Next-generation cyberwars: challenges and Azerbaijan’s responses Specialists, strategies, and international cooperation

In recent years, the growing geopolitical tensions between global powers have sparked a new wave of cyberwars. Azerbaijan has not been immune to these threats, experiencing a notable increase in cyberattacks targeting government institutions, media outlets, and the corporate sector.

Fortunately, the country has built a strong pool of information security specialists capable of detecting and neutralising the majority of malicious programs. At the same time, comprehensive reforms are underway to strengthen the protection of Azerbaijan’s digital space. The current cybersecurity landscape was a key topic of discussion at the 6th Summit of Heads of Government IT Services, held on September 5 in Baku.

Globally, attacks on e-government systems and state network infrastructure have become increasingly severe. In response, the EU Council expanded sanctions at the end of January 2025 under its mechanism to counter cyberattacks on government networks.

Azerbaijan is increasingly facing threats to the critical infrastructure of state organisations. The past year proved particularly challenging for the country’s cyberspace: in the first three quarters of 2024 alone, specialists from the Special Communication and Information Security State Service of the Republic of Azerbaijan (SCISSS) identified 828 indicators of cyberattacks.

Major incidents included cyberattacks and unauthorised access to the databases of several government bodies, notably the Ministry of Health (e-health.gov.az) and the Ministry of Science and Education (miq.edu.az). Investigations revealed multiple groups of cybercriminals who had breached these databases, gaining access to personal data of Azerbaijani citizens and storing it on servers under their control.

In November 2024, Azerbaijan also experienced unprecedented large-scale cyberattacks on its online resources during the 29th session of the UN Framework Convention on Climate Change Conference of the Parties (COP29).

Fortunately, in recent years, Azerbaijan has established a robust system to combat cybercrime and protect government web resources and other critical infrastructure, thanks to specialists from the SCISSS and its “Computer Emergency Response Team” (CERT.gov.az). This system includes measures such as securing servers connected to a centralised antivirus network.

As a result, hacker attacks have been intercepted in a timely manner, and malicious programs neutralised without causing significant damage to government databases, the functionality of official web resources, or the e-government system as a whole.

“Cyberattacks against Azerbaijan continue unabated and are recorded almost daily. The intensity of these attacks varies, but DDoS attacks are observed every day,” said Tural Mammadov, Head of Department at the SCISSS, during the  6th Summit of Heads of Government IT Services. “Alongside this, phishing attacks, email-based operations, and, more recently, incidents of citizens’ accounts being compromised and data intercepted via the Telegram messenger have also been observed.”

The department head added that in the first half of this year, 95 employees from 47 government institutions fell victim to hacker attacks due to violations of basic cybersecurity hygiene, 16% of whom held administrative positions. During the reporting period, around 180 audits were conducted in government institutions, and 280 vulnerabilities were identified in the state information system. SCISSS specialists presented these vulnerabilities to the relevant authorities with recommendations for their elimination.

As a result, the total volume of repelled attacks reached 300 Tbps, including 18 attacks with a capacity of 1 Gbps. In particular, during the first half of the year, 262.92 million malicious requests were blocked through the AzStateNet network, the central antivirus system stopped over 12.3 million infected files, and the Sandbox protection system neutralised 61,482 malicious electronic documents.

“All these processes are under constant monitoring,” noted Mammadov, adding that when larger-scale cyberattacks are detected, special teams are formed to investigate them. The analysis is then conducted and the results are forwarded to the relevant authorities.

Azerbaijan has built a strong pool of information security specialists, including experts at the CERT.gov.az Centre. The country has also established a robust legal and administrative framework. In 2023, by the presidential decree, a key policy document was approved: the “Information Security and Cybersecurity Strategy of Azerbaijan for 2023–2027.”

Under the guidance of the Central Bank of Azerbaijan, management frameworks are being developed in the IT sector to ensure the secure handling of databases and artificial intelligence systems. These frameworks, aligned with international standards, aim to strengthen the resilience, security, and efficiency of processes within financial organisations. Similar initiatives are being pursued by the Association of Banks of Azerbaijan (ABA), which is expanding anti-fraud measures—a combination of procedures and technological solutions designed to prevent fraud, including theft via bank cards.

A crucial line of defence against cyberattacks on domestic databases and government web resources is provided by DATA centres operating within the centralised “Government Cloud” (G-Cloud) system.

Azerbaijan maintains consistent cooperation with specialised agencies in Türkiye, Israel, the European Union, and the United States, exchanging expertise and implementing advanced methods to combat cybercrime.

“The Estonian e-Governance Academy (eGA) intends to study and support the development of cyber diplomacy in Azerbaijan,” noted Elza Nim, Chief Cybersecurity Specialist at eGA, during the summit in Baku. “These initiatives include participation in training programmes on risk assessment, incident management, implementation of cybersecurity frameworks, development of practical procedures for national and sectoral CERTs, and strengthening their capabilities.”

According to the expert, eGA plans to actively participate in the advancement of cyber diplomacy, which is currently coordinated by AZ-CERT in collaboration with Romania and the Azerbaijan Cyber Diplomacy Centre.

In the long term, these measures are set to provide a reliable shield for Azerbaijan’s e-government systems and government web resources. The effectiveness of these initiatives is reflected in Azerbaijan’s score of 93.76 out of 100 in the International Telecommunication Union’s “Global Cybersecurity Index 2024,” highlighting the country’s high level of preparedness for cyber threats and the resilience of its digital environment.

A significant step in adopting advanced international practices was the launch of the Bug Bounty programme on 15 April 2025. The programme has enabled the identification and rapid elimination of vulnerabilities in state information resources. As part of the initiative, cyberattack simulations were conducted on government networks, vulnerabilities were identified, and targeted countermeasures were implemented to address these gaps.

“The implementation of the Bug Bounty programme reflects the shift of our government institutions toward an open, collaborative model. This initiative is a clear example of combining public and professional potential to ensure information security,” said Major General Allahveran Ismayilov, Deputy Head of the SCISSS, during the summit. “In today’s world, cybersecurity is not just about protecting closed systems—it also involves cooperation with expert communities. Hackers target not only information systems but also citizens, exploiting their personal data, primarily for financial fraud.”

According to the deputy head of the service, the number of cyberattacks worldwide has more than tripled over the past five years, and in the first half of 2025, over 40% of attacks on government structures were directed at critical infrastructure.

According to the Ministry of Internal Affairs, in the first four months of 2025, the total amount of funds stolen from citizens through cyber fraud exceeded 6 million manats (about $3.5 million). Monitoring by the SCISSS revealed that, during the first half of 2025, 6,164 citizens using government services fell victim to hackers.

In response, Ismayilov emphasised the importance of intensifying and expanding cyber-education efforts across society, using various methods to ensure that citizens remain vigilant and cautious regarding online security.