Kapustkiy hacked the Consular Department of the Embassy of the Russian Federation

Kapustkiy breached website for the Consular Department of the Embassy of the Russian Federation in the Netherlands and accessed passport numbers and PPI.

The white hat hacker Kapustkiy breached the website for the Consular Department of the Embassy of the Russian Federation in the Netherlands (ambru.nl). The hacker broke into the database and accessed personal information of approximately 30,000 users, as proof of the attack he leaked only 129 records in order to give the opportunity to administrators to fix the issue. Exposed records include emails, phone numbers, passport numbers, and IP addresses.

“So this could happend? And we give zero fucks about this? You should be a shame ambru.nl When are you guys going to fucking listen to me. A lot people have emailed you guys. SO TELL ME WHY YOU IGNORE ME FFS?” states the hacker’s manifesto published on PasteBin.

When asked about the hacking vulnerability exploited and the attack technique used, Kapustkiy told me that he has exploited a blind SQL Injection.

He hacked the website to push website administrators to boost the security of their platform and patch vulnerabilities that would expose personal details of the users.

Why the Consular Department of the Embassy of the Russian Federation?

There is no political motivation, the hacker was searching for the embassy websites like the Indian ones he breached weeks ago.

IT staff at the Consular Department of the Embassy of the Russian Federation contacted Kapustkiy and told him that they are working to solve the problem.

Kapustkiy reported the data breach to the Russian authorities, but he didn’t receive a response.

Recently Kapustkiy has breached the Argentinian Ministry of Industry and the National Assembly of Ecuador and leaked the data via PasteBin. A few days ago the hacker breached the Venezuela Army and many other websites.

He also hacked the website at the High Commission of Ghana & Fiji in India and the India Regional Council as well as organizations and embassies across the world.

Recently he hacked the ‘Dipartimento dellaFunzione Pubblica’ Office of the Italian Government, the Paraguay Embassy of Taiwan (www.embapartwroc.com.tw), and the Indian Embassies in Switzerland, Mali, Romania, Italy, Malawi, and Libya.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – Kapustkiy, Consular Department of the Embassy of the Russian Federation)