Cyber Incident Victim: Embassy of Armenia in Russia
Date:
Dec 2016
Location:
Armenia
Summary
A hacker breached the website of the Armenian embassy in Russia via a blind SQL injection vulnerability, compromising its database and exfiltrating administrative credentials. The attacker, identifying as Cryptolulz, claimed the intrusion aimed to highlight security negligence after unsuccessful attempts to alert site administrators. While accessing 36 database tables, only non-sensitive user records—including login details, emails, IP addresses, and timestamps—were leaked publicly to avoid exposing potentially classified member information. The actor, previously involved in government website breaches and DDoS attacks, described their activities as politically motivated and later affiliated with the Fallensec hacking group.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 2 actors | Available to members | Available to members |
Description
On December 14, 2016, the website of the Russian Embassy of Armenia (www.embassyru.am) was compromised by the hacker known as Cryptolulz, a former member of the Powerful Greek Army hacking group. The attacker exploited a blind SQL injection vulnerability to gain unauthorized access to the site’s backend database, specifically the "a0014414_embassy" database containing 36 tables. Cryptolulz publicly disclosed the breach via Twitter, stating he had successfully penetrated the site and taken control of its database. Prior to the attack, he attempted to notify the website administrators via email about security concerns but received no response. Following this lack of engagement, Cryptolulz extracted and leaked the "user" table from the database, which contained administrative credentials, staff emails, login details, passwords, IP addresses, and timestamps of last visits and profile creation dates. He deliberately avoided leaking other tables that might contain classified member records. The stolen data was published on Pastebin, exposing vulnerabilities in the embassy’s web infrastructure.
The breach was politically motivated, with Cryptolulz stating his intent was to "create awareness amongst the people and higher authorities" about inadequate security practices, noting, "I don’t think they care much about security." The compromise directly impacted the embassy’s operational security by exposing administrative accounts, potentially enabling further unauthorized access to embassy systems or sensitive communications. Cryptolulz’s actions aligned with his history of targeting government entities, including prior data leaks against Mexican telecommunications websites and DDoS attacks on banks and government platforms. At the time of the incident, Cryptolulz had recently joined the hacking collective Fallensec. No statements or remediation efforts from the embassy or Russian/Armenian authorities were documented in the source material following the disclosure. The attacker’s decision to leak only non-classified user credentials while withholding other database tables limited the immediate scope of data exposure but highlighted systemic security weaknesses in diplomatic digital assets.