Cyber Incident Victim: Russian Consular Department in the Netherlands
Date:
Dec 2016
Location:
Netherlands
Summary
A hacker using the alias Kapustkiy breached the website of the Russian Consular Department in the Netherlands, claiming theft of approximately 30,000 records containing passport numbers, email addresses, phone numbers, and IP addresses. The attacker released a sample of over 6,000 records, with multiple victims confirming the accuracy of their compromised data, including expired passport details. Kapustkiy stated the intrusion was intended to expose security vulnerabilities and conducted the attack in affiliation with the New World Hackers group, while the targeted consular department did not publicly respond to requests for comment regarding the incident.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 2 actors | Available to members | Available to members |
Description
On December 12, 2016, a hacker using the alias Kapustkiy publicly claimed to have compromised the website ambru.nl, operated by the Consular Department of the Embassy of the Russian Federation in the Netherlands. Kapustkiy asserted he exfiltrated approximately 30,000 records containing personal data from individuals who had used the visa and consular services website. The compromised data included email addresses, phone numbers, passport numbers, and IP addresses. Kapustkiy announced his intention to publish roughly 1,000 records as proof of the breach, stating his motivation was to alert the consulate to the security vulnerability. He provided Motherboard journalists with a sample file containing over 6,000 records for verification. Motherboard contacted randomly selected individuals from the sample; three confirmed they had used ambru.nl’s services, with two verifying their outdated passport numbers and phone numbers matched the leaked data. The third individual confirmed their phone number but could not definitively verify the passport number.
The Consular Department did not respond to multiple requests for comment regarding the breach or its remediation efforts. Kapustkiy claimed affiliation with the hacking group New World Hackers during the attack and identified himself as 17 years old in communications with Motherboard. The theft of passport numbers presented significant risks to affected individuals, as such identifiers cannot be easily altered or replaced when submitted to government entities. While some compromised passport numbers were expired, the breach exposed victims to potential identity fraud with limited recourse for mitigation. No information was disclosed regarding how Kapustkiy gained access to the systems, whether the breach was detected by the consulate prior to his announcement, or any containment measures implemented by the embassy. The incident underscored the exposure of sensitive government-held data to relatively low-complexity attacks.