On May 2, Ramid Namazov, Chairman of the Azerbaijani Parliament’s Temporary Commission against Foreign Interference and Hybrid Threats, claimed that a cyberattack targeting several Azerbaijani media outlets on February 20, 2025, was organized from Russia.

During a public discussion titled “February 20 Attacks on Azerbaijani Media Resources: From Cyber Interference to Disinformation,” Namazov stated that the attack was executed at a high technical level by the cyber-espionage group APT29, also known as Cozy Bear, Midnight Blizzard, and The Dukes, which is linked to Russian intelligence services. He emphasized that the group is known for conducting significant cyber operations, particularly against government agencies, diplomatic missions, and critical sectors such as defense, media, and energy.

Namazov noted that the incident contradicted the provisions of the Declaration on Allied Interaction between Azerbaijan and Russia and the spirit of bilateral relations. He cited the termination of the Russian Information and Cultural Center, known as “Russian House,” on February 3, 2025, due to its unregistered status and legal violations, as well as discussions surrounding the closure of the local office of Rossiya Segodnya (Sputnik), as motives behind the attack. “It is because of these processes, which have indirect political motives, that this cyber-interference occurred,” Namazov stated.

Rasim Musabekov, a Member of the Azerbaijani Parliament, argued that cyberattacks are regarded as acts of war and urged Azerbaijan’s relevant authorities to address the issue with Russia through diplomatic channels. Namazov agreed, stating, “The relevant bodies are dealing with this, and negotiations with the Russian side are underway. Such steps contradict our relations.”

Orkhan Mammadov, a board member of Global Media Group, reported that on February 20, 2025, a severe and large-scale cyberattack targeted the company’s media resources. The attack initially struck Baku TV’s internal servers and subsequently spread to major Azerbaijani news portals, including Report.az, Oxu.az, Baku.ws, Caliber.az, and Media.az. Mammadov explained that swift intervention by the IT team and external specialists mitigated further damage, but some servers suffered data loss and temporary service disruptions.

According to Mammadov, despite the servers being secure at the time, the attackers bypassed defenses using sophisticated and obscure methods, demonstrating a high level of expertise. He announced plans to completely overhaul the server infrastructure and establish permanent cooperation with international cybersecurity firms. Mammadov concluded by emphasizing that the incident underscored the importance of treating information security not only as a technical necessity but also as a critical aspect of national security, requiring continuous investment and preventive measures.