Cyber Incident Victim: Embassy of Costa Rica in China

On December 22, 2016, the website of the Costa Rica Embassy in China (costaricaembassycn.com) became inaccessible following a breach by the hacker known as Kapustkiy. The attacker exploited multiple SQL injection vulnerabilities in the embassy’s WordPress-based platform, gaining access to a database containing 280 user login credentials. Kapustkiy publicly disclosed 50 of these records—including user IDs, email addresses, and encrypted passwords—on Pastebin as proof of the compromise. The published data dump, accessible at http://pastebin.com/hEWsuaq2, demonstrated direct access to the embassy’s systems. Immediate impact included the website’s prolonged downtime, rendering official digital services unavailable. No evidence suggested broader network infiltration beyond the compromised web application.

The breach exposed administrative credentials but did not confirm whether decryption of password hashes occurred. Kapustkiy claimed to have responsibly disclosed the SQL injection flaws to both the CNCERT/CC (China’s national computer emergency response team) and the embassy’s website administrators. This incident aligned with the hacker’s pattern of targeting governmental entities, including prior attacks on embassies and institutions in Slovakia, Nigeria, India, and Italy. The embassy provided no public statement regarding remediation timelines or additional security measures. Operational disruptions persisted through the initial disclosure period, with no subsequent reports confirming full restoration of services or secondary compromises stemming from the leaked credentials.