Cyber Incident Victim: Embassy of Azerbaijan in Bulgaria
Date:
Sep 2016
Location:
Bulgaria
Summary
Armenian hackers associated with the Monte Melkonian Cyber Army breached multiple Azerbaijani government and financial entities, including embassies in Bulgaria, the Netherlands, and Qatar, along with banking and military servers. The attackers leaked personal data of thousands of individuals, including military officers and bank customers, and defaced official websites. They cited retaliation linked to Armenia’s independence anniversary and validated the data’s authenticity using details of a deceased military official. This incident occurred within the context of an ongoing cyber conflict between Armenian and Azerbaijani groups, stemming from historical geopolitical tensions over the Nagorno-Karabakh region.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 2 actors | Available to members | Available to members |
Description
On September 25, 2016, Armenian hacker group Monte Melkonian Cyber Army (MMCA) executed a coordinated cyber attack against Azerbaijani government and financial entities, coinciding with the 25th anniversary of Armenian independence. The group leaked multiple datasets allegedly containing sensitive information from Azerbaijani banks, military, and police servers. One leaked folder contained personal details of 1,200 Azerbaijani officers, including names, ID numbers, phone numbers, and residential addresses. A separate folder labeled "Azerbaijan military & police officer personal info" exposed profiles of 46 officials, including deceased military officer Bayramov Vaqif Dilqem Oglu, whose records were used to validate the data's authenticity. Concurrently, another Armenian hacker using the alias "Noyer_1K, n0p_c0ntr01" leaked a customer database from an Azerbaijani bank containing approximately 10,000 records. Analysis by cybersecurity outlet HackRead confirmed three additional folders with banking details affecting over 9,000 customers, though no substantive intelligence was identified in the leaks.
The attackers supplemented data breaches with website defacements targeting Azerbaijani diplomatic missions and government portals. Compromised sites included the Azerbaijani embassies in Bulgaria, Netherlands, and Qatar, along with the Ministry of Foreign Affairs AIDA platform. MMCA provided Zone-h mirror links as proof of successful intrusions. This incident extended a pattern of cyber hostilities between Armenian and Azerbaijani groups dating to 2013, with MMCA having previously leaked ID cards and passports of 5,000 Azerbaijani citizens. The attacks occurred against the backdrop of unresolved military conflict over Nagorno-Karabakh, with no diplomatic relations between the nations. HackRead's verification confirmed the exposure of personal information but found no strategic military or state secrets in the leaked datasets, underscoring the operation's symbolic nature as a geopolitical provocation rather than intelligence-gathering initiative.