Cyber Incident Victim: Dutch Chamber of Commerce in Hong Kong

On December 25, 2016, the Dutch Chamber of Commerce in Hong Kong's website (dutchchamber.hk) suffered a breach by hacker Cryptolulz666, who collaborated with another individual known as Kapustkiy. The attackers exploited a SQL injection vulnerability in the website to access data belonging to approximately 200 users. Cryptolulz666 leaked half of the compromised records on Pastebin as proof of the intrusion, disclosing information about companies affiliated with the Chamber. The hacker stated this attack was part of a deliberate focus on Hong Kong-based entities, following a prior compromise of The Standard Hong Kong newspaper. He emphasized targeting the region to "make an impact," asserting "no country is safe" from such intrusions.

Cryptolulz666, identified as a former member of the "Powerful Greek Army" hacking group, had previously targeted government systems including the Russian Embassy in Armenia’s website (embassyru.am), Italian Government’s http://italiastartupvisa.mise.gov.it/, and Russia’s Federal Drug Control Service liquidation commission. The Dutch Chamber breach highlighted operational consequences of unaddressed SQL injection flaws, which the attacker described as foundational security failures. No remediation actions by the Chamber were detailed in available reports. The leaked data exposed business relationships but did not reportedly include financial or highly sensitive personal information. The incident underscored the attacker’s pattern of choosing symbolic targets to amplify concerns about cybersecurity preparedness in specific jurisdictions.