Canadian Authorities Arrest Attacker Who Stole Snowflake Data

Canadian authorities arrested Alexander "Connor" Moucka, whom they believe orchestrated a malicious campaign that compromised 165 Snowflake accounts.

Moucka was scheduled to appear in court today, though limited information has been shared regarding his arrest or potential extradition. Online, Moucka reportedly went by the aliases "Judische" and "Waifu."

Snowflake is an American cloud-based data storage company operating on Amazon Web Services, Microsoft Azure, and Google Cloud Platform. Judische bragged about hacking several Snowflake victims on Telegram just before the attacks were confirmed, prompting suspicion.

In May, the storage vendor warned that a limited number of customer accounts were targeted by threat actors, none of which were protected by multifactor authentication.

Google Mandiant later investigated the breach and found that the attackers used previously compromised credentials from information-stealer infections to access these accounts.

The threat actor behind the attacks is tracked as UNC5537, with its campaign beginning in April and targeting organizations such as Ticketmaster, Advanced Auto Parts, Neiman Marcus, State Farm, AT&T, and others.

In the past, the threat actor has demanded ransom payments ranging from $300,000 to $5 million from organizations in exchange for deleting data it steals from their Snowflake accounts.
Don't miss the latest Dark Reading Confidential podcast, where we talk about NIST's post-quantum cryptography standards and what comes next for cybersecurity practitioners. Guests from General Dynamics Information Technology (GDIT) and Carnegie Mellon University break it all down. Listen now!