Cyber Incident Victim: Official Internet resource of State Bodies of Azerbaijan
Date:
Apr 2016
Location:
Azerbaijan
Summary
A cyber conflict emerged between Turkish and Armenian hacker groups amid military clashes over the Nagorno-Karabakh region, with the Azerbaijani government targeted by the Monte Melkonian Cyber Army (MMCA), resulting in server shutdowns and sensitive data leaks. In retaliation, the Turk Hack Team (THT) launched disruptive attacks against Armenian entities, including government and financial institutions, escalating tensions through reciprocal cyber operations tied to the territorial dispute.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 2 actors | Available to members | Available to members |
Description
In early April 2016, Armenian hacker group Monte Melkonian Cyber Army (MMCA) executed cyber attacks against Azerbaijani government infrastructure amid escalating hostilities over the disputed Nagorno-Karabakh region. The attacks occurred following violent clashes between Armenian and Azerbaijani forces that resulted in at least 30 military fatalities, with both nations accusing each other of initiating hostilities. MMCA targeted Azerbaijani government servers, successfully forcing shutdowns as a demonstration of capability and political protest. While specific technical details of the attack vectors remain undisclosed in available reporting, the group has historically employed website defacements and sensitive data leaks against Azerbaijani targets to assert Armenian territorial claims. The incident involving 'gov.az' domains formed part of this broader offensive campaign timed to coincide with renewed physical conflict in the region.
The Azerbaijani server disruptions prompted retaliatory cyber operations by the Turk Hack Team (THT), a Turkish hacker collective aligning itself with Azerbaijan's geopolitical position. On April 3, 2016, THT claimed responsibility for coordinated distributed denial-of-service (DDoS) attacks against Armenian critical infrastructure websites, citing solidarity with Azerbaijan and retaliation against perceived Armenian aggression. Their targets included Armenia's government portal (gov.am), National Bank, National Security Service, and Ministry of Energy and Economy. THT asserted these attacks successfully restricted access to the targeted sites, leveraging their established DDoS capabilities previously demonstrated against the Vatican's website during earlier geopolitical disputes. The cyber conflict between MMCA and THT represented a non-state escalation of the Nagorno-Karabakh dispute, with hacker groups independently initiating offensive operations to supplement conventional military engagements between the nations. No verifiable technical details regarding attack mitigation, forensic analysis, or restoration efforts by Azerbaijani authorities were documented in available contemporaneous reporting.