Cyber Incident Victim: Embassy of Azerbaijan in Qatar
Date:
Sep 2016
Location:
Azerbaijan
Summary
A cyberattack attributed to Armenian hacking group Monte Melkonian Cyber Army targeted Azerbaijani diplomatic and government infrastructure, including the embassy in Qatar, alongside other embassies and state portals. The attackers leaked sensitive data purportedly belonging to military and police personnel—including personal details of over 1,200 officers—and compromised banking records affecting approximately 10,000 customers. They defaced multiple official websites to publicize the breaches, framing the operation as a symbolic act amid the protracted Nagorno-Karabakh conflict between Armenia and Azerbaijan. The incident reflects an ongoing pattern of cyber hostilities between the two nations, with previous attacks involving data leaks targeting civilian and governmental entities.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 2 actors | Available to members | Available to members |
Description
On September 25, 2016, the Monte Melkonian Cyber Army (MMCA), an Armenian hacker group, executed a coordinated cyber attack targeting Azerbaijani government and financial institutions. The group leaked datasets purportedly containing personal information of 1,200 Azerbaijani military and police officers, including names, ID numbers, phone numbers, and residential addresses. A separate Armenian hacker using the alias "Noyer_1K, n0p_c0ntr01" simultaneously released a customer database from an Azerbaijani bank containing records for approximately 10,000 individuals. MMCA claimed these attacks served as a "precious gift" to Azerbaijanis on the 25th anniversary of Armenian independence. The hackers substantiated their claims by including personal details of deceased military official Bayramov Vaqif Dilqem Oglu in the leaked military data. Concurrently, MMCA defaced multiple Azerbaijani government websites, including the Embassy of Azerbaijan in Qatar, the embassies in Bulgaria and Netherlands, and the Ministry of Foreign Affairs AIDA portal. The group publicly shared Zone-h mirror links confirming successful compromises of these websites.
The incident exposed sensitive personal information of thousands of Azerbaijani citizens and officials, though independent analysis by HackRead found no evidence of highly classified material in the leaks. This attack continued a pattern of cyber hostilities between Armenian and Azerbaijani groups dating to 2013, with MMCA having previously leaked identification documents of 5,000 Azerbaijani citizens. The hackers leveraged the Nagorno-Karabakh conflict as ideological motivation, emphasizing the absence of diplomatic relations between the nations. No official remediation efforts or statements from Azerbaijani authorities regarding incident response were documented in available sources. The defacements temporarily disrupted access to embassy websites while exposing institutional vulnerabilities, though the operational impact beyond data exposure and temporary website alterations remained unverified. Historical context indicated this formed part of an ongoing digital front in the protracted Armenia-Azerbaijan geopolitical conflict.