Cyber Incident Victim: Azerbaijani Ministry of Labour and Social Protection

On December 19, 2015, Armenian hacker group The Monte Melkonian Cyber Army (MMCA) breached servers belonging to Azerbaijan's Ministry of Labour and Social Protection and Ministry of Emergency Situations. The attackers exfiltrated sensitive documents, images, resumes, family records, national identification cards, and passport numbers belonging to registered citizens. MMCA representatives stated the intrusion was retaliation for fatal border clashes earlier that month involving the deaths of three Azerbaijani soldiers and one Armenian soldier. The group maintained unauthorized access to the compromised systems for over one month prior to public disclosure. Attackers did not disclose the specific vulnerabilities exploited but confirmed their access was terminated when Azerbaijani authorities blocked their IP addresses following the data leak. The stolen records appeared on Facebook pages controlled by MMCA, though the full distribution scope wasn't detailed in available reports.

This incident exposed personally identifiable information of Azerbaijani citizens through unauthorized disclosures on social media platforms. The breach represented an escalation in MMCA's operations, following their July 2015 leak of 5,000 Azerbaijani ID cards and passports and a November 2015 attack on Azerbaijan's Central Bank that compromised customer banking details. Azerbaijani authorities implemented IP blocking measures to terminate the attackers' server access after the data became public. Historical context indicates persistent cyber hostilities between Armenian and Azerbaijani groups, exemplified by Azerbaijani hackers targeting Armenian presidential and ministry websites in June 2014. The Nagorno-Karabakh territorial dispute remains the primary motivator for these cross-border cyber operations, with both nations maintaining no formal diplomatic relations and a technical state of war since the 1990s ceasefire.