Menu
Browse

Cyber Threat Actor: Powerful Greek Army

Aliases: 2 aliases
Actor Type Location Known Incidents
 Icon
Activist
Greece
3 incidents
Profile

Powerful Greek Army,also known as Powerful Greek Hackers, is a threat actor operating from Greece that has been identified in multiple intrusion reports under the aliases Cryptolulz and Kapustkiy. The actor’s public statements describe their actions as politically motivated and they have acknowledged an affiliation with the Fallensec hacking group after certain incidents. Their activity has focused on compromising government and diplomatic web presences through web application vulnerabilities, particularly SQL injection flaws, to obtain and sometimes disclose credential data.

The actor’s typical targets include embassy and high commission websites located in regions such as Russia and India, indicating a focus on diplomatic missions rather than commercial or financial sectors. Their strategic objective, as expressed in their own claims, is to highlight perceived security negligence and pressure administrators into patching vulnerabilities by leaking partial database contents, including login details, email addresses, IP addresses and timestamps. The observed tactics, techniques and procedures consistently involve blind or standard SQL injection as the initial access vector, followed by manual enumeration of database tables and selective exfiltration of non‑sensitive user records; no custom malware or persistent tooling has been referenced in the available sources. The actor’s approach appears to be opportunistic, exploiting disclosed weaknesses after prior warnings to site administrators have gone unaddressed.

Representative operations attributed to this group include the blind SQL injection breach of the Armenian embassy’s website in Russia, where administrative credentials were extracted and a portion of the database was made public to underscore security shortcomings. Another notable set of incidents involves the SQL injection compromise of the High Commission of Fiji’s website in India and, on the same day, the breach of two additional high commission sites in India, one linked to Ghana, resulting in the exposure of nearly two hundred user credentials and the release of partial database contents to compel remediation. These examples illustrate the actor’s reliance on web application flaws to achieve visibility and diplomatic pressure without deploying sophisticated malware or establishing long‑term footholds.

Incidents
Attributed incidents available to members
3 incidents
Sources
Sources available to members
1 source