Pierluigi Paganini December 02, 2016

The hacker Kapustkiy has breached the Venezuela Army and leaked 3000 user records containing personal information such as names, emails, and phones.

We left the young hacker Kapustkiy after his hack at the High Commission of Ghana & Fiji in India when he also confirmed to have joined the Powerful Greek Army hacked crew.

The hacker breached the India Regional Council as well as organizations and embassies across the world. Recently he hacked the ‘Dipartimento della Funzione Pubblica’ Office of the Italian Government, the Paraguay Embassy of Taiwan (www.embapartwroc.com.tw), and the Indian Embassies in Switzerland, Mali, Romania, Italy, Malawi, and Libya. Kapustkiy.

Now the hacker is back announcing that he left the Powerful Greek Army and that he hacked the Venezuela Army.

Venezuela Army #Leaked https://t.co/WfjkFohR4Z 3000 Users Exposed CC: @fbajak @jammastergirish @RCTVenlinea @Noticias24

— Kapustkiy (@Kapustkiy) 2 dicembre 2016

Kapustkiy has hacked the Venezuela Army and leaked 3000 user records on Pastebin containing personal information such as names, emails, and phones.

The hacker breached the CATROPAEJ (“Caja de Ahorros de la Tropa Profesional del Ejercito Bolivariano Venezolano”) database, he also discovered some logins for the Army’s webmail system, but he did use them.

I reached Kapustkiy that confirmed me the exploitation of an SQLi vulnerability in the target application.

He triggered an Error-Based SQL Injection, this means that he tried to trigger errors in the database by passing unsanitized input in the URL.

Kapustkiy reported the problem to Venezuela Army more than a week ago, but he received no reply.

He told me that he is focusing on South America Governments and Asian organizations.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – Kapustkiy, Venezuela Army)