3C-INT | [Cyber]Crime Characterization for Intelligence

Anti-Armenia Team

ID: 30519ff175f41f5045b85143863861a335745

Hacktivist Group Collective Data Leak Channel Defacement Crew Hacktivism

Threat types: Defacement, DataLeak, Intrusion

Azerbaijan ARM

Updated: 2026-03-15

Created: 2025-10-16

Progress: 91% Completeness: 100% Freshness: 70%

Operation zone: Armenia

Aliases Limited alias preview

AAT	ANTİ ERMENİA TEAM	An*************	Az*******************
Az***********************	—	—	—

Showing 2 of 5 aliases in free preview.

Associated Threat Relationships

Limited preview

Related profiles 6
Related files 0

Related profiles

ID	Threat	Origin	Type	Categories
9e88df13af7e12c8574dd48ddd87af83	CyberRuf	Azerbaijan	member-of	Hacktivist Group
fee0da3e1c690e0734edd6cee4bd7f3a	Elgun33	Azerbaijan	member-of	Hacktivist Group
800f8dafd16109449ebe39c2d849fafd	Ferid23	Azerbaijan	member-of	Hacktivist Group
25adbb7a464df3f92ecb04395b01569901952	Karabakh Hacking Team	Azerbaijan	ally-of	Hacktivist Group
26707fb0f173e13466d2ad67c926df5e	r43i7	Azerbaijan	member-of	Hacktivist Group
9b98c80aac8ac310a334f44d74e7eb63	T43RIZ	Azerbaijan	member-of	Hacktivist Group

Related files

No related files found.

Actor Network Graph

Open Network Graph

Read-only preview for anonymous visitors. Sign in with a free Research account for full workspace.

MITRE ATT&CK®

confidence: medium

Actor Techniques page ATT&CK® Diagram

Anti-Armenia Team is a long-running Azerbaijani nationalist hacktivist brand publicly aligned with the Azerbaijan Cyber Army label. Public reporting most consistently associates it with Armenia-focused website compromise, defacement, selective data leaks, and propaganda amplification against politically symbolic targets.

Technique	Technique name	Tactics	Evidence
T1491.001	Internal Defacement	TA0040	2014-01-23 — Public reporting linked Anti-Armenia Team to defacement of several Armenian government ministry websites. · ref 2020-07-14 — Public reporting during the Armenia–Azerbaijan clashes described compromise and defacement of more than 30 Armenian websites, including government resources, attributed to the group. · ref
T1190	Exploit Public-Facing Application	TA0001	2014-01-23 — INFERENCE (confidence: medium): Repeated public-facing website compromises against ministry and official web properties are consistent with exploitation of exposed web applications or adjacent insecure administration surfaces. · ref 2020-07-14 — INFERENCE (confidence: medium): Multi-site compromise of Armenian public websites during a crisis period is consistent with opportunistic exploitation of internet-facing services. · ref
T1078	Valid Accounts	TA0001 TA0003 TA0004 TA0005	2016-04-07 — INFERENCE (confidence: low-medium): Compromise of the Russian Embassy in Armenia Twitter account is compatible with abuse of valid credentials or account-recovery weakness, though the precise vector was not publicly documented. · ref
T1005	Data from Local System	TA0009	2016-09-03 — Public reporting linked the actor to theft and publication of passport scans and security-service-linked records, consistent with collection of data resident on compromised systems or accounts. · ref 2021-02-26 — PwC noted tit-for-tat leaking involving internal government emails and Armenia-linked sensitive data in the wider conflict context associated with Anti-Armenia Team and rival groups. · ref
T1567	Exfiltration Over Web Service	TA0010	2016-09-03 — INFERENCE (confidence: low-medium): Leak publication implies outward transfer of collected data to publication channels or externally controlled repositories, although the transfer mechanism is not publicly described. · ref

Strategic Intelligence

Limited preview

Last updated: 2026-03-15T03:15:12+00:00

Preliminary Strategic Intelligence

Anti-Armenia Team (Azerbaijan Cyber Army) - Nationalist / conflict-linked hacktivist collective

