get-img

Кабинетим для" iOS Android

Установить Установить
Частным клиентам Бизнесу О компании
Роуминг
Azercell Kabinetim
flag
b-2-c-logo
akart Социальная Ответственность Устойчивое развитие Карьера Академия Azercell Пресса Наши контакты
arrow-back О компании

RFC-2350

1. Document Information

This document is drafted in full compliance with the RFC-2350 standard and serves as an official reference for Azercell CSIRT. It provides a detailed overview of the team's core functions, contact methods, defined roles, and responsibilities of the Azercell Computer Security Incident Response Team.

 

1.1. Last Update

Version 1.0 published on 07.05.2026.

 

1.2. Distribution of Changes

Information regarding changes to this document is distributed via email to registered stakeholders and partners.

 

1.3. Document Locations

The current version of this document is available through the below official website: https://www.azercell.com/az/about-us/rfc2350.html

 

 

2. Contact Information

2.1. Team Name

Full Name: Azercell Computer Security Incident Response Team (Azercell CSIRT)

 

2.2. Address

Azercell Telecom LLC

Tbilisi av. 149 AZ1122

Baku, Azerbaijan

 

2.3. Time Zone

Time Zone: Asia/Baku (GMT+4)

 

2.4. Contact Number

Phone: (+994 12) 496 70 07

 

2.5. Fax Number


Fax: (+994 12) 430-05-68

 

2.6. Other Contact Methods

Not specified.

 

2.7. Email Addresses

Incident Reporting: incident@azercell.com

General & Collaboration: cert@azercell.com

 

2.8. Public Keys and Encryption Information

Azercell CSIRT uses the PGP encryption system for digital signatures and to receive encrypted and sensitive information. The key is available on PGP/GPG key servers (https://keys.openpgp.org).

 

Email: cert@azercell.com (Azercell CERT)

Fingerprint: 8A41709DF7FB7F7B493E144613ECA0C4324E6941 

 

2.9. Team Members

Information regarding the members of the Azercell CSIRT team is not disclosed to the public.

 

2.10. Other Information

General information about Azercell CSIRT is available at:
https://www.azercell.com/az/about-us/rfc2350.html

 

 

3. Charter

3.1. Mission Statement

Azercell CSIRT is dedicated to strengthening cybersecurity and resilience across Azercell's infrastructure, its customers, and the wider telecommunications ecosystem.

3.2. Scope

Azercell CSIRT serves the cybersecurity needs of Azercell and its ecosystem. Its scope covers internal systems, networks, and infrastructure operated by Azercell, along with ecosystem and MSSP customers impacted by cybersecurity incidents involving Azercell's services.

 

Azercell CSIRT also cooperates with national CERTs and government agencies for incident coordination and regulatory compliance, and with international CERTs and trusted communities for best practice alignment and early warning sharing.

 

3.3. Sponsorship and/or Affiliation

Azercell CSIRT operates under Azercell Telecom LLC.

 

3.4. Authority

Azercell CSIRT operates under the authority of Azercell Telecom LLC, collaborating with national and international cybersecurity communities, government agencies, and private sector partners to ensure effective incident coordination, threat intelligence sharing, and capacity building across its scope of operation.

 

4. Policies

4.1. Types of Incidents and Level of Support

Azercell CSIRT handles computer incidents affecting its ecosystem and internal infrastructure including:

 

  • Malicious software outbreaks, including ransomware-related incidents;
  • Credential harvesting attempts and phishing-driven attacks;
  • Distributed Denial of Service (DDoS) and related availability attacks;
  • Unauthorized access to systems and exposure of sensitive data;
  • Vulnerabilities in software or hardware components being actively exploited;
  • Anomalous or suspicious behavior originating from internal users;
  • Indicators of Advanced Persistent Threat (APT) campaigns.

 

As the primary point of contact for incidents within its scope, Azercell CSIRT leads response efforts, conducts technical analysis, and works closely with relevant internal teams and external partners to ensure a timely and effective resolution. The extent of direct involvement in each case is shaped by the incident's severity and the resources on hand.

 

4.2. Cooperation, Interaction, and Information Disclosure

Azercell CSIRT actively promotes operational collaboration and information sharing with CERTs and other institutions capable of benefiting from or contributing to its services.

