Back to Research

Armenia-Azerbaijan conflict Pegasus infections – Technical Brief [1]

Infection Confirmations

The Citizen Lab examined the devices of a number of individuals in Armenia for evidence of spyware infections including Pegasus, as part of an investigative collaboration with Access Now, CyberHUB-AM, Amnesty International’s Security Lab, and independent mobile security researcher Ruben Muradyan.

Read the Access Now report on the civil society cases: Hacking in a war zone: Pegasus spyware in the Azerbaijan-Armenia conflict.

Our forensic analysis of the following individuals’ devices found evidence of Pegasus spyware infection with a high degree of confidence.

Name or Alias Occupation Infection date(s) Victim Location
Anna Naghdalyan NGO Representative, former Spokesperson of the Ministry of Foreign Affairs (MFA) of the Republic of Armenia
  • Sometime 2020-10-11 – 2020-10-13
  • Sometime 2020-10-13 – 2020-10-19
  • Sometime 2020-10-19 – 2020-10-21
  • Sometime 2020-10-24 – 2020-10-28
  • On or around 2020-11-02
  • Sometime 2020-11-04 – 2020-11-05
  • Sometime 2020-11-07 – 2020-11-18
  • Sometime 2020-11-18 – 2020-12-08
  • Sometime 2020-12-08 – 2021-01-03
  • Sometime 2021-01-06 – 2021-01-07
  • On or around 2021-01-11
  • On or around 2021-01-15
  • Sometime 2021-02-04 – 2021-02-05
  • Sometime 2021-02-05 – 2021-02-11
  • Sometime 2021-03-04 – 2021-03-15
  • Sometime 2021-03-15 – 2021-03-18
  • Sometime 2021-03-18 – 2021-03-27
  • Sometime 2021-03-28 – 2021-03-31
  • Sometime 2021-03-31 – 2021-04-03
  • Sometime 2021-04-03 – 2021-04-08
  • Sometime 2021-04-08 – 2021-04-17
  • Sometime 2021-04-27 – 2021-05-15
  • On or around 2021-05-31
  • On or around 2021-06-06
  • On or around 2021-06-30
  • On or around 2021-07-03
  • On or around 2021-07-05
Ruben Melikyan Co-founder of Armenian NGO Path of Law, former Human Rights Ombudsman of the Republic of Artsakh
  • On or around 2021-05-20
  • Unsuccessful infection attempt on or around 2022-12-07
Varuzhan Geghamyan Assistant Professor at Yerevan State University
  • On or around 2021-06-03
Samvel Farmanyan ArmNews TV Co-founder
  • On or around 2022-06-30
Kristinne Grigoryan Former Human Rights Defender of the Republic of Armenia (Human Rights Ombudsperson)
  • On or around 2022-10-04
Victim 1 Works in Media
  • Date(s) withheld
Victim 2 Journalist
  • Date(s) withheld
Victim 3 Activist
  • Date(s) withheld
Victim 4 Civil Society Representative
  • Date(s) withheld
Victim 5 United Nations Official
  • Date(s) withheld

Our analysis found individuals in Armenia targeted with NSO Group exploits including PWNYOURHOME, FINDMYPWN, FORCEDENTRY, and KISMET.

Spyware Scanning

We do not conclusively attribute the infections listed above to a specific governmental entity, and our forensic analysis was unable to confirm which Pegasus operator conducted the infections listed above.

As part of the Citizen Lab’s ongoing internet scanning and DNS cache probing, we identified two suspected Pegasus operators in Azerbaijan. We name these two operators BOZBASH and YANAR.

Domains associated with both the BOZBASH and YANAR operators were registered by the end of 2018, or possibly before. NSO Group implemented a new version of their infrastructure at the end of 2018, following our HIDE AND SEEK report, and it is difficult to link customers conclusively across the new and old infrastructure versions.

We have only ever observed the YANAR Pegasus operator monitoring targets within Azerbaijan, while the BOZBASH operator appears to monitor targets both in Azerbaijan and several countries abroad, including Armenia.


We would like to thank each victim and potential target that participated in this investigation. Without them, this would not have been possible. Their participation also helped to meaningfully advance our understanding of NSO Group’s exploits.

The Citizen Lab would like to thank Access Now, CyberHUB-AM, Amnesty International’s Security Lab, and independent mobile security researcher Ruben Muradyan.

We thank our colleagues at Citizen Lab including Snigdha Basu, Siena Anstis and Adam Senft for editorial assistance.