Article Details
Scrape Timestamp (UTC): 2024-11-05 05:09:18.303
Source: https://thehackernews.com/2024/11/canadian-suspect-arrested-over.html
Original Article Text
Click to Toggle View
Canadian Suspect Arrested Over Snowflake Data Breach and Extortion Attacks. Canadian law enforcement authorities have arrested an individual who is suspected to have conducted a series of hacks stemming from the breach of cloud data warehousing platform Snowflake earlier this year. The individual in question, Alexander "Connor" Moucka (aka Judische and Waifu), was apprehended on October 30, 2024, on the basis of a provisional arrest warrant, following a request by the U.S. The development was first reported by Bloomberg and corroborated by 404 Media. The exact nature of the charges against Moucka is currently not known. In June 2024, Snowflake disclosed that a "limited number" of its customers were targeted as part of a targeted campaign. Later Google-owned Mandiant attributed it to a financially motivated threat group called UNC5537. "UNC5537 comprises members based in North America, and collaborates with an additional member in Turkey," the company assessed with moderate confidence at the time, adding approximately 165 organizations were impacted. Some of the targeted companies included major corporations such as Advance Auto Parts, AT&T, LendingTree, Neiman Marcus, Santander, and Ticketmaster (Live Nation). In some of the incidents, the threat actor(s) attempted to extort the companies by threatening to sell the stolen data on criminal forums if they didn't pay up. AT&T reportedly paid the hackers $370,000 to delete the stolen data, according to WIRED. The attacks worked by leveraging stolen customer credentials obtained via prior stealer malware infections to obtain initial access. The investigation also found that the initial compromise of infostealer malware occurred on contractor systems that were used for downloading games and pirated software. Reports published by Krebs On Security and 404 Media in September 2024 revealed that Judische is likely based in Canada and has connections to a broader cybercrime ecosystem called the Com, which is known to engage in physical and digital attacks, sometimes resorting to violence, to gain access to accounts and steal funds from rivals. Judische is also believed to have collaborated with another hacker called John Binns, who was arrested in Turkey in May 2024. (This is a developing story. Please check back for more updates.)
Daily Brief Summary
Canadian Alexander Moucka, alias "Judische" or "Waifu," was arrested related to the breach of cloud data warehousing service Snowflake and subsequent extortion attacks on multiple companies.
The arrest occurred on October 30, 2024, following a U.S. provisional arrest warrant, with crimes linked to the financial threat group UNC5537, targeting around 165 organizations including major corporations like AT&T, Neiman Marcus, and Ticketmaster.
AT&T reportedly paid $370,000 to the hackers to destroy stolen data, highlighting the severity and impact of the extortion attempts.
The attackers used stolen customer credentials, primarily obtained through malware infections on systems handling pirated software and games, to facilitate initial access to victim networks.
This breach was initially detected and disclosed by Snowflake in June 2024, who described the attacks as targeted toward a limited number of its customers.
It was later discovered that Moucka might be a part of a broader cybercrime network known as the Com, which involves physical and digital crimes, including aggressive tactics against rivals.
Moucka is also believed to have collaborated with John Binns, a fellow hacker arrested earlier in May 2024 in Turkey.