April 8, 2022 - 14:36 AMT
Meta disrupts government-run cyber espionage network in Azerbaijan

Meta said it disrupted a complex government-run network in Azerbaijan that was involved in both cyber espionage and coordinated inauthentic behavior. Armenia was targeted too.

The campaigns targeted primarily targeted people from Azerbaijan, including democracy activists, opposition, journalists, and government critics abroad.

"This campaign was prolific but low in sophistication, and was run by the Azeri Ministry of Internal Affairs. It combined a range of tactics — from phishing, social engineering, and hacking to coordinated inauthentic behavior," Meta said in its latest Adversarial Threat Report.

"This group operated across the internet, with over 70 websites and domains that they either ran themselves or compromised. They targeted sites in Azerbaijan and, to a lesser extent, Armenia; a small number of sites had Russian or Turkish domains. Once they compromised these websites, the group harvested databases containing usernames and passwords, likely to further compromise online accounts of their targets who might have reused the same credentials across the internet. They also, at times, hosted credential phishing content on these websites."

The group also used malware, hash-cracking tools and more to steal credentials. They even compromised the accounts of public figures and posed as members of Facebook’s security team as a way to steal information and credentials.

In October 2020, Facebook announced that it was removing more than 8,000 Facebook and Instagram accounts and Pages linked to Azerbaijan’s ruling party for violating its policy against “coordinated inauthentic behavior” (CIB). But an April 2021 Guardian review of the operation’s most common targets found that the trolling operation had returned.