www.securityweek.com
Open in
urlscan Pro
2606:4700:20::6818:a003
Public Scan
URL:
https://www.securityweek.com/suspected-snowflake-hacker-arrested-in-canada/
Submission: On November 06 via api from TR — Scanned from GB
Submission: On November 06 via api from TR — Scanned from GB
Form analysis 4 forms found in the DOM
GET https://www.securityweek.com/
<form method="get" id="zox-search-form" action="https://www.securityweek.com/">
<input type="text" name="s" id="zox-search-input" value="Search" onfocus="if (!window.__cfRLUnblockHandlers) return false; if (this.value == "Search") { this.value = ""; }"
onblur="if (!window.__cfRLUnblockHandlers) return false; if (this.value == "Search") { this.value = ""; }">
<input type="submit" id="zox-search-submit" value="Search">
</form>Name: ccoptin — POST https://visitor.constantcontact.com/d.jsp
<form class="sw-newsletter-cc" style="" method="post" target="_blank" action="https://visitor.constantcontact.com/d.jsp" name="ccoptin">
<input type="hidden" value="1102592012458" name="m">
<input type="hidden" value="oi" name="p">
<div class="form-item">
<input type="text" class="form-text required" value="" placeholder="Business Email Address..." size="60" name="ea" maxlength="128">
<input type="submit" class="submit" value="Subscribe" name="go">
</div>
</form>Name: ccoptin — POST https://visitor.constantcontact.com/d.jsp
<form class="sw-newsletter-cc" style="" method="post" target="_blank" action="https://visitor.constantcontact.com/d.jsp" name="ccoptin">
<input type="hidden" value="1102592012458" name="m">
<input type="hidden" value="oi" name="p">
<div class="form-item">
<input type="text" class="form-text required" value="" placeholder="Business Email Address..." size="60" name="ea" maxlength="128">
<input type="submit" class="submit" value="Subscribe" name="go">
</div>
</form>Name: ccoptin — POST https://visitor.constantcontact.com/d.jsp
<form class="sw-newsletter-cc" method="post" target="_blank" action="https://visitor.constantcontact.com/d.jsp" name="ccoptin">
<input type="hidden" value="1102592012458" name="m">
<input type="hidden" value="oi" name="p">
<div class="form-item">
<input type="text" name="ea" maxlength="128" placeholder="Business Email Address..." class="form-text required" required="">
<input type="submit" class="submit" value="Subscribe" name="go">
</div>
</form>Text Content
SECURITYWEEK NETWORK: * Cybersecurity News * Webcasts * Virtual Events ICS: * ICS Cybersecurity Conference * Malware & Threats * Cyberwarfare * Cybercrime * Data Breaches * Fraud & Identity Theft * Nation-State * Ransomware * Vulnerabilities * Security Operations * Threat Intelligence * Incident Response * Tracking & Law Enforcement * Security Architecture * Application Security * Cloud Security * Endpoint Security * Identity & Access * IoT Security * Mobile & Wireless * Network Security * Risk Management * Cyber Insurance * Data Protection * Privacy & Compliance * Supply Chain Security * CISO Strategy * Cyber Insurance * CISO Conversations * CISO Forum * ICS/OT * Industrial Cybersecurity * ICS Cybersecurity Conference * Funding/M&A * Cybersecurity Funding * M&A Tracker * Cybersecurity News * Webcasts * Virtual Events * ICS Cybersecurity Conference Connect with us * * * Hi, what are you looking for? SECURITYWEEK * Malware & Threats * Cyberwarfare * Cybercrime * Data Breaches * Fraud & Identity Theft * Nation-State * Ransomware * Vulnerabilities * Security Operations * Threat Intelligence * Incident Response * Tracking & Law Enforcement * Security Architecture * Application Security * Cloud Security * Endpoint Security * Identity & Access * IoT Security * Mobile & Wireless * Network Security * Risk Management * Cyber Insurance * Data Protection * Privacy & Compliance * Supply Chain Security * CISO Strategy * Cyber Insurance * CISO Conversations * CISO Forum * ICS/OT * Industrial Cybersecurity * ICS Cybersecurity Conference * Funding/M&A * Cybersecurity Funding * M&A Tracker CYBERCRIME CANADIAN AUTHORITIES ARREST SUSPECTED SNOWFLAKE HACKER Canadian authorities have arrested Alexander ‘Connor’ Moucka, suspected of hacking multiple