DIGITAL DEFENCE

Fading and resurgent hybrid cyberspace wars have been observed worldwide for more than a decade. Over the last four years, however, these processes have acquired the character of a large-scale crisis. Geopolitical tension has noticeably intensified cyberthreats to state and corporate structures in many countries. Azerbaijan is also exposed to these risks; to counter network threats the country has assembled a pool of information-security specialists and implemented comprehensive protection of its digital space. Achievements in combating cybercrime were discussed at the Critical Infrastructure Defence Challenge (CIDC 2025) cybersecurity festival.

Repelling attacks

Today the methods and practices of global cybercrime increasingly serve as instruments of ideological and politico-military struggle and cyber-espionage among leading world powers. Formally independent cybergroups are actively used for these purposes, and many of them operate with an overtly "ideological" underpinning. Transnational structures such as Anonymous, Decocidio, Lizard Squad and others are also highly active.

The situation with global cyberattacks on e-government systems and state agencies’ web resources, as well as on servers of critical infrastructure, has become very serious in recent years. In response, in January 2025 the EU Council expanded sanctions as part of efforts to counter cyberattacks on state network infrastructure.

Azerbaijan has faced rising risks in recent years: the intensity of cyberattacks against the country fluctuates, but DDoS attacks occur almost daily. According to the State Service for Special Communication and Information Security of Azerbaijan (SSSCIS), phishing attacks, email-based operations and—recently increasingly—cases of citizens’ accounts being compromised and data intercepted via the Telegram messenger have been observed.

Thus, in the first half of 2025, 95 employees of 47 state institutions fell victim to hacker attacks due to non-compliance with cyber-hygiene rules. Of these, 16% were staff with administrative privileges. Approximately 180 audits were carried out in state institutions, revealing 280 vulnerabilities in information systems. SSSCIS specialists presented these vulnerabilities to the relevant bodies with recommendations on how to eliminate them. In total, the aggregate volume of repelled attacks reached 300 Tbit/s, including 18 attacks with a power of 1 Gbit/s. In particular, in the first half of the year the AzStateNet network blocked 262.92 million malicious redirects, the central antivirus system stopped more than 12.3 million infected files, and the Sandbox protection system neutralised 61,482 malicious electronic documents.

To prevent such incidents, SSSCIS specialists and its embedded "Computer Incidents Response Centre" have created a powerful system to counter cybercrime and protect state web resources from network threats, including protection of servers connected to the centralised antivirus system. As a result, hacker attacks were intercepted in a timely fashion and malicious programs were neutralised without causing significant harm to databases, the functionality of state web resources or the e-government system as a whole.

DATA centres within the centralised Government Cloud (G-cloud) serve as an effective shield that blocks cybercriminal attacks. "Energy-management systems, transport networks, healthcare and education are strategic areas with implemented digital technologies that can become potential targets in cyberspace. Therefore, cybersecurity is already becoming a matter of national security given the rapid digitalisation of many sectors," said SSSCIS head Ilgar Musayev.

Cybersecurity festival

The effectiveness of the national system for protecting the network space and initiatives in this area were discussed at the CIDC2025 cybersecurity festival held in Baku.

"In the digital world, information security and cybersecurity have ceased to be merely technological problems and have become one of the main instruments for ensuring economic security, sustainable development and a competitive economy. The 'National Strategy of Azerbaijan on Information Security and Cybersecurity for 2023–2027' defines priority directions and supports the formation of a national cybersecurity ecosystem, protection of critical information infrastructure, creation of national training centres in cybersecurity and relevant laboratories, establishment of partnerships between the state and the private sector in this area, and development of human resources," said First Deputy Minister of Economy of Azerbaijan Elnur Aliyev at the CIDC 2025 opening ceremony.

He noted that the recently adopted "Concept of Digital Development of Azerbaijan" and the "Azerbaijan Artificial Intelligence Strategy for 2025–2028" are particularly significant for the country’s digital transformation, the creation of new intelligent products, management of large volumes of data, development of AI-based solutions and formation of a startup ecosystem. All this serves the country’s economic development and digital sovereignty.

