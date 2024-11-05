Canadian Authorities Arrest Attacker Who Stole Snowflake Data

The suspect, tracked as UNC5537, allegedly bragged about hacking several Snowflake victims on Telegram, drawing attention to himself.

Dark Reading Staff, Dark Reading

November 5, 2024

1 Min Read
Snowflake company logo displayed on smartphone that a person's hand is holding
Source: GK Images via Alamy Stock Photo

Canadian authorities arrested Alexander "Connor" Moucka, whom they believe orchestrated a malicious campaign that compromised 165 Snowflake accounts.

Moucka was scheduled to appear in court today, though limited information has been shared regarding his arrest or potential extradition. Online, Moucka reportedly went by the aliases "Judische" and "Waifu."

Snowflake is an American cloud-based data storage company operating on Amazon Web Services, Microsoft Azure, and Google Cloud Platform. Judische bragged about hacking several Snowflake victims on Telegram just before the attacks were confirmed, prompting suspicion.

In May, the storage vendor warned that a limited number of customer accounts were targeted by threat actors, none of which were protected by multifactor authentication.

Google Mandiant later investigated the breach and found that the attackers used previously compromised credentials from information-stealer infections to access these accounts.

The threat actor behind the attacks is tracked as UNC5537, with its campaign beginning in April and targeting organizations such as Ticketmaster, Advanced Auto Parts, Neiman Marcus, State Farm, AT&T, and others.

In the past, the threat actor has demanded ransom payments ranging from $300,000 to $5 million from organizations in exchange for deleting data it steals from their Snowflake accounts.
Don't miss the latest Dark Reading Confidential podcast, where we talk about NIST's post-quantum cryptography standards and what comes next for cybersecurity practitioners. Guests from General Dynamics Information Technology (GDIT) and Carnegie Mellon University break it all down. Listen now! 

About the Author

Dark Reading Staff

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

See more from Dark Reading Staff
Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
Subscribe

You May Also Like

More Insights
Webinars
More Webinars

Editor's Choice

A virtual computer screen above a keyboard
Vulnerabilities & Threats
OWASP Beefs Up GenAI Security Guidance Amid Growing DeepfakesOWASP Beefs Up GenAI Security Guidance Amid Growing Deepfakes
byRobert Lemos, Contributing Writer
Nov 4, 2024
5 Min Read
The words "Zero Trust" in purple on two sides of a cube; blue, digital background
Vulnerabilities & Threats
How to Win at Cyber by Influencing PeopleHow to Win at Cyber by Influencing People
byGregory R. Simpson
Nov 5, 2024
5 Min Read
A job classifieds newspaper
Application Security
Cybersecurity Job Market Stagnates, Dissatisfaction AboundsCybersecurity Job Market Stagnates, Dissatisfaction Abounds
byTara Seals, Managing Editor, News, Dark Reading
Oct 31, 2024
4 Min Read
Reports
More Reports
Webinars
More Webinars
White Papers
More Whitepapers