Apple warns Armenians of state-sponsored hacking attempts

Apple has sent alerts to people in Armenia in recent weeks that their phones are being targeted by state-sponsored hackers, with several cybersecurity experts warning that it is likely tied to Pegasus spyware.

CyberHUB, an Armenian digital rights organization that is investigating the incidents, said the number of spyware infections in the country has been steadily increasing over the last two years. Many infections are linked to the government of Azerbaijan, which has had a history of conflict with Armenia especially concerning the disputed Nagorno-Karabakh region.

“In the case of Armenia, these warnings mean that the phone was infected with Pegasus spyware,” said CyberHUB co-founder Samvel Martirosyan, referring to the surveillance tool developed by Israeli firm NSO Group and sold to governments around the world.

Although Apple’s notifications did not specify the spyware used or identify who was responsible for the hack, there is some evidence that the latest wave of infections used Pegasus, according to Natalia Krapiva, tech and legal counsel at digital rights nonprofit Access Now. However, she said it is hard to know for certain while the investigation is still being carried out.

NSO Group did not respond to a request for comment.

Martirosyan said the spyware was likely installed on the orders of the Azerbaijani government — during the war between Armenia and Azerbaijan in 2020, Pegasus spyware was used to target Armenian journalists, activists, government officials, and civilians. While the identity of the hackers behind the attacks remained unclear, researchers suggested that Azerbaijan was one of the potential suspects.

The University of Toronto’s Citizen Lab identified at least two suspected Pegasus operators in Azerbaijan who have targeted individuals within the country as well as abroad.

Krapiva agreed that “the likely suspect is Azerbaijan,” because of its history with Pegasus and its close ties to Israel.

Tensions have been high between Armenia and Azerbaijan, and reached a tipping point in September when Azerbaijan launched a large-scale military offensive in Nagorno-Karabakh, violating a 2020 ceasefire agreement.

CyberHUB, which has been investigating Pegasus infections for two years, said that the number of hacks is growing in Armenia. However, the true extent of these hacks is hard to determine, as many victims prefer not to make their cases public, according to Krapiva. Android users do not receive such notifications at all, she added.

Most of the infections occur during escalations between Armenia and Azerbaijan, researchers said. Targets in Armenia have included high-ranking politicians, civil society representatives, activists, journalists, and editors.

Pegasus has recently been used to target activists, politicians, and journalists in Poland, Spain and Greece. It was recently used to target a Russian journalist while she was traveling in Germany.

In September, the Parliamentary Assembly of the Council of Europe called the use of Pegasus spyware by several countries in the region potentially illegal.

Clarification: A previous version of this story stated that Pegasus was used to target activists in Russia — it was specifically used to target a Russian journalist while she was traveling in Germany, and she received the notification in Latvia.