Azerbaijan blames Russian state hackers for cyberattacks on local media

Azerbaijani officials claimed that the Russian state-sponsored hacker group APT29 was behind a cyberattack on several local media outlets earlier this year.

The likely motive, according to Ramid Namazov, head of the Azerbaijani parliament's commission on countering hybrid threats, was retaliation for the closure of the Russian House state-funded cultural center in Baku and significant staff cuts at the Azerbaijani branch of Sputnik radio.

In February, the Azerbaijani government ordered the closure of the Russian House, citing its lack of legal registration and violations of national legislation. Local media also reported that the center had been involved in espionage activities on behalf of Russian intelligence. Russia dismissed the allegations as a “groundless” disinformation campaign.

Azerbaijani authorities cut the staff of the Kremlin-backed outlet Sputnik Azerbaijan from 40 to a single employee earlier this year, saying the move was aimed at “restoring balance” in the conditions under which Azerbaijani state media and foreign journalists operate in the country.

The cyberattack on Azerbaijani media took place on the morning of February 20. It initially targeted the internal servers of the Baku TV channel — which had accused the Russian House of espionage — before spreading to several news websites.

According to local authorities, the attack aimed to spread disinformation and false news, disrupt media infrastructure and attempt to delete or alter information.

Namazov said the incident was “politically motivated” and claimed that Russian hackers had penetrated the affected websites two to three years before the actual incident.

APT29, also known as Cozy Bear, BlueBravo or Midnight Blizzard, is reportedly affiliated with Russia’s Foreign Intelligence Service (SVR). The group is primarily engaged in cyber-espionage, targeting government agencies, foreign diplomatic missions, and organizations in the political, defense, energy and media sectors.

Azerbaijan has historically maintained ties with Russia through trade, energy and security cooperation. However, tensions have escalated recently — partly due to Baku's support for Ukraine. The December crash of Flight J2-8243, which Azerbaijan blamed on a Russian missile, also complicated the relationship.

In March, Ukraine’s military intelligence agency, known as HUR, reported that Russia was spreading disinformation accusing HUR of trying to instigate an armed conflict between Armenia and Azerbaijan.

Cyberattacks on media outlets are commonly used by Russian hackers to spread disinformation or collect data. Last year, suspected Russian hackers targeted the Polish Press Agency to publish fake news on its website.

In February, Kremlin-linked threat actors also attacked several major Ukrainian media outlets, posting fake news related to the war.