Canadian regulation enforcement authorities have arrested a person who’s suspected to have carried out a sequence of hacks stemming from the breach of cloud information warehousing platform Snowflake earlier this yr.
The person in query, Alexander “Connor” Moucka (aka Judische and Waifu), was apprehended on October 30, 2024, on the idea of a provisional arrest warrant, following a request by the U.S.
The event was first reported by Bloomberg and corroborated by 404 Media. The precise nature of the costs in opposition to Moucka is at present not identified.
In June 2024, Snowflake disclosed {that a} “restricted quantity” of its prospects have been focused as a part of a focused marketing campaign. Later, Google-owned Mandiant attributed it to a financially motivated risk group referred to as UNC5537.
“UNC5537 contains members based mostly in North America, and collaborates with a further member in Turkey,” the corporate assessed with reasonable confidence on the time, including roughly 165 organizations have been impacted.
A number of the focused firms included main companies resembling Advance Auto Elements, AT&T, LendingTree, Neiman Marcus, Santander, and Ticketmaster (Reside Nation).
In among the incidents, the risk actor(s) tried to extort the businesses by threatening to promote the stolen information on prison boards in the event that they did not pay up. AT&T reportedly paid the hackers $370,000 to delete the stolen information, in response to WIRED.
The assaults labored by leveraging stolen buyer credentials obtained through prior stealer malware infections to acquire preliminary entry. The investigation additionally discovered that the preliminary compromise of infostealer malware occurred on contractor techniques that have been used for downloading video games and pirated software program.
Experiences revealed by Krebs On Safety and 404 Media in September 2024 revealed that Judische is probably going based mostly in Canada and has connections to a broader cybercrime ecosystem referred to as the Com, which is thought to interact in bodily and digital assaults, typically resorting to violence, to achieve entry to accounts and steal funds from rivals.
Judische can also be believed to have collaborated with one other hacker referred to as John Binns, who was arrested in Turkey in Could 2024.
(It is a creating story. Please examine again for extra updates.)