Eastern India Regional Council hacked by Kapustkiy

Kapustkiy, one of the most prolific hackers at this moment announced a new data breach, the victim is the India Regional Council.

Last week, I was contacted by a young hacker that breached Indian embassies across the worlds, he goes online with the moniker Kapustkiy.

Kapustkiy is a seventeen years old pentester that is targeting organizations and embassies across the world. Recently he breached the ‘Dipartimento della Funzione Pubblica’ Office of the Italian Government, the Paraguay Embassy of Taiwan (www.embapartwroc.com.tw), and a few days ago the hacker and his friend Kasimierz (@Kasimierz_) hacked the Indian Embassies in Switzerland, Mali, Romania, Italy, Malawi, and Libya. Kapustkiy and his friend Kasimierz (@Kasimierz_).

He also targeted Universities, including two subdomains of Virginia University & Sub domain of University of Wisconsin (http://pastebin.com/i1wmM5D1 ) and another embassy, the Indian Embassy in New York (http://pastebin.com/Akm9x4dD )

The Indian authorities have issued a public statement to thank the young hacker for exposing the vulnerabilities in their websites.

“Thank you for your advice,” said Sanjay Kumar Verma, Joint Secretary, eGovernance and Information Technology. “We are fixing codes one by one. Your help in probing websites of various Indian embassies is a great help.”

This time the young hacker breached the database at the Eastern India Regional Council and leaked online a small portion of the archive composed of 17,000 users. Kapustkiy leaked an excel file containing more than 2000 user records as proof of the breach.

 

The records in the database of Eastern India Regional Council contain many attributes, including membership numbers, usernames, passwords, email addresses, registration numbers.

Kapustkiy used some web scanners to find several vulnerabilities in the target website and a simple SQL Injection tool to exploit the flaw he discovered. The hacker tried to contact the organization but they seem to ignore emails.

Once again Kapustkiy is inviting website administrators to pay attention to the security of their infrastructure.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – Kapustkiy,  India Regional Council)