Why are Russian Threat Actors Targeting Azerbaijan?
Since the start of the Russian invasion of Ukraine, Ukrainian organizations have been bombarded with cyberattacks executed by Russian threat actors.
In addition to Ukrainian organizations, on August 5, multiple Russian threat actors turned their eyes to Azerbaijani companies and government organizations. They started launching DDoS attacks to deny access to Azerbaijani institutes.
Primary Reason for the DDoS Attacks
On August 5, 2022, Anonymous Russia reacted to a provocative video on Telegram that allegedly showed a criminal act of some Azerbaijani people. In the post, they have stated that they will avenge the alleged victims of such actions. The Anonymous Russia group has declared a cyber campaign against Azerbaijan.
Timeline of the DDoS Attacks
After threatening Azerbaijan on their Telegram channel, Russian threat actors have started launching DDoS attacks against multiple Azerbaijani institutions in different industries, aiming to cripple the sites for several weeks. The threat actors announced, on their Telegram channel, the list of companies and public institutions that they attacked.
The list of victims includes public institutions, some companies in the mining and real estate industries, a state-owned oil company, and a mobile operator in Azerbaijan.
The Russian threat actors continued their DDoS attack spree the next day by adding new victims, such as organizations in the oil and aviation industries.
On the 7th of August, government and military organizations were targeted. Anonymous Russia has added Azerbaijan Higher Military School, Azerbaijan State Maritime Academy, Diplomatic Academy under the Ministry of Foreign Affairs of Azerbaijan, and Academy of Public Administration under the President of the Republic of Azerbaijan to the list of victims.
On the 8th of August, the Azerbaijani media were the victims of Russian threat actors.
A New Player Among Russian Threat Actors: Carbon
On August 6, 2022, a new group named Carbon emerged, claiming to assist and help the Russian people and Russia. In their first post, they stated that they would initiate attacks on the aggressors against Russia.
After the first post, the threat actor group posted a video supporting their statement. They have also declared that their main enemies are the West, European Union, and Ukraine.
After the video, Carbon started attacking Ukrainian and Azerbaijani institutions, including the largest non-government bank in Ukraine, Privatbank, and several government agencies of Azerbaijan. The group posted their victims on their Telegram group.
Carbon has continued to target Azerbaijani companies and government institutes. In another post, two additional victims, a private bank in Azerbaijan and a public institution website, were mentioned.
As of August 9, screenshots of all the websites mentioned above were posted, showing them as unreachable. Russian threat actor groups claimed that they have succeeded in their mission by crippling important websites belonging to the Azerbaijani government and institutes, rendering them inaccessible. SOCRadar analysts anticipate that DDoS attacks will continue for a couple of weeks and evolve to data breaches.