Researchers have documented the first known case of NSO Group's spyware being used in a military conflict, after discovering that journalists, human rights defenders, a United Nations official, and members of civil society in Armenia had been hacked by a government using spyware. The hacking campaign, which targeted at least a dozen victims from October 2020 to December 2022, appears to be closely linked to events in the long-running military conflict between Armenia and Azerbaijan over the disputed Nagorno-Karabakh region. Previous investigations of spyware exploits by NSO Group's customers have already revealed that Azerbaijan is a government client of NSO Group, with "substantial evidence" according to the researchers. The news is important because Pegasus, a military-grade spyware that can hack into any phone and remotely control it, has never been documented as being used in a military conflict. An NSO spokesperson said the company could not comment on the new report by Access Now and others because the report was not shared with NSO. It said previous investigations into allegations of "improper use of our technologies" by customers have resulted in multiple contract terminations. The investigation was led by researchers at Access Now, CyberHUB-AM, Citizen Lab at the University of Toronto's Munk School of Global Affairs, Amnesty International's Security Lab, and Ruben Muradyan, an independent mobile security researcher. The hacking of people based in Armenia was first discovered in November 2021, two months after a series of es on the Armenia-Azerbaijan border in which at least 200 people , the most serious increase in violence since the 2020 Nagorno-Karabakh war. Apple began sending out notifications to cell phone users they believed were targets of government-sponsored spyware. Anna Naghdalyan, a former Armenian foreign ministry spokesperson, was hacked at least 27 times between October 2020 and July 2021, while still serving as the ministry's spokesperson. The timing of the attacks put him in "the most sensitive conversations and negotiations on the Nagorno-Karabakh crisis", including ceasefire mediation attempts by France, Russia and the United States, and official visits to Moscow and Karabakh, the researchers said. Naghdalyan told Access Now that at the time of the hack, he had "all the information on his phone about the developments during the war" and he felt there was no way he could feel completely safe anymore. "Even if you have the most secure system on your phone, you can't be safe," she said. Experts said the development illustrates the risks of spyware being used to fuel geopolitical fires. “This raises important questions about the safety of international organizations, journalists, humanitarian workers and others working around conflict. "Any foreign government that has diplomatic services around the conflict should shudder," said John Scott-Railton, a senior researcher at Citizen Lab. Other victims include Radio Azatutyun correspondent Karlen Aslanyan, who has been covering the Armenian political crisis that erupted after Armenia's defeat in the 2020 conflict. At least one guest of Aslanyan's popular Armenian show, Kristinne Grigoryan, was attacked a month after she appeared on the show. Another journalist, Astghik Bedevyan, who closely followed the conflict, was hacked in May 2021. The report lists several other journalists, professors, and human rights defenders whose work focuses on the military conflict. Access Now said that five of the 12 people attacked chose to remain anonymous, but among them was a UN representative who was not allowed to come forward. Access Now and its partners said they believe the hacking was done by a customer of NSO Group, but the data could not be conclusively attributed to a particular customer. They added that given the people's work on the conflict, the government of Armenia may also have been involved in hacking people, but there is no other evidence that Armenia is a Pegasus user. Indeed, the country is believed to be a user of a different spyware product called Predator, created by NSO's commercial rival Cytrox. Other evidence points to Azerbaijan being an NSO client, including Citizen Lab's findings that some Pegasus one-click infections are linked to infrastructure disguised as Azerbaijani political websites. Amnesty's research also identified Azerbaijani-linked domains that point to Azerbaijan as a possible Pegasus client. The Armenian and Azerbaijani embassies did not immediately respond to a request for comment. NSO said it is investigating credible reports of abuse of spyware by government customers. NSO Group was blacklisted by the Biden administration in 2021 after the commerce department said the company provided its technology to foreign governments that used it to maliciously target government officials, journalists, businessmen, activists and embassy employees.