Cyber Incident Victim: Armenian Embassies

On December 14, 2016, the website of the Russian embassy in Armenia (www.embassyru.am) was compromised by the hacker known as Cryptolulz, a former member of the Powerful Greek Army hacking group. The attacker exploited a blind SQL injection vulnerability to gain unauthorized access to the site’s backend database. Cryptolulz publicly disclosed the breach via Twitter, stating he had successfully penetrated the site and taken control of its database. Prior to the attack, he claimed to have attempted contact with the website administrators by email to report security concerns but received no response. After this lack of engagement, he proceeded to extract and leak a portion of the database to demonstrate the vulnerability. The compromised database, identified as a0014414_embassy, contained 36 tables, though Cryptolulz selectively leaked only the “user” table to avoid exposing potentially classified member records.

The leaked user credentials included administrative and editorial staff accounts, with data fields encompassing user IDs, names, roles, email addresses, login credentials, passwords, last visit IP addresses, last visit dates, and profile creation dates. Cryptolulz published this information on Pastebin, framing the action as an effort to raise awareness about inadequate security practices, stating authorities “don’t care much about security.” The hacker described his motivations as politically driven, consistent with his history of targeting government entities, including prior breaches of Mexican telecommunications websites and coordinated DDoS attacks against government and banking sites. At the time of the embassy breach, Cryptolulz announced his affiliation with a new hacking collective called Fallensec. No statements from embassy officials or remediation actions were documented in the source material following the disclosure.