Canadian authorities have arrested a man in connection with the series of Snowflake-related breaches earlier this year.
Along with alleged co-conspirator John Binns, Alexander 'Connor' Moucka is believed to have been behind the widespread campaign that breached around 165 companies by targeting cloud storage provider Snowflake.
According to reports, Moucka - known online as Judische and Waifu - was arrested following a request by the US and could face extradition. While officials have confirmed that he has been arrested on a provisional warrant and has appeared in court, there's no information on the precise charges he faces.
The attackers, known as UNC5537 or ShinyHunters, are believed to be mainly from North America, with Binns based in Turkey.
They leveraged the stolen credentials of an employee purchased on the dark web to compromise misconfigured SaaS instances at companies that had failed to use multi-factor authentication (MFA) on their Snowflake accounts.
Those affected included AT&T, Neiman Marcus, Ticketmaster, Adobe, Santander, Western Union, and PepsiCo. The AT&T attack alone saw the theft of personal data and call and text logs for more than 100 million people - virtually all its customers - while Ticketmaster said the data of 560 million customers was impacted.
Companies were reported to have later received ransom demands of between $300,000 and $5 million in exchange for the deletion of their data.
"UNC5537, aka Alexander ‘Connor’ Moucka, has proven to be one of the most consequential threat actors of 2024. In April 2024, UNC5537 launched a campaign, systematically compromising misconfigured SaaS instances across over a hundred organizations," said.
"The operation, which left organizations reeling from significant data loss and extortion attempts, highlighted the alarming scale of harm a single individual can cause using off-the-shelf tools. This arrest serves as a deterrent to cyber criminals and reinforces that their actions have serious consequences."
Snowflake implemented sweeping changes in the wake of the incident earlier this year, and now enforces multi-factor authentication (MFA) for new accounts. The company also requires all passwords to be at least 14 characters long.
-
Security experts issue warning over the rise of 'gray bot' AI web scrapersNews While not malicious, the bots can overwhelm web applications in a way similar to bad actors
-
Does speech recognition have a future in business tech?Once a simple tool for dictation, speech recognition is being revolutionized by AI to improve customer experiences and drive inclusivity in the workforce
-
AT&T hacker says firm paid nearly $400,000 to have stolen data deletedNews The move by AT&T comes after a data breach exposed "nearly all" of the telecoms giant's 100 million customers
-
New Snowflake security policies mean admins can now enforce mandatory MFANews The changes come two months after a major breach affected dozens of Snowflake customers
-
With hundreds of Snowflake credentials published on the dark web, it’s time for enterprises to get MFA in order
News The recent Snowflake debacle highlights the need for more stringent enterprise MFA practices
-
Snowflake data breach claims spark war of words over culpabilityNews Snowflake CISO Brad Jones hit back at claims the Ticketmaster and Santander data breaches were caused by platform vulnerabilities
