3C-INT logo [Cyber]Crime Characterization for Intelligence FREE PREVIEW
You are exploring the Free preview. To unlock full read-only access to all public profiles and in-app notifications, create a free research account. For analyst / premium plans capabilities (editing, advanced tabs, exports), please contact us

Threat Actor Characterization

Back
You’re viewing the read-only version. Sign in for analyst tools (editors, promote draft, file/relations management, etc.)
Armenian Cyber Army

Armenian Cyber Army

ID: 3ce924a16d1bbf3d9f5da7a129a4cdc593582
Hacktivist Group Collective Defacement Crew Hacktivism
Threat types: Defacement
Armenia
Updated: 2026-01-13
Created: 2025-10-16
Progress: 43% Completeness: 40% Freshness: 50%
Operation zone:
Aliases Limited alias preview
No aliases registered.
Actor Network Graph
Open Network Graph
Read-only preview for anonymous visitors. Sign in with a free Research account for full workspace.
MITRE ATT&CK®
confidence: medium
Actor Techniques page ATT&CK® Diagram

Armenian Cyber Army (ACA) — Armenian hacktivist label visible in open sources since at least 2013, credited with politically framed defacements of Azerbaijani websites (e.g., Azerbaijani ministry sites in Mar 2013; 26 sites tied to the Sumgait anniversary in Jan 2016) and with a January 2016 leak of ~16K user records from an Azerbaijani blog platform. Distinct from Monte Melkonian Cyber Army (MMCA) and Caucasus Cyber Army (CCA), which are separate Armenian labels active in the same conflict theater.


Technique Technique name Tactics Evidence
T1491.002 External Defacement TA0040
  • 2013-03-11 — Armenian Cyber Army defaced the website of Azerbaijan’s Ministry of Labor and Social Defense; group logo posted; prior break on Feb 27 tied to the Sumgait massacre anniversary. · ref
  • 2016-01-14 — Armenian Cyber Army ‘broke’ 26 Azerbaijani websites ahead of the 26th anniversary of the Sumgait pogroms, per analyst Samvel Martirosyan. · ref
T1041 Exfiltration Over C2 Channel TA0010
  • 2016-01-20 — CivilNet reports the Armenian Cyber Army leaked a 16K database from Azerbaijani platforms during reciprocal cyber actions. · ref
  • 2016-01-20 — Aravot: Armenian Cyber Army leaked ~16,000 users’ data from Azerbaijani blog platform Kayzen.em; SQL dump links cited. · ref
Strategic Intelligence
Limited preview
Last updated: 2025-10-16T15:19:04+00:00
Armenian Cyber Army (ACA)

CLASSIFICATION: Unclassified / Open Source


Executive Summary

Armenian Cyber Army (ACA) is an Armenian hacktivist label credited in open sources with website defacements and at least one data leak during cycles of Armenian–Azerbaijani cyber hostilities. Documented cases include (i) the defacement of an Azerbaijani Ministry of Labor and Social Defense site in March 2013 (with a prior break noted on Feb 27, linked to the Sumgait anniversary), and (ii) a multi-site defacement run (26 domains) around January 14, 2016 tied to commemorative dates. In January 2016, ACA was also reported to have leaked ~16K user records from the Azerbaijani blog platform Kayzen.em. While ACA’s activities overlap temporally and thematically with other Armenian labels (notably Monte Melkonian Cyber Army and Caucasus Cyber Army), the cited items attribute these specific incidents to Armenian Cyber Army as a distinct banner. Open sources, however, provide limited technical details on vectors and post-exploitation depth. Overall confidence: medium.

  • 2013-02-27. ACA reportedly compromises Azerbaijan’s Ministry of Labor and Social Defense website linked to Sumgait anniversary; commemorative content posted. — Armenpress
  • 2013-03-11. Ministry of Labor and Social Defense (Azerbaijan) defaced again; Armenian Cyber Army logo displayed. — Armenpress
  • 2016-01-14. 26 Azerbaijani websites “broken” by Armenian Cyber Army ahead of the 26th anniversary of the Sumgait pogroms (per Samvel Martirosyan via ARKA). — arkatelecom.am
  • 2016-01-20. ACA leak (~16K users) from Azerbaijani Kayzen.em blog platform; SQL/user databases linked. — en.aravot.am
  • 2016-01-20. CivilNet overview: on the same day of reciprocal cyber actions, Armenian Cyber Army “leaked 16K database from Azerbaijani platforms.” — civilnet.am


Full strategic intelligence is available in Analyst and Premium plans.
Executive Analyst Brief for CISO
Empty Limited preview
No content yet.
Tip: Hover the section title to learn what’s included in Analyst / Premium plans.
Executive brief now
Saved successfully.
Hunting Playbook
Empty Limited preview
No content yet.
Tip: Hover the section title to learn what’s included in Analyst / Premium plans.
Hunting Playbook now
Saved successfully.
IOC Appendix
Empty Limited preview
No content yet.
IOC Appendix now
Saved successfully.
OSINT Library
Empty Limited preview
No content yet.
OSINT Library now
Saved successfully.
Social Medial & Communication
SOCMINT integrated: 0/0
No social links registered for this profile.
Notes: preview mode hides sensitive social/contact details.
Reference Images/Associated Evidence Limited
No images found for this threat.