Sensitive information is safeguarded by Azercell CSIRT in accordance with the relevant laws of the Republic of Azerbaijan and applicable internal policies.

 

4.3. Communication and Authentication

Low-sensitivity information may be transmitted via telephone or unencrypted email. All high-sensitivity communications directed to Azercell CSIRT must be PGP-encrypted using the team's published key. Information sharing practices are guided by the Traffic Light Protocol (TLP).

5. Services

Azercell CSIRT provides the following cybersecurity services, covering both reactive response to incidents and proactive measures aimed at reducing risk and strengthening the overall security posture of Azercell and its ecosystem.

 

5.1. Incident Response

Azercell CSIRT serves as the primary coordination authority for cybersecurity incidents affecting its constituency. This service encompasses:

  • Receipt, triage, and prioritization of incident reports from internal teams, operational units, customers, and external partners.
  • Coordination of containment, eradication, and recovery activities across affected parties.
  • Facilitation of communication between internal stakeholders and external parties throughout the incident lifecycle.
  • Escalation to national authorities, CERT.AZ, or peer CSIRTs where cross-organizational coordination is required.
  • Management of incident communication protocols during high-severity and crisis situations.

 

5.2. Digital Forensics

Azercell CSIRT conducts thorough forensic investigations to support incident resolution and evidence preservation. This encompasses:

  • Collection, preservation, and analysis of digital evidence in accordance with forensic best practices.
  • Root cause analysis and timeline reconstruction of security incidents.
  • Production of forensic reports to support internal decision-making and, where applicable, legal proceedings.

 

5.3. Threat Hunting

Azercell CSIRT proactively hunts for threats within the organization's environment. This service includes:

  • Continuous hypothesis-driven hunting operations to identify hidden threats and attacker activity.
  • Analysis of behavioral anomalies, indicators of compromise, and threat actor techniques.
  • Integration of threat hunting findings into detection and response processes.

 

5.4. Threat Intelligence

Azercell CSIRT systematically collects, analyzes, and disseminates actionable cyber threat intelligence. This service encompasses:

  • Collection and contextual analysis of Indicators of Compromise (IoCs), adversary Tactics, Techniques and Procedures (TTPs), and emerging threat landscapes relevant to the telecommunications sector.
  • Correlation of threat data with incident observations and external intelligence sources to identify patterns, anomalies, and evolving risks.
  • Production and timely distribution of technical bulletins, threat advisories, and early warnings to relevant internal and external stakeholders.

 

5.5. Vulnerability Management

Azercell CSIRT oversees the full vulnerability management lifecycle, including:

  • Identification and assessment of vulnerabilities across Azercell's systems and infrastructure.
  • Prioritization of vulnerabilities based on risk, exploitability, and business impact.
  • Coordination of patching and remediation activities with relevant technical teams.
  • Tracking and reporting on vulnerability remediation progress.

 

5.6. Detection Engineering

Azercell CSIRT continuously develops and improves detection capabilities, including:

  • Design and implementation of detection rules, use cases, and alerting mechanisms.
  • Tuning and optimization of detection logic based on threat intelligence and operational feedback.
  • Evaluation and integration of new detection technologies and methodologies.

 

 

 

6. Incident Reporting Channels

Incidents must be reported using one of the following channels:

 

Primary (Incidents)

incident@azercell.com

General / Collaboration

cert@azercell.com

Phone

+994 12 496 70 07

 

When reporting an incident, please include as much of the following information as possible:

  • Date and time of the incident (with time zone).
  • Description of the incident and affected systems.
  • Any indicators of compromise (IP addresses, domains, file hashes, etc.).
  • Any actions already taken in response to the incident.
  • Contact details for follow-up communication.

 

For sensitive incident reports, please use PGP encryption (key details will be published once available).

 

 

7. Additional Notes

7.1. While all precautions are taken during the preparation of information and notifications shared by Azercell CSIRT, Azercell CSIRT assumes no responsibility for any errors, omissions, or damages resulting from the use of the information provided.

 

7.2. This document will be reviewed and updated periodically to reflect changes in the team's structure, services, or contact information. Stakeholders will be notified of significant changes via email.