Invasive spyware capable of reading a smartphone’s messages and listening to calls was found on the phones of at least 12 Armenian journalists, politicians and civil society members, according to a report published Thursday by a group of nonprofit organizations.
The spyware, called Pegasus and made by the Israeli company NSO, had previously been found on the phones of thousands of people around the world, leading to U.S. sanctions in 2021 and a lawsuit from Apple. But researchers said their most recent findings are unique — they believe it is the first time that the technology has been weaponized in an armed conflict between countries.
Armenia has intermittently battled its neighbor Azerbaijan for decades. In 2020, a cease-fire was broken in the disputed region of Nagorno-Karabakh, leaving thousands dead. Since then, the two countries have been mired in a sporadic shooting war which has killed dozens more.
The report, a collaboration among the international internet rights group Access Now, Amnesty International and the University of Toronto’s Citizen Lab, calls for “an immediate moratorium” on the sale and transfer of spyware technology.
NSO is the most notorious mercenary spyware developer in the world. It creates powerful programs like Pegasus, which can hack smartphones to reveal information such as contacts, calls and location.
The report does not conclusively find that Azerbaijan was behind the spyware used on Armenian citizens, though researchers noted that all instances of the spyware’s use occurred during or near the time of conflict between the two countries and against those who would be considered traditional espionage targets. Citizen Lab’s research found two distinct Pegasus operators in Azerbaijan, both of which were registered by 2018.
Three arms of the Azerbaijani government — the consul’s office in Washington, its Ministry of Foreign Affairs, and the president’s office — did not respond to requests for comment.
NSO has long insisted its software is intended only for governments to catch terrorists and criminals. But its spyware has repeatedly been found on the phones of dissidents in authoritarian countries. A global media consortium found in 2021 that Pegasus spyware had been used on at least 189 journalists and 85 human rights activists around the world.
NSO has denied responsibility in many of the cases where its software has been abused, arguing that its software was operated by independent, legitimate government agencies.
While governments around the world have long abused NSO tools, the findings revealed Thursday are the first time that civilians have been hacked while their country is in armed conflict with another country.
“We’ve expected this, but it’s still surprising when you see it,” said John Scott-Railton, a senior researcher at Citizen Lab, which has for years documented NSO Group attacks. “And it’s a reminder that mercenary spyware is not just a cybersecurity problem. It is a geopolitical problem, and it is potentially capable of changing the outcome of armed conflict,” he said. His research contributed to the investigation.
In a statement, an NSO Group spokesperson said that it would not confirm any of its customers, but said it “will investigate all credible allegations of misuse.”
“Past NSO investigations have resulted in the termination of multiple contracts regarding the improper use of our technologies,” the spokesperson added.
The 12 confirmed victims worked as journalists, lawyers and for human rights and civic causes.
One victim, television and web journalist Karlen Aslanyan, said he suspected his work made him a natural target.
“If it was the Azerbaijani government, maybe they were trying to find some contacts, to listen to what kind of sources I have,” he said.
Samvel Farmanyan, a political journalist and former politician, said that being hacked was profoundly disturbing.
“Psychologically, it changes your life. Can you imagine that you have the feeling that you are under surveillance, and you don’t know who is surveilling you and what the purposes are?” he said.
Governments around the world should take this as a wake-up call that their citizens can easily be surveilled by countries that have access to spyware, Scott-Railton said.
“They need to be in a position where they understand just how serious this threat is, and how it may have been used around this conflict and other ongoing conflicts,” he said.