digital attack – Azerbaijan Internet Watch

online news platform hacked, content and followers removed

Posted on September 17, 2022September 17, 2022 by aiw_admin

On September 16, Toplum TV, an online news platform had its Facebook page hacked. The hacker accessed the account by hacking one employee’s personal Facebook profile. As a result, the news platform lost 26k of its followers and two weeks’ worth of shared content.

In an interview with Meydan TV, the platform’s director, journalist Khadija Ismayil said this was not the first time Toplum TV was targeted with a digital attack.

AIW documented the previous attack in November 2021. At the time, the hacking occurred through an SMS interception. In another attack documented in September 2021, Toplum TV reported it lost 16k followers on its Facebook page.

Ismayil in a Facebook post said, there were suspicions that a similar attempt was made this time around. The admin team is investigating the origins of the hack.

Access to the page has been restored at the time of writing this post.

attention: phishing attack detected

Posted on July 16, 2021 by aiw_admin

On July 8, Azerbaijan Internet Watch received a notification that an email sent on behalf of Human Rights Watch reached a number of prominent Azerbaijani civil society activists. The email contained an attachment “Human Rights Invoice Form Document – 2021.docx” prompting the recipient to download the attached file.

AIW, reached out to partners at Qurium to analyze the attachment. The forensics confirmed the suspicions that the email was indeed a virus. According to preliminary conclusions, “the e-mail included a link to malware, with the capability of webcam and Desktop recording, execution of windows commands (WMI) as well as extraction and uploading of selected files from the victim’s computer.

Screenshot from the original email that was sent.

Phishing incidents targeting civil society activists are common in Azerbaijan.

Numerous reports, including several by AIW, in partnership with Qurium, documented and investigated these attacks, over the recent years [see below].

A detailed report by Qurium presents an analysis of the malware and explains how it was built, its capabilities, and where it was hosted. Among the findings were:

desktoprecord
webcamrecord
download
implant
makepersistent
massdownload
stopimplant
upload
uploadexec
wmicexec
aueval

In addition to taking screen captures and webcam recording, there was another interesting detail – insufficient knowledge or lack of an auto-correct program run on a computer or the user, developing the malware. As captured by Qurium, there were several grammatical mistakes in the pop-up window informing the owner of the device who downloaded the email “Unsopported Microsoft Word version!” & @CRLF & “File corrupted. Error numer: 0x65415681.”

Qurium also released its report titled “A decade of efforts to keep Azerbaijani media online” that sums up the assistance the platform has provided since 2010 including monitoring and mitigating a wide range of cyberattacks against the websites in Azerbaijan and since 2016, releasing no less than twenty forensics reports to document their findings.

Further, read:

March 19, 2017 – False Friends: How Fake Accounts and Crude Malware Targeted Dissidents in Azerbaijan, Amnesty International
January 14, 2020 – mass phishing attack against Azerbaijan civil society [updated], AIW/Qurium
January 15, 2020 – FISHING PHISHERS IN AZERBAIJAN, Qurium
February 20, 2020 –the “man” behind the phishing attacks, AIW/Qurium
March 8, 2021 – spotted, phishing attack on opposition activist [updated march 9], AIW

popular citizen journalist and activist detained

Posted on March 15, 2021March 15, 2021 by aiw_admin

On March 14, citizen journalist Mehman Huseynov and member of NIDA civic movement Ulvi Hasanli were detained by the police. Speaking to Turan News Agency, Mehman Huseynov said, police stopped both men while on an assignment, in Novkhani village, investigating Saleh Mammadov, a government official who is the Chairman of the Board of the Azerbaijan State Agency of Motor Roads. “We were stopped by the Road Patrol Service. They took us to the Absheron District Police office [Novkhani village is situated in Absheron administrative district]. They questioned us there. Took my drone.” Huseynov also said, after getting questioned at the police department, they were taken to a location they did not know as their eyes were tied. At the time, journalist Ulviyya Ali reported that both men were transferred to the Grave Crimes Unit.

After being held for several more hours both men were released, but authorities kept the drone.

In their statement, the Ministry of the Interior said, the operation of the drone, was illegal, even though according to Azerbaijan’s national aviation authority, the State Civil Aviation Authority of Azerbaijan (CAA), flying a drone is legal in Azerbaijan. That being said, there is no law or state regulations on flying drones in Azerbaijan. According to this BBC Azerbaijan service story from 2019, before flying a personal drone, the owner must seek permision first from the State Civil Aviation Authority.

Mehman Huseynov is the author of a popular Sancaq TV, a socio-political magazine, which documents extensive corrupt practices and violations of human rights in Azerbaijan.

In 2017, shortly after President Ilham Aliyev, appointed his wife, Mehriban Aliyeva as the First Vice President, Huseynov did a short video, asking male residents of Baku, whether they would appoint their wives as first secretaries if they were heads of companies. Huseynov was arrested the following day and later ended up serving a two-year prison term on charges of slander. Some speculated this satirical video was the real cause behind the journalist’s arrest.

Ahead of his release from jail in 2019, the authorities attempted at keeping him behind bars, albeit unsuccessfully, and Huseynov was released.

This is not the first time Huseynov was persecuted for his activities. He was questioned by the police countless times, threatened, intimidated, placed under a travel ban for five years, his personal documents were confiscated. The Human Rights House Foundation has documented in detail the reprisals against Huseynov in recent years. On March 9, AIW reported that Sancaq TV’s Facebook page was targeted in a series of hacking attempts and numerous fake Sancaq TV Facebook pages were set up. It was possible to remove only of those pages, as Facebook found no evidence that the other pages, were impersonating Sancaq TV due to lack of content shared on these pages.

Ulvi Hasanli is a member of NIDA civic union. He is also an editor of abzas.net, a news website covering human rights violations across the country. The website has been targeted since 2016 with DDoS attacks. In 2017 the website was blocked and the management team switched its extension to .org. Most recently the platform was targeted in February of this year. In April 2020, the website lost a month’s worth of published articles and some of the headlines of articles were changed.

news platform targeted online

Posted on June 18, 2020April 7, 2021 by aiw_admin

On June 18, a popular online news platform, Meydan TV was targeted online. Its social media accounts on Facebook and Instagram were subject to a digital attack.

According to Meydan TV, the platform lost two years of content on its Azerbaijani language Facebook page while on Instagram it lost at least two months of posts.

Previously, the platform lost all of its content on its Russian language Facebook page including some, on its Azerbaijani language Facebook page. Meydan TV’s website was also subject to DDoS attacks in May shortly after the country’s top independent news agency Turan was targeted in a similar manner.

Targeting accounts and pages of independent news platforms, organizations, initiatives, activists, and journalists are common in Azerbaijan. AIW has documented some of these and they are available on this platform.