Canada Arrests Suspected Hacker Linked to Snowflake Data Breaches


Canadian authorities arrest a suspect linked to the Snowflake data breach, exposing vulnerabilities in cloud infrastructure. The breach impacted major companies, with attackers exploiting access to steal and ransom sensitive data.

Canadian authorities have arrested an individual suspected of being a key player in attacks that led to a data breach by exploiting vulnerabilities in the cloud data warehousing platform, Snowflake.

According to reports, Canadian authorities have arrested Alexander “Connor” Moucka for his suspected involvement in a series of cyberattacks targeting numerous companies, including Live Nation, AT&T, Live Nation, and Advance Auto Parts. 

Moucka, also known as Judische and Waifu, was apprehended on October 30, 2024, following a provisional arrest warrant issued by the U.S. government. 

The Role of Alexander Moucka

Reportedly, Moucka has been linked to a cyber crime network known as the Com Group, notorious for engaging in notorious activities, including hacking, extortion, and even physical attacks. The accused is believed to have collaborated with members of the Com Group, such as John Binns, who was arrested in Turkey earlier this year.

The attacks were carried out by exploiting stolen credentials obtained through prior malware infections. The initial compromise often occurred through contractor systems that were used for downloading games and pirated software.

The hacker was also active on the infamous cybercrime forum Breach Forum until April 2024. In one of his posts, he was selling the personal details of 3 million Australians.

Waifu on Breach Forums (Screenshot: Hackread.com)

The Snowflake Breach and Victim

In June 2024, Snowflake disclosed a data breach that affected a limited number of its customers. Subsequent investigations by cybersecurity firm Mandiant attributed the attacks to a financially motivated threat actor group known as UNC5537. This group, believed to have members based in North America and Turkey, targeted approximately 165 organizations.

Among the high-profile victims were AT&T, Live Nation, Advance Auto Parts, Twillio, Neiman Marcus, Santander Bank, and Ticketmaster, one of the world’s largest ticket sales and distribution companies.

In May 2024, Hackread.com exclusively reported on the data breach at Ticketmaster, in which hackers stole the personal and ticketing details of 560 million users. The breach was later confirmed by Ticketmaster’s parent company, Live Nation.

The next victim of the Snowflake vulnerability was AT&T which suffered a data breach in early 2024. The Los Angeles Unified School District (LAUSD) also experienced a data breach due to the exploitation of the Snowflake account, exposing the personal, contact, and location details of millions of students, teachers, and staff.

The exploitation of the vulnerability did not stop there. The attackers also extorted the affected companies by threatening to sell the stolen data on the dark web. AT&T, for instance, reportedly paid a ransom of $370,000 to prevent the release of sensitive information.

Waifu’s arrest took place just a few weeks after Brazil apprehended USDoD, a high-profile hacker responsible for breaching the FBI’s security platform InfraGard and compromising National Public Data (NPD), leaking personal details, including social security numbers, of 3.6 billion Americans and Canadians.

  1. Hackers Leak 10M ‘Unrefreshable’ Ticketmaster Ticket Barcodes
  2. Millions of US Voter Data Exposed in 13 Misconfigured Databases
  3. Central Tickets Confirms Breach as Hacker Leaks Data of 1M Users





Source link