Canadian regulation enforcement authorities have arrested a person who’s suspected to have performed a collection of hacks stemming from the breach of cloud information warehousing platform Snowflake earlier this 12 months.
The person in query, Alexander “Connor” Moucka (aka Judische and Waifu), was apprehended on October 30, 2024, on the premise of a provisional arrest warrant, following a request by the U.S.
The event was first reported by Bloomberg and corroborated by 404 Media. The precise nature of the costs in opposition to Moucka is at present not identified.
In June 2024, Snowflake disclosed {that a} “limited number” of its clients had been focused as a part of a focused marketing campaign. Later Google-owned Mandiant attributed it to a financially motivated risk group referred to as UNC5537.
“UNC5537 comprises members based in North America, and collaborates with an additional member in Turkey,” the corporate assessed with reasonable confidence on the time, including roughly 165 organizations had been impacted.
A few of the focused corporations included main firms resembling Advance Auto Components, AT&T, LendingTree, Neiman Marcus, Santander, and Ticketmaster (Stay Nation).
In a few of the incidents, the risk actor(s) tried to extort the businesses by threatening to promote the stolen information on felony boards in the event that they did not pay up. AT&T reportedly paid the hackers $370,000 to delete the stolen information, in accordance with WIRED.
The assaults labored by leveraging stolen buyer credentials obtained through prior stealer malware infections to acquire preliminary entry. The investigation additionally discovered that the preliminary compromise of infostealer malware occurred on contractor techniques that had been used for downloading video games and pirated software program.
Stories revealed by Krebs On Safety and 404 Media in September 2024 revealed that Judische is probably going based mostly in Canada and has connections to a broader cybercrime ecosystem referred to as the Com, which is understood to have interaction in bodily and digital assaults, generally resorting to violence, to achieve entry to accounts and steal funds from rivals.
Judische can also be believed to have collaborated with one other hacker referred to as John Binns, who was arrested in Turkey in Might 2024.
(This can be a growing story. Please test again for extra updates.)
