Preliminary investigations have confirmed that the February 20 cyberattacks targeting more than ten major Azerbaijani media platforms were politically motivated and carried out in a coordinated manner, said Ramid Namazov, the chairman of the Temporary Commission against Foreign Interference and Hybrid Threats, during a public discussion titled “February 20 Attacks on Azerbaijani Media: From Cyber Intrusion to Disinformation”, organized by the Commission, APA reports.
Ramid Namazov stated that, according to experts, this incident has been one of the most serious cyber intrusion operations that has ever occurred and been identified in Azerbaijan: “It has also been revealed that an operation known as a ‘false flag’—commonly used by intelligence agencies—was carried out. The investigation into the cyberattack was conducted by two independent and unrelated teams, both possessing professional knowledge and experience in the field of cybersecurity. The findings obtained by both teams matched. To determine who organized the attack and what the motivations were, system logs were analyzed, traces of malicious software were examined, and behavioral analysis of the attackers was carried out. The research revealed that the attack was not only technical but also aimed at creating psychological impact and was carried out by a highly organized cyber-espionage group. This group has been classified by international cybersecurity experts as a state-affiliated actor. As for the motive behind the attacks, it is highly likely that they were intended as untraceable retaliation for two events that had occurred shortly before. We believe that the trigger for the attack was that several media outlets—whose names I will mention at the end of my speech—had prepared reports and investigative materials regarding both of those issues. The aim was to damage trust in the media sector and undermine digital security.”
According to the commission chairman, initial analyses show that the internal infrastructure of the Global Media Group was infected with malicious software and its central management system was fully taken over: “As a result of the attack, the computer belonging to the system administrator was seized, and access was gained to the server where backup copies of all internet resources were stored. After that, the attackers intervened in other media resources. As a result, web server data and backups were deleted, media resources were destroyed, and access to the infrastructure was restricted. Naturally, in order to ensure the cybersecurity of the affected media outlets, the relevant institutions immediately took appropriate measures. Interestingly, even after the support was provided and the internet information resources were restored, attempts at cyberattacks continued, although they were thwarted. The IP (Internet Protocol) addresses and domains used during the attack, as well as all connections of the group, were identified. It should be noted that support for the attacks also came from domestic IP addresses. It was determined that some individuals involved in the cyberattack were within the territory of our country—specifically, it was even identified which hotels they were staying in. These individuals were foreigners. This is proof that the matter was not an ordinary cyberattack.”
Follow us on Telegram
t.me/apanewsaz
Follow us on Instagram
Follow us on Facebook
Follow us on Twitter
