Last week, the hacker Kapustkiy, one of the most active hackers at this moment, hacked the India Regional Council, today he sent me a message to announce to have hacked the High Commission of Ghana & Fiji in India.
The hacked archives are:
The hacker has found other SQLi flaws in the above websites and the way to exploit them to access their databases. The database contains users’ personal information, including real names, phone numbers and email.
Among the first hacks of Kapustkiy there is are the data breach of Indian embassies across the worlds, a few weeks later the young hacker decided to verify if the flaws were fixed after his disclosure.
“I was curious about the Indian Embassy if they had fix everything that they promised to me. So I’ve found two sites that were related to the Indian Embassy” ha told me.
Kapustkjy published a small portion of the compromised databases on Pastebin. The hackers announced that he is now a member of the Powerful Greek Army hacker group.
Below the manifesto published by the hacker:
“DISCLAIMER: Don’t leak this somewhere else and don’t claim that it is your work
And don’t abuse this information. This is only to let adminstrators to see the danger of a weak website with no security and what the consequence are. I have reported the vulnerable.
YOU AGREE THAT YOU DON’T ABUSE THIS INFORMATION
YOU AGREE THAT YOU ARE NOT SHARING IT ON OTHER WEBSITES
YOU AGREE THAT THIS IS DONE BY KAPUSTKIY FROM POWERFUL GREEK ARMY
YOU AGREE THAT THIS WILL BE DELETED WHEN ADMINSTRATORS ARE GOING TO FIX IT
Contact them about the vulnerability please: Yatin.Patel10@mea.gov.in & firstname.lastname@example.org”
Kapustkiy is a seventeen years old pentester that is targeting organizations and embassies across the world. Recently he breached the ‘Dipartimento della Funzione Pubblica’ Office of the Italian Government, the Paraguay Embassy of Taiwan (www.embapartwroc.com.tw), and a few days ago the hacker and his friend Kasimierz (@Kasimierz_) hacked the Indian Embassies in Switzerland, Mali, Romania, Italy, Malawi, and Libya. Kapustkiy and his friend Kasimierz (@Kasimierz_).
He also targeted Universities, including two subdomains of Virginia University & Sub domain of University of http://pastebin.com/i1wmM5D1Wisconsin ( ) and another embassy, the Indian Embassy in New York (http://pastebin.com/Akm9x4dD )
The Indian authorities have issued a public statement to thank the young hacker for exposing the vulnerabilities in their websites.
“Thank you for your advice,” said Sanjay Kumar Verma, Joint Secretary, eGovernance and Information Technology. “We are fixing codes one by one. Your help in probing websites of various Indian embassies is a great help.”
The administrators of the Italian website also thanked him,
(Security Affairs – Kapustkiy, hacking)