Cyber Incident Victim: Venezuela Ministry of Defense
Date:
Jan 2017
Location:
Venezuela
Summary
A Venezuelan Ministry of Defense website was compromised by a hacker known as Kapustkiy, who claimed the attack as a protest against the country's political leadership. The breach exposed over 2,100 accounts containing sensitive personal and military data, including names, contact details, family information, and service statuses. The attacker exploited an unpatched vulnerability, asserting the intrusion targeted President Nicolás Maduro's governance amid reported national unrest. Kapustkiy indicated intentions to target additional Venezuelan government sites while maintaining broader global operations, citing the political situation as a primary motivator. The ministry had not publicly confirmed the incident or remediated the vulnerability at the time of reporting.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
The website esguarnacpuntademata.mil.ve, belonging to Venezuela’s Ministry of Defense, was compromised around January 7-8, 2017, by a hacker known as Kapustkiy. The attacker publicly disclosed the breach on January 9, 2017, claiming to have accessed and exfiltrated a database containing over 2,100 user accounts. The exposed records included sensitive personal and military information such as full names, email addresses, phone numbers, parents' names, and military service statuses. Kapustkiy provided a database dump to cybersecurity news outlet Softpedia, though independent verification of the data's authenticity and classification level remained pending at the time of reporting. The vulnerability exploited in the attack reportedly remained unpatched as of the article's publication date, with the compromised website remaining operational. Kapustkiy, an established security researcher with prior high-profile government website breaches, stated this intrusion differed from his previous activities due to its explicitly political motivation rather than coordinated vulnerability disclosure.
Kapustkiy attributed the attack to opposition against President Nicolás Maduro's administration, which he characterized as dictatorial, referencing Venezuela's ongoing political crisis and civil unrest. The hacker announced intentions to target additional Venezuelan government websites while maintaining operations against other nations' digital assets. Historical context provided in the report noted Kapustkiy's November 2016 breach of Italy's Dipartimento della Funzione Pubblica (exposing 45,000 accounts) and December 2016 compromise of the Russian Embassy in the Netherlands' consular department (accessing passport details), incidents where he subsequently collaborated with authorities to remediate vulnerabilities. No such cooperation occurred in this case, with no public evidence of containment efforts or technical responses from Venezuelan authorities by the article's publication. Softpedia's outreach to Venezuela's Ministry of Defense yielded no official response or confirmation of the incident at the time of reporting. The attacker reiterated plans to prioritize Venezuelan targets moving forward while continuing global operations.