Stockholm, May 25, 2023—In response to a report released Thursday by a group of rights organizations alleging that Pegasus spyware was used to surveil at least five Armenian members of the press who covered the country’s military conflict with Azerbaijan, the Committee to Protect Journalists issued the following statement:
“Today’s report is yet another deeply disturbing reminder of the immense danger posed by Pegasus and other spyware used to target journalists,” said Carlos Martinez de la Serna, CPJ’s program director, in New York. “Armenian and Azerbaijani authorities should allow transparent inquiries into the targeting of Armenian journalists with Pegasus, and NSO Group must offer a convincing response to the report’s findings and stop providing its technologies to states or other actors who target journalists.”
The report, “Hacking in a war zone: Pegasus spyware in the Azerbaijan-Armenia conflict,” identified at least 12 people whose devices were infected by Pegasus, spyware produced by the Israeli company NSO Group. Many of the infections clustered around the 2020 Nagorno-Karabakh war between Armenia and Azerbaijan and its subsequent escalations.
The report was published Thursday, May 25, by the rights groups Access Now, Amnesty International, and Citizen Lab, the Armenian digital emergencies group CyberHUB-AM, as well as independent mobile security researcher Ruben Muradyan.
The targets included Armenian human rights activists, academics, and state officials, two media representatives who requested to be kept anonymous, and three named journalists:
- Karlen Aslanyan, a reporter with the U.S. Congress-funded broadcaster RFE/RL’s Armenian service, Radio Azatutyun
- Astghik Bedevyan, a reporter with Radio Azatutyun
- Samvel Farmanyan, co-founder of the now-defunct independent broadcaster ArmNews TV
The report says its authors found “substantial evidence” suggesting that Azerbaijan authorities purchased access to Pegasus, and that the targets would have been of intense interest to Azerbaijan. The targets were also critical of Armenia’s government, which is believed to have previously used another spyware product.
NSO Group previously told CPJ that it licenses Pegasus to fight crime and terrorism, stating that it investigates “all credible claims of misuse and take[s] appropriate action,” including shutting down a customer’s access to the software.
CPJ has documented the grave threat posed to journalists by spyware, and joined with other rights groups to issue recommendations to policymakers and companies to combat the use of spyware against the media, including by imposing bans on technology and vendors implicated in human rights abuses.
Azerbaijani journalists Sevinj Vagifgizi and Khadija Ismayilova were previously confirmed to have had their devices infected with Pegasus, while dozens of other prominent Azerbaijani journalists featured on a leaked list of potential Pegasus targets analyzed by the collaborative investigation Pegasus Project in 2021.
CPJ emailed NSO Group, the National Security Service and Ministry of Internal Affairs of Armenia, and the State Security Service and Ministry of Internal Affairs of Azerbaijan for comment, but did not immediately receive any replies.