The hacker Kapustkiy continues to target embassies and universities

The hacker Kapustkiy is back and breached another embassy and two universities. He leaked data on Pastebin.

The security pentester who goes online with the moniker Kapustkiy continues to target organizations and embassies across the world.

Recently he breached the Paraguay Embassy of Taiwan (www.embapartwroc.com.tw), while a few days ago the hacker and his friend Kasimierz (@Kasimierz_) hacked the Indian Embassies in Switzerland, Mali, Romania, Italy, Malawi, and Libya. Kapustkiy and his friend Kasimierz (@Kasimierz_).

The last victims of the hacker are two subdomains of Virginia University & Sub domain of University of Wisconsin (http://pastebin.com/i1wmM5D1 ) and another embassy, the Indian Embassy in New York (http://pastebin.com/Akm9x4dD )

He contacted me via Twitter to report the data breaches, in the case of the Indian Embassy in New York he explained to have leaked only a small portion of stolen data that doesn’t include US personnel.

“Hi, Its me Kaputski, A few weeks ago I breached several websites that were related to the Indian ShitEmbassy. So I thought they will fix all the vulnerables in there domains and also look at there other domains that maybe could have a simple ”SQLi” vulnerable. So guess what? they did not look at all and only fixed some of there domains SMH……….” wrote Kapustkiy.

“I’m tired to report all the errors that I find in there website that I decided to breach them, NOW FIX YOUR SECURITY FUCKING ADMINS! NOTE: There was also a table named ”Newyork_contact” which had 7000 entries. I didn’t leak that out of privacy of people. Also the table ”Newyork_registration” had also information like Address,City,zipcode,phone number” I only leaked this but it could be more.”.

The databases related to universities include users personal information such as names, login, passwords, phone and many other information of students and staff.

As you can see in same cases the passwords are stored in plain text.

Records belonging to the hacked embassy include also phone numbers, let me highlight once again that such kind of information is a precious commodity for nation-state hackers that intend to launch a spear phishing campaign against diplomats.

Kapustkiy explained to have leaked the data because the administrators of the targeted entities ignore his warning via email.

It is likely Kapustkiy exploited SQli injection flaws in the last string of data breaches.

Who is the next one?

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – Kapustkiy , data breach)