...

Russian-linked APT29 behind recent cyberattacks on Azerbaijani media - official

Politics Materials 2 May 2025 16:37 (UTC +04:00)
Russian-linked APT29 behind recent cyberattacks on Azerbaijani media - official
Alish Abdulla
Alish Abdulla
Read more

BAKU, Azerbaijan, May 2.​ The recent cyberattacks on Azerbaijani media outlets have been attributed to APT29, also known as Cozy Bear, a Russian-linked cyber espionage group, said Ramid Namazov, Chairman of the Parliamentary Commission on Foreign Interference and Hybrid Threats, Trend reports.

Speaking at a public hearing organized by the commission under the theme "Cyberattacks on Azerbaijan’s Media Resources," Namazov said forensic analysis confirmed that both the technical methods and behavioral patterns used in the attack were characteristic of APT29, which is also known by other aliases including Midnight Blizzard and the Dukes. The group is recognized as a well-organized entity responsible for conducting high-profile cyber operations.

According to Namazov, APT29 primarily targets government institutions, foreign diplomatic missions, and key sectors such as politics, defense, energy, media, and other critical infrastructures.

"Their operational methods include a wide range of cyber intrusion tools. One of their key tactics is to infiltrate a system long in advance, establish persistence, and remain dormant until the moment to act arises. This long-term infiltration strategy and politically driven motives set them apart from other cybercriminal groups.

The investigations indicate that the group had been covertly embedded in the systems of certain media platforms for 2-3 years before fully taking control of them in an operation carried out on February 20, 2025.

Our cyberpsychological analysis also helped clarify the motive behind the attack. The motive traces back to February 3, when the Russian Information and Cultural Center — also known as 'Russian House' — which was operating without legal registration in Azerbaijan and in violation of national laws, was ordered to cease its activities. Around the same time, discussions were also underway regarding the closure of the local office of 'Rossiya Segodnya' (Sputnik). These developments served as the political trigger for this cyber intrusion," he explained.

Stay up-to-date with more news on Trend News Agency's WhatsApp channel

Tags:
Latest

Latest