Cyber Incident Victim: National Assembly of Ecuador
Date:
Dec 2016
Location:
Ecuador
Summary
The National Assembly of Ecuador suffered a breach by the hacker Kapustkiy, who leaked stolen data through PasteBin. This incident followed a series of similar attacks attributed to the same actor, including compromises targeting the Venezuela Army, multiple Indian embassies in countries such as Switzerland and Libya, and government offices in Italy, Paraguay, Ghana, and Fiji. The hacker's activities demonstrated a pattern of infiltrating government and diplomatic entities globally, though specific technical details or motives behind the Ecuador breach were not disclosed in available reporting. The leak underscored ongoing vulnerabilities in public sector digital infrastructure exploited by the individual.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On or around December 4, 2016, the website of Ecuador's National Assembly (asambleanacional.gob.ec) was compromised by an individual or group using the alias Kapustkiy. The attacker publicly disclosed the breach by leaking stolen data through PasteBin, though the specific nature or volume of the exfiltrated information was not detailed in available reports. This incident formed part of a broader pattern of cyber intrusions attributed to Kapustkiy, who had previously targeted government entities across multiple continents. The hack occurred shortly after Kapustkiy's claim of breaching the Venezuela Army's systems, indicating a sustained focus on governmental and diplomatic digital infrastructure. No technical details regarding the attack vector, vulnerability exploited, or duration of unauthorized access were disclosed in the source material. Similarly, there was no public information about how the breach was detected, whether the National Assembly initiated incident response protocols, or if law enforcement agencies were notified.
Kapustkiy's activities during this period demonstrated a consistent pattern of targeting government websites, with confirmed breaches spanning at least 12 nations in the months preceding and following the Ecuador incident. Prior compromises included the High Commission of Ghana and Fiji in India, the India Regional Council, and the Italian Government's 'Dipartimento della Funzione Pubblica' Office. Subsequent to the Ecuador attack, Kapustkiy claimed intrusions against multiple Indian diplomatic missions, including embassies in Switzerland, Mali, Romania, Italy, Malawi, and Libya, as well as the Paraguay Embassy of Taiwan. The repeated use of PasteBin for data disclosure suggested a preference for immediate public exposure rather than covert data exfiltration or ransom demands. No verifiable information was available regarding operational disruptions, financial losses, or reputational damage specifically impacting Ecuador's National Assembly following the breach. The cumulative pattern of attacks indicated a focus on compromising official government web properties across geographically diverse targets, though the underlying motivations remained unconfirmed in available reporting.