Cyber Incident Victim: Russian Visa Center in the US

On December 23, 2016, the hacker known as Kapustkiy compromised the Russian Visa Center in the United States (ils-us.com), a subsidiary of Invisa Logistic Services operating five U.S. offices facilitating Russian visa applications. The attacker exploited a SQL injection vulnerability in the organization’s website to gain unauthorized access to its database. Kapustkiy extracted records pertaining to approximately 3,000 individuals who had obtained Russian visas through the center, along with internal staff data. The compromised customer records included full names, email addresses, phone numbers, birthdates, and additional personal details. Staff records exposed usernames, encrypted passwords, permission levels, and other administrative information. Kapustkiy provided evidence of the breach to security researchers but refrained from public disclosure due to the sensitive nature of the data.

The hacker reported the intrusion to both the Russian Visa Center and the United States Computer Emergency Readiness Team (US-CERT) but received no response from the organization. This incident formed part of Kapustkiy’s broader pattern of global cyber activity during late 2016, which included breaches at the Costa Rica Embassy in China, the Slovak Chamber of Commerce (affecting 4,000 records), and multiple diplomatic entities across Europe, Asia, Africa, and South America. Specific prior targets involved governmental institutions such as the Argentinian Ministry of Industry, Ecuador’s National Assembly, Venezuela’s Army, and embassies representing Russia, India, Ghana, Fiji, Paraguay, and Italy. The breach exposed systemic vulnerabilities in the Russian Visa Center’s web infrastructure while demonstrating the attacker’s continued focus on diplomatic and governmental entities lacking robust SQL injection protections. No remediation actions or public statements by the affected organization were documented following the disclosure.