The deputy minister mentioned another important project—Coursera National Academy, implemented by the ministry to strengthen digital skills: "To date about 40,000 people have joined over 187,000 courses through the platform; in total, more than 600 cybersecurity courses have been organised under the project, which testifies to the growth of digital literacy, technological adaptation and the capabilities of specialists in our country."

A crucial step in increasing network-security resilience has been measures to create "smart" systems capable not only of resisting cyberthreats but also of promptly transmitting countermeasure experience to all interested bodies. In particular, a digital platform operating with open-source data has been created to organise the exchange of cybersecurity information and to protect the national information space from modern threats.

"The platform provides collection of information on cyberincidents, timely responses to threats and attacks, and also allows preventive measures to be taken by exchanging registered incidents among organisations. More than 30 state bodies are already connected to the platform," said Deputy Minister of Digital Development and Transport Sameddin Asadov. He added that the Electronic Security Service has begun work to create joint notification mechanisms with CERT (computer emergency response teams), as well as to assess threats and form coordination and consultation platforms in this sphere. At the state level a unified information-exchange and interaction platform is being formed, as well as capabilities for early warning and response to threats and attacks.

Shahin Aliyev, Vice-Chairman of the Agency for Innovations and Digital Development, noted that alongside the public sector, criteria will be developed to assess the level of cybersecurity in the private sector. National-level diagnostics and assessment will cover all sectors of the economy. Mr Aliyev also reminded that in January this year Azerbaijan approved the Concept of Digital Development. In this document cybersecurity is designated as one of the key components of the country’s digital architecture: "In the concept, alongside the public sector, criteria are provided for assessing the cybersecurity situation in the private sector; diagnostics and assessments covering all directions will be conducted. We must consider all of this as a single digital ecosystem of Azerbaijan, requiring integration of all components and participants, and this will allow organisations to meet specialised requirements and minimise risks associated with cyberthreats."

Financial threats

One of the most important tasks is securing the country’s financial sector, which in recent years has faced serious cyberthreats. The Central Bank of Azerbaijan (CBA) is developing IT governance frameworks for safe handling of databases and artificial intelligence. These frameworks, built on international standards, are intended to increase resilience, security and efficiency of processes in financial organisations.

Similar work is under way at the Azerbaijan Banks Association to strengthen anti-fraud measures: a package of measures and technological solutions aimed at preventing fraud, including theft of funds via payment cards.

According to the Interior Ministry, in 2024 about 22 million manats were stolen from citizens’ bank cards in Azerbaijan, and from January to April 2025 that amount increased by another 6 million. Today the main task when citizens file complaints about theft from bank accounts is to promptly investigate where the stolen funds are and, upon detection of unlawful operations, take measures to freeze them.

"In future, incidents related to cybersecurity occurring in any bank will not be regarded as solely that bank’s problem: such cases will be immediately referred to the CBA, where events will be analysed centrally and communicated to all banks. Within the bank structure a function called pinsert will collect incidents, conduct technical and risk-oriented analysis, and the results will be rapidly communicated to the banking sector as warnings: the mechanism will prevent repeated similar incidents in the banking sphere and strengthen operational response capabilities," said Director of the CBA Department of Information and Cybersecurity Elnur Eyvazly.

It is clear that, given cross-border technical capabilities, the fight against cybercrime, including within the financial sector, cannot be confined solely to the country’s territory. Therefore strengthening international cooperation to prevent actions against the nation’s interests in the global cyberspace has been one of the priorities of the National Cybersecurity Centre of the State Security Service of Azerbaijan. In this regard, interaction has been established within various platforms with bodies responsible for cybersecurity in more than 160 countries, as well as with global technology companies and specialised organisations.

Thus, geopolitical developments worldwide and in the region in recent years have made information security and protection of critical infrastructure one of the primary items on states’ national-security agendas. That is why activities organised under the Critical Infrastructure Defence Challenge festival are especially important, reinforcing Azerbaijan’s leading position in network security.