Executive Summary

A new publication hosted on the BASHE leak site offers for sale an alleged database associated with elections.mia.gov.am and attributes its origin to the hacktivist group Wolves of Turan.

According to the publication, the database contains 30,074 records linked to Armenian citizens expected to participate in the country’s parliamentary elections. The information reportedly includes names, patronymics, dates of birth, residential addresses, polling-station numbers, location details and other personal data fields. The post includes a countdown timer and an option to purchase the data immediately.

The publication appeared only days before Armenia’s parliamentary elections, scheduled for 7 June 2026. At this stage, the authenticity, freshness and provenance of the database have not been independently verified. There is also no confirmed evidence that ransomware has been deployed against Armenian government systems or that Wolves of Turan operates as a formal BASHE affiliate.

Key Judgments

• The timing and narrative framing of the publication indicate an attempt to exert pressure within a sensitive electoral environment.
• The available evidence supports describing the incident as an alleged exposure of electoral data disseminated through BASHE-linked extortion infrastructure.
• This information does not constitute proof of a direct compromise of Armenian government systems.
• BASHE’s previous history of disputed publications or claims based on recycled information makes independent validation necessary before drawing conclusions about the origin or current relevance of the data.

What Happened

The BASHE leak site published an entry titled elections.mia.gov.am from WOLVES OF TURAN, in which its operators claim to have contacted Wolves of Turan and acquired a database of Armenian citizens expected to participate in the parliamentary elections.

A separate message attributed to Wolves of Turan used openly hostile nationalist rhetoric and presented the alleged exposure as part of a broader campaign against Armenian targets. The content extends beyond a purely economic rationale: it seeks to intimidate the population, portray electoral participation as a vulnerability and reinforce the actor’s image as an expanding offensive structure.

The publication hosted on the BASHE site also offers the alleged database for sale and sets a deadline. In this way, the announcement combines the pressure mechanism commonly associated with ransomware narratives — the monetization of information — with the additional element of public signaling around a target connected to the electoral process.

Operational Assessment

The most relevant aspect is not merely the appearance of a publication on a leak site, but the apparent convergence of two distinct ecosystems.

Wolves of Turan has previously been associated with cyber activity directed against Armenia and with politically charged messaging. BASHE, also tracked as APT73, provides an extortion-oriented publication channel that increases Wolves of Turan’s visibility while adding a commercial component to the exposure.

The available evidence does not support establishing a formal association between the two actors. A more cautious interpretation is that BASHE infrastructure is being used as a distribution or monetization layer for data attributed to Wolves of Turan. It remains unclear whether this reflects an enduring relationship, a one-off operation or an arrangement with a predominantly performative component.

BASHE has previously been associated with disputed publications involving recycled information or data presented under a misleading framing. Even if the records prove to be outdated or partially derived from earlier sources, the publication would retain value as an information-pressure operation by introducing uncertainty regarding the integrity of the electoral environment.

Intelligence Significance

If the database is authentic and was obtained recently, the publication would indicate an evolution from disruptive or propagandistic activity toward the exposure of personal information linked to a sensitive political process. This would broaden the potential impact from the technical domain to intimidation and reputational pressure.

If the data is recycled, incomplete or presented under misleading attribution, the case would remain relevant for a different reason: it would demonstrate the use of criminal extortion infrastructure to project an image of greater operational reach and reinforce a hostile narrative only days before a national election.

In either scenario, the publication carries strategic effects because its impact may derive both from the perception of access and from the actual technical depth of the intrusion.

Analytical Closing

The appearance of material attributed to Wolves of Turan on the BASHE leak site broadens the actor’s observable activity against Armenia and introduces an extortion component within a particularly sensitive political environment.

The immediate priority is to determine whether the advertised data is authentic, recent and directly obtained from Armenian government systems. Until that validation is available, iQBlack assesses the incident as a preliminary but relevant signal of cyber-enabled and information pressure directed at Armenia’s electoral context.