Cyber Incident Victim: Civil Service Commission of Azerbaijan
Date:
Jan 2016
Location:
Azerbaijan
Summary
A group identifying as the Monte Melkonian Cyber Army, attributed to Armenian actors, conducted cyberattacks against multiple Azerbaijani government portals, disrupting services through DDoS operations and breaching servers. The attackers compromised the Civil Service Commission's systems, exfiltrating and leaking sensitive data including login credentials, names, emails, encrypted passwords, ID cards, and passport details belonging to tens of thousands of citizens. This incident resulted in significant operational disruption to critical government services and exposed substantial volumes of personal information, escalating tensions amid the ongoing regional conflict.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 3 motives | 2 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On January 28, 2016, the Monte Melkonian Cyber Army (MMCA), an Armenian hacker group, executed a coordinated cyber attack against multiple Azerbaijani government digital infrastructures. The assault began with distributed denial-of-service (DDoS) attacks that disrupted access to three critical portals: the E-Government Portal (e-gov.az), the Ministry of Taxes website (taxes.gov.az), and the official State Bodies internet resource (gov.az). These disruptions rendered essential public services inaccessible. Following the DDoS operations, MMCA penetrated the servers of the Civil Service Commission of Azerbaijan (csc.gov.az), an agency operating under the President’s administration. The attackers exfiltrated sensitive user data from these systems, subsequently leaking credentials for 5,960 registered citizens, including names, email addresses, and encrypted passwords. Initial analysis confirmed the authenticity of this dataset, which had not previously been exposed publicly. The timing coincided with Armenian Army Day celebrations, aligning with historical patterns of symbolic cyber operations between the two nations.
The breach expanded beyond credential theft, with MMCA releasing two CSV files containing broader datasets. The first file exposed personal details of 76,211 Azerbaijani citizens, while the second contained documents, images, usernames, passwords, and additional personally identifiable information, including ID cards and passports. This compromise placed thousands of citizens at risk of identity theft and financial fraud. The incident occurred amid an escalating cycle of retaliatory cyber operations between Armenian and Azerbaijani threat actors, contextualized by the unresolved Nagorno-Karabakh conflict and the absence of diplomatic relations. One week prior, Azerbaijani hackers had targeted Armenian government websites and embassy portals across 40 countries. The MMCA operation demonstrated technical sophistication through its multi-phase execution—combining disruptive DDoS with sustained network intrusion—and resulted in one of the most significant known data exposures of Azerbaijani civilian information at the time. No official remediation efforts or containment actions by Azerbaijani authorities were documented in available sources following the breach.