Cyberwarfare: Azerbaijan in the crosshairs Invasion of the “invisibles”

The Insider, a publication that, as its name suggests, specialises among other things in investigative journalism, has published a rather interesting article shedding light on the activities of the Russian intelligence services.

To be more precise, the focus is on Unit 29155 of the Main Directorate (formerly the Main Intelligence Directorate) of the General Staff of the Russian Armed Forces. This unit became notorious for its botched operations involving the nerve agent “Novichok” — including the poisonings of Sergei Skripal in Salisbury and Emilian Gebrev in Bulgaria — as well as a series of explosions at military depots in Bulgaria and the Czech Republic.

Few suspected, however, that this very unit was also engaged in subversive activities in the field of information and information technology — and it is this lesser-known side of its operations that The Insider explores in its report.

It is worth noting that despite its formidable reputation, the unit paid insufficient attention to its own information security, which allowed The Insider to gain access to its server. As a result, the publication discovered a list of targets that included Ukrainian government agencies, European infrastructure, a Qatari bank, and even medical institutions around the world.

By analysing phone calls, flights, and correspondence of the operatives involved, the journalists identified several dozen agents — including convicted hackers, recent university graduates, as well as special operations veterans with no IT background. The key names featured in the investigation are Yuri Denisov, Roman Puntus, Tim Stigal, Alexey Stroganov (Flint), Yevgeny Bashev, and Igor Voroshilov.

We are sharing this information not out of idle curiosity. The fact is that among the countries targeted — or slated to be targeted — by this unit’s hacker attacks was Azerbaijan.

For instance, in 2017, the aforementioned Tim Stigal created a Twitter account under the name Anonymous Bulgaria, through which he published what was claimed to be hacked correspondence from the Azerbaijani Embassy. A few days later, a Bulgarian journalist, Dilyana Gaytandzhieva — brought in by Stigal to legitimise the leak — published an “investigation” based on this so-called correspondence in the Bulgarian daily newspaper Trud (Labour).

The core claim of this disinformation campaign was that the United States was supplying weapons to “terrorists” in Syria, allegedly transported by the Azerbaijani airline Silk Way. Notably, this was the only article Trud ever published in English, suggesting that the real aim was to reach an international audience.

However, Silk Way quickly and convincingly proved its non-involvement in any illicit arms transfers, and as a result, Gaytandzhieva was dismissed from the newspaper.

Another individual mentioned in The Insider’s report, Yuri Denisov, reportedly travelled to Azerbaijan in 2013 and 2014. Among other noteworthy details from the investigation is the inclusion of an Azerbaijani medical clinic on the unit’s list of targets.

To these revelations it is also appropriate to add the powerful cyberattack carried out in February of this year against Azerbaijani government and media institutions. The attack included phishing emails, attempted intrusions into network infrastructure, and DDoS assaults.

All of these episodes point to a clear conclusion: Azerbaijan has been — and remains — a focal point of Moscow’s intense geopolitical interest.

This is, in principle, understandable. In recent years, Azerbaijan has significantly strengthened its international agency — reaching the highest level of strategic alliance with Türkiye, establishing a strategic partnership with China, deepening ties with Israel, pursuing an active policy to consolidate the Turkic world, playing a pivotal role in Europe’s energy architecture, and raising its profile across international platforms. In short, Azerbaijan has become an important player in global politics — and not just anywhere, but at a highly sensitive crossroads of Eastern and Western interests.

All these factors have served as clear indicators for the Kremlin that Baku is moving beyond the traditional sphere of Russian influence. It is therefore unsurprising that Moscow is turning to various methods in an attempt to regain its foothold — or at the very least, to undermine Azerbaijan’s growing authority. With traditional levers of influence losing their effectiveness, it is increasingly evident that Russia has turned to its non-conventional arsenal — cyberattacks, information leaks, and other covert tactics.

In other words, it is crucial to understand that Moscow’s actions are not merely a reflexive response to Azerbaijan’s growing international agency, but rather part of a deliberate strategy aimed at undermining our sovereignty.

In this context, Azerbaijan now faces a new geopolitical reality — and the associated risks are, of course, not limited to Russia alone.

The seriousness of the threat is underscored by one important detail: Unit 29155 is reportedly fragmented and disorganised, lacking even basic discipline. Its members, for instance, used their cover identities for personal matters, which inevitably led to leaks of classified information. Moreover, as previously noted, key data was stored on unsecured servers. In one instance, a programmer within the group candidly admitted in correspondence: “Information is leaking… The enemy sometimes knows before our own generals do.”

And yet, despite this dysfunction, the unit has managed to carry out operations that are at times highly sensitive. This naturally raises the question: what should we expect from more organised and powerful entities — both elsewhere in the world and within Russia itself?

Today, an attack on a sovereign state may not come with the sound of gunfire, may leave no visible trace, and may not spark an immediate scandal. Its impact lies in accumulation — in the slow drip of leaked information, in the crafting of an alternative reality. Under such conditions, every state must develop a resilient system of defence against covert interference.

The response of a nation facing such attacks should not be about retaliation, but about systematisation — not reflexive counterstrikes, but the establishment and maintenance of a state of heightened readiness, along with the ability to suppress hostile actions effectively.

This, perhaps, is the most important lesson we must draw from The Insider’s investigation.