Cyber Incident Victim: State Bodies
Date:
Jan 2016
Location:
Azerbaijan
Summary
Armenian hackers associated with the Monte Melkonian Cyber Army targeted Azerbaijani government infrastructure with DDoS attacks and data breaches, disrupting critical portals including the E-Government system, Ministry of Taxes, and State Bodies' official resource. The attackers compromised servers under the President's administration, exfiltrating and leaking sensitive personal data encompassing names, emails, encrypted passwords, ID cards, and passports belonging to thousands of citizens, with one dataset affecting over 76,000 individuals. This incident occurred amid persistent cyber hostilities linked to the unresolved Nagorno-Karabakh conflict between the two nations.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 3 motives | 2 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On January 28, 2016, the Monte Melkonian Cyber Army (MMCA), an Armenian hacker group, executed a coordinated cyber attack against multiple Azerbaijani government digital assets to coincide with Armenian Army Day. The attackers deployed distributed denial-of-service (DDoS) attacks that disrupted access to three critical government portals: the E-Government Portal (e-gov.az), the Ministry of Taxes website (taxes.gov.az), and the official State Bodies internet resource (gov.az). Following the DDoS disruptions, MMCA breached the server of Azerbaijan's Civil Service Commission (csc.gov.az), an entity operating under the President's administration. The intrusion resulted in the theft of login credentials belonging to 5,960 registered users, including citizens' names, email addresses, and encrypted passwords. Analysis confirmed the compromised data was authentic and had not previously been exposed publicly. The attackers supplemented this leak with two additional CSV files containing broader datasets: one listing names, emails, and encrypted passwords for 76,211 citizens, and another containing documents, images, usernames, passwords, and other personal identifiers from thousands more individuals.
The incident represented a significant compromise of Azerbaijani citizen data and government digital infrastructure, with immediate operational impacts including sustained downtime for multiple critical services. The Civil Service Commission breach specifically exposed sensitive citizen registration details, while the supplementary leaks expanded the scope to include identity documents and authentication credentials. The attack occurred amid heightened cyber hostilities between Armenian and Azerbaijani groups, contextualized by the unresolved Nagorno-Karabakh conflict and absence of diplomatic relations between the nations. One week prior, Azerbaijani hackers had targeted Armenian government websites and embassy portals across 40 countries, establishing a pattern of reciprocal cyber operations. MMCA's actions demonstrated capabilities in both disruptive DDoS tactics and targeted data exfiltration, with the stolen datasets verified as novel exposures rather than recycled information. No remediation efforts or official responses from affected Azerbaijani entities were documented in available reporting following the intrusion.