Parliamentary commission: February 2025 cyberattack on Azerbaijani media linked to Russia

Chairman of the Azerbaijani parliament’s Temporary Commission against Foreign Interference and Hybrid Threats Ramid Namazov has said that a massive cyberattack targeting multiple Azerbaijani media outlets on February 20, 2025, has been traced back to Russia.

Namazov made these remarks during a public discussion on "Cyberattacks on Azerbaijani Media Resources", Caliber.Az reports via local media.

He confirmed that the attack was carried out with sophisticated technical methods by the cyber-espionage group APT29, also known as Cozy Bear, Midnight Blizzard, and The Dukes. This group is linked to Russian institutions and specializes in cyber-operations targeting critical sectors, including government bodies, diplomatic missions, energy infrastructure, defence systems, and media.

"This is deeply regrettable," Namazov stated, emphasising that the attack violates the principles of the Declaration on Allied Interaction between Azerbaijan and Russia, as well as the spirit of the bilateral relationship between the two countries. 

The chairman highlighted that a subsequent cyber-psychological analysis suggested the likely motive for the attack was connected to Azerbaijan's actions regarding the Russian Information and Cultural Centre “Russkiy House” and discussions about potentially closing the “Russia Today” (Sputnik) bureau in the country. 

"These processes, driven by indirect political motives, appear to have triggered this cyber interference," Namazov noted. 

The identification of the sources and motivations behind the cyberattack, which was executed by one of the world’s most notorious cyber-espionage groups, underscores the success of Azerbaijan's national ICT capabilities under the leadership of President Ilham Aliyev. 

Namazov assured that after reviewing the technical report on the measures taken, it was clear that Azerbaijan had made significant strides in fortifying its cybersecurity infrastructure. 

"You can be confident: today, our country has the capability to neutralise any form of cyber threat and trace its origin," Namazov emphasised.

Further analysis of the attack revealed that the internal infrastructure of Global Media Group, a key media player in Azerbaijan, was compromised. 

The attack involved malware infiltration and the complete takeover of the central management system. Namazov detailed that the attackers gained access to a system administrator’s computer, enabling them to access the server where critical backup copies of all online resources were stored. 

"Following this, the attackers disrupted the operations of other media outlets. Web servers and backup copies were deleted, media websites were wiped out, and access to the infrastructure was severely restricted," Namazov said. 

He also commended the swift actions taken by the relevant authorities to safeguard the affected media outlets' cybersecurity. 

"Once the necessary support was provided, the attackers attempted additional cyberattacks on the restored resources, but these were successfully thwarted. We were able to identify the IP addresses and domains used during the attack, as well as track all connections back to the group. Notably, some of the attacks were supported by internal IP addresses. We also discovered that some of the individuals involved in the attack were on Azerbaijani soil, even pinpointing the hotel they were staying at. This revelation confirms that this was not just an ordinary cyberattack," he added.

By Naila Huseynova