Canadian Suspect Apprehended in Connection with Snowflake Data Breach and Blackmail Offensives

Nov 05, 2024Ravie LakshmananData Breach / Cybercrime

Canadian authorities have detained an individual believed to be responsible for a sequence of breaches connected to the unauthorized access of cloud data warehousing platform Snowflake earlier

Nov 05, 2024Ravie LakshmananData Breach / Cybercrime

Canadian Suspect Arrested Over Snowflake Data Breach and Extortion Attacks

Canadian authorities have detained an individual believed to be responsible for a sequence of breaches connected to the unauthorized access of cloud data warehousing platform Snowflake earlier this year.

The person under suspicion, Alexander “Connor” Moucka (also known as Judische and Waifu), was taken into custody on October 30, 2024, following the issuance of a temporary arrest warrant, at the behest of the U.S.

The news was initially disclosed by Bloomberg and verified by 404 Media. At present, the specific allegations against Moucka remain undisclosed.

In June 2024, Snowflake revealed that a “limited number” of its clients were singled out in an orchestrated campaign. Mandiant, owned by Google, later attributed the incident to a profit-driven threat faction known as UNC5537.

Among the organizations targeted were prominent companies like Advance Auto Parts, AT&T, LendingTree, Neiman Marcus, Santander, and Ticketmaster (Live Nation).

In certain instances, the assailant(s) sought to blackmail the companies by threatening to trade the stolen information on illicit platforms if the ransom wasn’t paid. According to WIRED, AT&T purportedly remitted $370,000 to the hackers to eliminate the pilfered data.

The breaches were carried out by exploiting purloined client credentials obtained through prior stealer malware infiltrations to gain initial entry. The inquiry also revealed that the initial infiltration of infostealer malware occurred on contractor systems utilized for downloading games and pirated software.

Reports by Krebs On Security and 404 Media in September 2024 indicated that Judische is likely situated in Canada and has ties to a broader cybercrime network known as the Com, which is recognized for executing physical and digital incursions, at times resorting to force, to acquire account access and pilfer funds from adversaries.

It is also assumed that Judische collaborated with another hacker named John Binns, who was arrested in Turkey in May 2024.

(This is a developing story. Please check back for more updates.)

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

About Author

AndyC

Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.

See author's posts