Cybersecurity Breach News: Man Behind Snowflake Hacking Spree Arrested
In top cybersecurity news today, a 26-year-old Canadian man has been arrested for allegedly stealing data and extorting over 160 companies that use the cloud data service Snowflake.
Arrest of Notorious Hacker
Canadian authorities have arrested Alexander ‘Connor’ Moucka (aka Waifu and Judische) on October 30 on a request by US Law Enforcement, Bloomberg reported. He was arrested on suspicion he breached hundreds of accounts belonging to users of cloud storage provider Snowflake and is suspected of stealing data from millions of people.
The charges against Moucka weren’t immediately available. “As extradition requests are considered confidential state-to-state communications, we cannot comment further on this case,” said Ian McLeod, spokesperson for Canada’s Department of Justice.
Scale of the Cyberattack
More than 100 organizations were hacked which resulted in the theft of millions of users’ personal data. The affected companies include AT&T, Ticketmaster, Lending Tree, Advance Auto Parts, and Neiman Marcus. AT&T disclosed in July that threat actors had stolen personal information and phone and text messages records of nearly all its customers.
Mandiant’s Report
“UNC5537 aka Alexander ‘Connor’ Moucka has proven to be one of the most consequential threat actors of 2024. In April 2024, UNC5537 launched a campaign, systematically compromising misconfigured SaaS instances across over a hundred organizations. The operation, which left organizations reeling from significant data loss and extortion attempts, highlighted the alarming scale of harm a single individual can cause using off-the-shelf tools,” stated Mandiant senior threat analyst Austin Larsen. “This arrest serves as a deterrent to cybercriminals and reinforces that their actions have serious consequences,” he added.
Mandiant further reported that all the cybersecurity breaches it recorded were caused by login details for Snowflake accounts stolen by infostealer malware. These stolen credentials were kept in large logs for some time before they ended up in the hands of hackers, who used them to carry out the breaches. The said amount extorted from the 165 organizations is as much as $3 million in total.
Ongoing Threat from Infostealers
Sources involved in the investigation stated UNC5537 is focused on hacking telecommunications companies worldwide. Those sources told that Binns and Judische are suspected of stealing data from Bharat Sanchar Nigam Ltd. (BSNL), India’s largest state-run telecommunications firm. The duo even bragged they could redirect or intercept calls and text messages for a large part of the Indian population.
Both suspects in the Snowflake campaign are now in custody, with co-conspirator John Binns arrested in Turkey. A spokesperson from Mandiant said that the Google-owned security firm is still dealing with many attacks which are using stolen credentials. They emphasized that infostealers remain a major threat to organizations around the world.
