Israel's NSO Group became the center of controversy after an international media consortium in July 2022 reported that its Pegasus spyware was used in attempts to hack smartphones belonging to more than a dozen current or former world leaders, journalists, human rights activists, and executives in some 50 countries.
The joint investigation was conducted with Amnesty International's Security Lab, Access Now, Canadian Internet watchdog Citizen Lab, CyberHUB-AM, and independent mobile security researcher Ruben Muradyan. The report on the probe, released on Thursday, said evidence points to the Nagorno-Karabakh conflict as the reason for the attempted espionage between October 2020 and December 2022.
It did not specifically accuse Azerbaijan of wrongdoing, but the investigators noted that Pegasus software has been used "extensively" by the country to target "a wide range of journalists." More than a thousand Azerbaijani phone numbers were “selected for targeting by a Pegasus customer,” according to them.
“We have grounds to assert that this was an Azerbaijani operation,” said Artur Papian, an Armenian cyber security expert who also participated in the investigation. “This cannot be asserted with one hundred percent certainty because we can see that … the targets also included many individuals critical of the [Armenian] authorities.”
“So there is a reasonable suspicion that the Armenian authorities could have also done this,” Papian told RFE/RL’s Armenian Service.
The joint investigation began in Armenia when tech giant Apple sent notifications to users in November 2021 warning they may have been the targets of state-sponsored spyware.
It showed that Karlen Aslanian and Astghik Bedevian of RFE/RL's Armenian Service were among those targeted in the context of the Nagorno-Karabakh conflict. Others targeted included Armenia’s former Foreign Ministry spokeswoman and human rights ombudswoman as well as three outspoken critics of Prime Minister Nikol Pashinian.
"It is no accident that our Armenian Service journalists targeted with Pegasus spyware are well-known for their hard-hitting reporting," said RFE/RL President and CEO Jamie Fly.
"I am outraged by this gross violation of their privacy and harbor strong suspicions that the government of Azerbaijan is responsible. I am grateful to our partners for their assistance."
"This investigation highlights the grave nature of spyware threats rippling across civil societies in Armenia and Azerbaijan," Donncha O Cearbhaill, head of Amnesty International's Security Lab, said for his part.
"The authorities must stop all efforts to stifle freedom of expression and undertake an independent and transparent investigation into the attack with Pegasus uncovered in both countries," he added.