Suspect behind Snowflake data-theft assaults arrested in Canada

Canadian authorities have arrested a person suspected of getting stolen the information of lots of of thousands and thousands after concentrating on over 165 organizations, all of them clients of cloud storage firm Snowflake.

In keeping with Canada’s Division of Justice, Alexander “Connor” Moucka (aka “Waifu” and “Judische”) was taken into custody on Wednesday on the request of the USA and is scheduled to seem in courtroom once more right now, as first reported by Bloomberg and confirmed by 404 Media.

“Following a request by the United States, Alexander Moucka (a.k.a. Connor Moucka) was arrested on a provisional arrest warrant on Wednesday October 30, 2024,” Ian McLeod, a spokesperson for Canada’s Division of Justice, instructed BleepingComputer on Tuesday.

“He appeared in court later that afternoon and his case was adjourned to Tuesday November 5, 2024. As extradition requests are considered confidential state-to-state communications, we cannot comment further on this case.”

A joint investigation by SnowFlake, Mandiant, and CrowdStrike discovered that an attacker (tracked on the time as UNC5537) used buyer credentials stolen utilizing infostealer malware to focus on at the least 165 organizations that did not configure multi-factor authentication (MFA) safety on their SnowFlake accounts.

Snowflake attack flow
Snowflake assault stream (Mandiant)

That’s only a tiny a part of the 9,400 Snowflake clients, with the whole checklist together with among the largest firms worldwide, similar to Mastercard, Micron, NBC Common, Capital One, Adobe, AT&T, Kraft Heinz, Doordash, HP, Okta, PepsiCo, Siemens, US Meals, Western Union, Yamaha, and plenty of others.

Knowledge breaches linked to those assaults, which began in April 2024, have affected lots of of thousands and thousands of people utilizing the companies of AT&T, Ticketmaster, Santander, Pure Storage, Advance Auto Elements, Los Angeles Unified, QuoteWizard/LendingTree, and Neiman Marcus.

In late Might, Ticketmaster confirmed that information was stolen from its Snowflake account after a risk actor often called ShinyHunters started the information of 560 million Ticketmaster clients.

In July, AT&T additionally warned of a large information breach after risk actors stole the decision logs of roughly 109 million clients (almost all of its cellular clients) from a web-based database on the corporate’s Snowflake account between April 14 and April 25, 2024.

Snowflake has since introduced that it’s going to implement multi-factor authentication (MFA) for accounts created beginning in October 2024 and require that each one passwords be at the least 14 characters lengthy.

Recent articles

What’s CRM? A Complete Information for Companies

Buyer relationship administration software program is a gross sales...

Python Malware in Zebo-0.1.0 and Cometlogger-0.1 Discovered Stealing Consumer Information

KEY SUMMARY POINTs from the article   Malicious Packages Recognized: Zebo-0.1.0...

Researchers Uncover PyPI Packages Stealing Keystrokes and Hijacking Social Accounts

î ‚Dec 24, 2024î „Ravie LakshmananMalware / Information Exfiltration Cybersecurity researchers have...

Clop ransomware is now extorting 66 Cleo data-theft victims

The Clop ransomware gang began to extort victims...