Cyber Incident Victim: Organization for Security and Co-operation in Europe

On December 14, 2016, the website of the Russian embassy in Armenia (www.embassyru.am) was compromised by the hacker known as Cryptolulz, a former member of the Powerful Greek Army hacking group. The attacker exploited a blind SQL injection vulnerability to gain unauthorized access to the embassy’s database, specifically the "a0014414_embassy" database containing 36 tables. Cryptolulz publicly claimed responsibility via Twitter, stating he had successfully penetrated the site and taken control of its database. His stated motivation was to expose inadequate security practices, asserting that authorities "don’t care much about security." Prior to the breach, Cryptolulz attempted to contact website administrators via email regarding the vulnerability but received no response. After this lack of engagement, he proceeded to extract and leak a portion of the database.

The attacker selectively disclosed the "user" table from the compromised database, which contained administrative credentials, staff emails, login details, passwords, IP addresses from last visits, and account creation dates. Cryptolulz deliberately avoided leaking other tables that might contain classified member records. The stolen data was published on Pastebin, potentially exposing embassy staff and operational security. Cryptolulz described his actions as politically motivated hacking, consistent with his history of targeting government entities, including a Mexican telecommunications website and multiple DDoS attacks against banks and government sites. The incident highlighted vulnerabilities in diplomatic digital infrastructure, though no remediation efforts or responses from the embassy were documented in available sources. Following the breach, Cryptolulz announced his affiliation with the Fallensec hacking group, continuing his activities within a collective framework.