts or containment actions by Azerbaijani authorities were documented in available reports following the breach.