Canadian Authorities Arrest Attacker Who Stole Snowflake Data

Canadian Authorities Arrest Attacker Who Stole Snowflake Data

November 5, 2024 at 05:56PM

Canadian authorities arrested Alexander “Connor” Moucka for allegedly compromising 165 Snowflake accounts. Known online as “Judische” and “Waifu,” he boasted about the hacks on Telegram. The breaches, linked to UNC5537, exploited credentials from previous infections, targeting companies like Ticketmaster and AT&T, with ransom demands up to $5 million.

### Meeting Takeaways:

1. **Arrest of Alexander “Connor” Moucka**:
– Canadian authorities arrested Moucka for allegedly orchestrating a campaign that compromised 165 Snowflake accounts.
– Scheduled court appearance today; details on arrest and extradition are limited.

2. **Aliases**:
– Moucka operated online under the aliases “Judische” and “Waifu.”

3. **Snowflake Company Overview**:
– Snowflake is a cloud-based data storage company using Amazon Web Services, Microsoft Azure, and Google Cloud Platform.

4. **Pre-Attack Bragging**:
– Prior to the attacks, Moucka, under the name Judische, bragged about hacking Snowflake victims on Telegram, raising suspicions.

5. **Security Vulnerability**:
– In May, Snowflake warned that a limited number of accounts were targeted; none were protected by multifactor authentication.

6. **Investigation Findings**:
– Google Mandiant investigated the breach and found that attackers accessed accounts using previously compromised credentials from information-stealer infections.

7. **Threat Actor Tracking**:
– The attackers are identified as UNC5537, with their campaign starting in April and targeting various organizations including Ticketmaster, Advanced Auto Parts, Neiman Marcus, State Farm, and AT&T.

8. **Ransom Demands**:
– UNC5537 has previously demanded ransoms between $300,000 and $5 million for deleting stolen data from compromised Snowflake accounts.

Full Article