Classification: Unclassified / Open Source Intelligence (OSINT) — TLP:WHITE

Assessed country of origin / home base: Azerbaijan

Executive Summary

Anti-Armenia Team is a long-running Azerbaijani nationalist hacktivist brand that publicly presents itself as part of the “Azerbaijan Cyber Army” ecosystem. Public reporting and the group’s own long-lived online presence indicate an operational focus on Armenia-linked targets, especially government, diplomatic, military-adjacent, and public-facing information resources. The actor’s most consistently observed effects are website defacements, politically framed account compromise, public leak claims, and messaging activity designed to shape perception during moments of interstate tension.

The group should not be modeled as a stealth-heavy espionage actor or a mature crimeware enterprise. Its public footprint is better explained by conflict-driven hacktivism with selective data exposure, symbolic targeting, and propaganda-oriented amplification. Even so, repeated public reporting ties the brand to compromises of Armenian government-linked resources and to conflict-era leak claims, which means the actor remains relevant to regional exposure mapping, influence-aware incident attribution, and public-sector defensive planning.

Anti-Armenia Team is best assessed as an Azerbaijani nationalist hacktivist collective whose identity is explicitly anti-Armenian and whose public branding is closely aligned with wartime or crisis-era messaging. The actor openly frames activity as cyber support to Azerbaijani national interests and publicly links itself to the “Azerbaijan Cyber Army” concept. Its messaging, branding, and victim selection strongly suggest that symbolic political effect is a primary operational objective.

Full strategic intelligence is available in Analyst and Premium plans.

Executive Analyst Brief for CISO

Saved Limited preview

Executive Analyst Brief for Decision Makers — Anti-Armenia Team (Azerbaijan Cyber Army)

Classification: Unclassified / OSINT — TLP:WHITE

Upgrade to access the full executive brief.

Tip: Hover the section title to learn what’s included in Analyst / Premium plans.

Saved successfully.

Hunting Playbook

Saved Limited preview

Hunting Playbook — Anti-Armenia Team (Azerbaijan Cyber Army)

Upgrade to access the full hunting playbook.

Tip: Hover the section title to learn what’s included in Analyst / Premium plans.

Saved successfully.

IOC Appendix

Saved Limited preview

Last updated: 2026-03-15T03:23:43+00:00

IOC Appendix — Anti-Armenia Team (TLP:WHITE)

Scope & Caveats. This appendix reflects a hacktivist brand with stronger public attribution and social presence than deep technical reporting. As a result, the most reliable indicators are organizational and communications-linked rather than malware-rich. These items are best used for monitoring, enrichment, watchlisting, and correlation; they are not all suitable for blocking.

More IOC context for Research. Full appendix for Analyst and Premium plans.

Saved successfully.

OSINT Library

Saved Limited preview

Last saved: 2026-03-15T03:24:07+00:00

OSINT Library — Anti-Armenia Team (Azerbaijan Cyber Army)

2014-01-23 — HackRead — “Several Armenian Government Ministries Websites Hacked by Anti-Armenia Team”

Full OSINT references available for Research / Analyst.

Saved successfully.

Social Medial & Communication

SOCMINT integrated: 0/10

Address	Verification	SOCMINT
`twitter.com/ant************`	Restricted	Not integrated

Address	Verification	SOCMINT
`www.facebook.com/ANT***************`	Restricted	Not integrated

Address	Verification	SOCMINT
`t.me/ant*********************`	Restricted	Not integrated

Address	Verification	SOCMINT
`www.youtube.com/@An*************`	Restricted	Not integrated
`youtube.com/cha*****************************`	Restricted	Not integrated
`www.instagram.com/ant*********************`	Restricted	Not integrated
`www.instagram.com/p/C**********`	Restricted	Not integrated
`www.instagram.com/_an**********`	Restricted	Not integrated
`www.tiktok.com/@an**********************`	Restricted	Not integrated