3C-INT logo [Cyber]Crime Characterization for Intelligence FREE PREVIEW
You are exploring the Free preview. To unlock full read-only access to all public profiles and in-app notifications, create a free research account. For analyst / premium plans capabilities (editing, advanced tabs, exports), please contact us

Threat Actor Characterization

Back
You’re viewing the read-only version. Sign in for analyst tools (editors, promote draft, file/relations management, etc.)
ASALA

ASALA

ID: 768c7d398eeedf58a39af090be45cdb092269
Hacktivist Group Data Leak Channel DDoS Crew Defacement Crew Hacktivism
Threat types: DDoS Attack, Defacement, Data Leak
Armenia AZE, TUR
Updated: 2026-01-13
Created: 2025-10-13
Progress: 55% Completeness: 57% Freshness: 50%
Operation zone: Azerbaijan, Turkey
Aliases Limited alias preview
A.S.A.L.A
Actor Network Graph
Open Network Graph
Read-only preview for anonymous visitors. Sign in with a free Research account for full workspace.
MITRE ATT&CK®
confidence: medium
Actor Techniques page ATT&CK® Diagram

Self-styled Armenian “A.S.A.L.A.” hacktivist label observed in 2015 claiming responsibility for website defacements and a data-leak incident against Azerbaijani targets (AIDA and the Azerbaijan Mortgage Fund subdomain of the Central Bank). Open sources frame the claims via on-page messages and third-party reporting; continuity with the historic 1970s–1990s militant ASALA is unproven.


Technique Technique name Tactics Evidence
T1491.002 External Defacement TA0040
  • 2015-02-19 — AIDA (Azerbaijan International Development Agency) front page carried a message attributing the attack to a 'cyber-group of Monte Melkonian' of ASALA; site restored shortly after. · ref
  • 2015-02-19 — Azerbaijan MFA spokesman confirmed AIDA underwent a cyber attack; the on-page announcement named a Monte Melkonian ASALA 'cyber group'. · ref
  • 2015-02-19 — Media coverage reported 'ASALA commits cyber attack on AIDA' citing the on-page claim; service reportedly restored. · ref
  • 2015-11-15 — Blog coverage: 'AZERBAIJAN MORTGAGE FUND ... hacked by Armenian A.S.A.L.A. group. Data of clients leaked' referencing amf.cbar.az. · ref
  • 2015-11-25 — HackRead article: Armenian 'A.S.A.L.A.' group claimed hack of Central Bank (amf.cbar.az) with alleged customer data leak. · ref
  • 2015-12-07 — Hackmageddon timeline lists the amf.cbar.az incident among late-Nov 2015 cyber attacks. · ref
T1190 Exploit Public-Facing Application TA0001
  • 2015-12-07 — Third-party timeline tags the amf.cbar.az intrusion with 'SQLi?' suggesting a possible public-facing app exploit vector (uncertain). · ref
Strategic Intelligence
Limited preview
Last updated: 2025-10-14T02:19:51+00:00

ASALA Hacktivist Group

CLASSIFICATION: Unclassified / Open Source


Executive Summary

Open-source reporting during 2015 attributes two notable web compromises against Azerbaijani entities to a self-styled Armenian "A.S.A.L.A." hacktivist label: (1) a defacement of the Azerbaijan International Development Agency (AIDA) on 19 February 2015 and (2) a compromise of the Azerbaijan Mortgage Fund subdomain (amf.cbar.az) in mid-November 2015, reportedly including a data leak. The AIDA claim appeared as an on-page message referencing a "cyber-group of Monte Melkonian" linked by name to ASALA; the mortgage-fund incident was carried by blogs and security media with screenshots and timelines. Corroboration across multiple outlets supports that these events occurred and were publicly branded "A.S.A.L.A."; however, direct continuity with the historic 1970s–1990s militant Armenian Secret Army for the Liberation of Armenia is not evidenced, and should be treated as unproven. Overall confidence is assessed as medium, reflecting cross-source consistency on the incidents and branding, with uncertainty on intrusion vector and organizational lineage. 


  • 2015-02-19. AIDA website defaced; front page message attributes the attack to a "cyber-group of Monte Melkonian" of ASALA; service restored shortly. — Trend
  • 2015-02-19. Azerbaijan MFA confirms AIDA suffered a cyber attack and references the on-page attribution. — Apa.az
  • 2015-02-19. Local media headline: "ASALA commits cyber attack on AIDA." — AzerNews
  • 2015-11-15. Blog report: Azerbaijan Mortgage Fund subdomain (amf.cbar.az) hacked by "Armenian A.S.A.L.A. group," with client data allegedly leaked. — Banman
  • 2015-11-25. Security outlet HackRead covers the mortgage-fund incident and "A.S.A.L.A." claim. — Hackread
  • 2015-12-07. Hackmageddon timeline catalogs the amf.cbar.az incident; tag mentions "SQLi?" (uncertain). — HACKMAGEDDON
Full strategic intelligence is available in Analyst and Premium plans.
Executive Analyst Brief for CISO
Empty Limited preview
No content yet.
Tip: Hover the section title to learn what’s included in Analyst / Premium plans.
Executive brief now
Saved successfully.
Hunting Playbook
Empty Limited preview
No content yet.
Tip: Hover the section title to learn what’s included in Analyst / Premium plans.
Hunting Playbook now
Saved successfully.
IOC Appendix
Empty Limited preview
No content yet.
IOC Appendix now
Saved successfully.
OSINT Library
Empty Limited preview
No content yet.
OSINT Library now
Saved successfully.
Social Medial & Communication
SOCMINT integrated: 0/0
No social links registered for this profile.
Notes: preview mode hides sensitive social/contact details.
Reference Images/Associated Evidence Limited
No images found for this threat.