Azerbaijan fends off cyberattacks amid growing global threat Block against hackers

The ongoing geopolitical tensions amid the Russia-Ukraine war, coupled with the deepening contradictions between the collective West and China, have sparked a sharp increase in cyber warfare, escalating global cyber threats to state institutions.

Azerbaijan is not immune to these risks. According to recent data from the State Service for Special Communications and Information Security (SCIS), cyberattacks on the country's state institutions rose by 45% in 2024. However, thanks to the dedicated efforts of national authorities, most malicious programs have been identified and blocked. The fight against cybercrime continues to intensify, with ongoing reforms aimed at strengthening the protection of Azerbaijan's digital infrastructure.

The decline and resurgence of hybrid cyberwars have been observed globally for quite some time, but in the past three years, these processes have reached the scale of a full-blown crisis. This negative trend has been particularly amplified since the start of the Russia-Ukraine war, with methods and practices of global cybercrime increasingly used as tools for ideological, military-political struggles, and cyber-espionage among the world's leading powers. In this context, formally independent cyber groups are actively employed, with these hacker groups often driven by ideological motives. Such groups have long been established for cyberattacks in countries like North Korea, Iran, and several others around the world.

The situation regarding global cyberattacks on e-government systems became so severe in the past year that, in late January 2025, the European Council expanded sanctions under the framework for countering cyberattacks on Ukraine's state web resources. Meanwhile, the U.S. Department of Justice recently charged five officers from Russia's Main Intelligence Directorate (GRU) for hacking Ukrainian government portals, as well as conducting cyberattacks against 26 NATO countries.

One of the major attacks of this kind occurred on December 19, 2024, when the infrastructure of several state registries in Ukraine was disabled, including a near month-long suspension of the registries under the Ministry of Justice's jurisdiction. According to Bloomberg, Chinese hackers recently breached several critical infrastructure resources in the United Kingdom. This included hacking the server of the UK Electoral Commission and gaining access to personal data of approximately 40 million voters. British defence organizations, energy companies, the National Health Service, and several high-tech firms also fell victim to the attacks. 

In September of last year, hackers targeted the German Flight Safety Agency in Langen, near Frankfurt International Airport, highlighting vulnerabilities in the high-risk sector of civil aviation. The transportation sector remains a highly attractive target for hackers, and around ten days ago, Tbilisi's public transport fare payment system was hit by a major cyberattack. During the recovery period, public transportation in the Georgian capital was forced to operate free of charge for passengers.

Like many countries worldwide, Azerbaijan is facing increased risks to the critical infrastructure of its state organizations over the past three years. According to recently published data from the State Service for Special Communications and Information Security of Azerbaijan, 142 indicators of cyberattacks (IOCs) on government institutions were detected in January 2025 alone—an increase of 45% compared to the previous year. Of these, 43 cyber threats were identified and blocked based on internal investigations, while 99 were detected during the investigation of incidents reported by government agencies. During the reporting period, 46.565 million malicious links were blocked through the AzStateNet network, 337,000 were blocked through the central antivirus system installed on end-user devices, and 19,383 malicious email attachments were neutralized using the Sandbox protection system.

Notably, the past year proved to be particularly challenging for the stability of Azerbaijan's cyberspace. During the first three quarters of 2024, specialists from the State Service for Special Communications and Information Security (SCIS) identified 828 indicators of cyberattacks. Among the major incidents last year were cyberattacks and unauthorized access to the databases of several government institutions, including the Ministry of Health (e-health.gov.az) and the Ministry of Science and Education (miq.edu.az). During the investigation into the identified cybercriminal group, it was revealed that they had obtained personal data of Azerbaijani citizens and stored it on their own specialized servers.

At the end of 2024, the State Service also traced a cyber group operating in 135 countries, including Azerbaijan. The counter-cyber-intelligence measures taken led to the capture of the central server controlling the malicious software. "As the investigation revealed, the cyber group deployed a virus on a total of 270,741 computers across 135 countries, including 7,790 in Azerbaijan. Of the infections registered in the country, 35 were on computers of various government institutions not connected to the centralized antivirus system," stated the SCIS report.

Furthermore, in November of last year, unprecedentedly large-scale cyberattacks were recorded against Azerbaijan's online resources during the 29th session of the United Nations Framework Convention on Climate Change (COP29). According to data from the SCIS, 1.09 billion requests were made to COP29's informational resources during the conference. A significant portion of these requests had criminal intent and were immediately blocked by the State Service. During this period, alongside the COP29 informational resources, including the website "cop29.az," there were attempts at cyberattacks, large-scale DDoS attacks, and attacks on the information systems of other state institutions and the DNS domain systems of "gov.az." Numerous cyberattacks were also recorded on several government servers housed in the SCIS DATA centre.

Fortunately, in recent years, Azerbaijan has developed a robust system for countering cybercrime and protecting state institutions' web resources and other critical infrastructure, thanks to the efforts of the SCIS specialists and its Computer Emergency Response Center (CERT.gov.az). This system includes server protection connected to the centralized antivirus system. As a result, hacker attacks have been intercepted promptly, and malicious programs have been neutralized without causing damage to the databases, the functionality of state institutions' web resources, or the e-government system as a whole.

An effective barrier preventing cybercriminal attacks on Azerbaijan's databases and state institutions' web resources is provided by the data centres within the centralized "Government Cloud" (G-cloud) system. This system has facilitated the full or partial migration of the information systems and resources of approximately 200 government organizations and private companies to the main data centre in Baku and the backup data centre in Yevlakh. Equally important efforts were made several years ago to ensure the cybersecurity of internet providers offering services to entities involved in critical information infrastructure. To strengthen the institutional framework for protecting the country's cybersecurity, the Cabinet of Ministers of Azerbaijan established the "Rules for Ensuring the Security of Critical Information Infrastructure in Azerbaijan" in July 2023. In the same year, the head of state's decree approved a crucial document—the "Information Security and Cybersecurity Strategy for Azerbaijan for 2023-2027."