Snowflake accounts earlier this year. By Ionut Arghire November 5, 2024 * * Flipboard Reddit Whatsapp Whatsapp Email Canadian authorities have reportedly arrested an individual suspected of orchestrating a large-scale campaign leading to the compromise of Snowflake accounts belonging to 165 organizations. The campaign came to light in late May, after Snowflake warned that a limited number of customers that did not have their accounts protected with multi-factor authentication were targeted by threat actors. In June, Mandiant, which was involved in investigating the attacks, revealed that the attackers used credentials compromised in previous information stealer infections to access the improperly protected accounts. The campaign, attributed to a threat actor tracked as UNC5537, started on April 14 and impacted organizations such as Ticketmaster, Santander Bank, Anheuser-Busch, Allstate, Advance Auto Parts, Mitsubishi, Neiman Marcus, Progressive, AT&T, and State Farm. The attackers were later said to have demanded ransom payments between $300,000 and $5 million from the victim organizations in exchange for deleting the data stolen from their Snowflake accounts. On October 30, Canadian authorities arrested Alexander ‘Connor’ Moucka, following a request from the US in relation to the Snowflake campaign, according to reports from Bloomberg and 404 Media. He is scheduled to appear in court on Tuesday. The Canadian authorities did not share information on Moucka’s arrest or his potential extradition, but people familiar with the matter reportedly confirmed that he was responsible for the Snowflake hacks. Moucka was reportedly known online as Judische and Waifu. In May, Judische boasted on Telegram about hacking several known Snowflake victims just before the hacks were publicly confirmed, investigative journalist Brian Krebs reported in September, noting that Waifu was one of the most successful SIM swappers known on underground forums. Advertisement. Scroll to continue reading. Krebs also noted in September that Judische is a 26-year-old software engineer from Ontario, Canada. Another individual believed to have been involved in the Snowflake hacks, namely John Erin Binns, was arrested in Turkey. Binns was indicted in the US for the 2021 T-Mobile data breach. “UNC5537 aka Alexander ‘Connor’ Moucka has proven to be one of the most consequential threat actors of 2024. In April 2024, UNC5537 launched a campaign, systematically compromising misconfigured SaaS instances across over a hundred organizations. The operation, which left organizations reeling from significant data loss and extortion attempts, highlighted the alarming scale of harm a single individual can cause using off-the-shelf tools,” Mandiant senior threat analysis Austin Larsen told SecurityWeek in an emailed statement. “This arrest serves as a deterrent to cybercriminals and reinforces that their actions have serious consequences,” Larsen added. With Binns arrested in Turkey, both suspects in the Snowflake campaign are now in custody, but a Mandiant spokesperson pointed out that the Google-owned security firm continues to respond to numerous intrusions perpetrated using stolen credentials and that infostealers pose a significant threat to organizations worldwide. *Updated with statement from Mandiant. Related: RedLine and Meta Infostealers Disrupted by Law Enforcement Related: It’s Time to Reassess Your Cybersecurity Priorities Related: Alabama Man Arrested in SEC Social Media Account Hack That Led the Price of Bitcoin to Spike Related: Author of Dryad and Rubella Macro Builders Arrested Written By Ionut Arghire Ionut Arghire is an international correspondent for SecurityWeek. MORE FROM IONUT ARGHIRE * FBI Seeking Information on Chinese Hackers Targeting Sophos Firewalls * City of Columbus Ransomware Attack Impacts 500,000 People * RedLine and Meta Infostealers Disrupted by Law Enforcement * Zenity Raises $38 Million to Secure Agentic AI * Canada Says Chinese Reconnaissance Scans Targeting Government Organizations * Apple Patches Over 70 Vulnerabilities Across iOS, macOS, Other Products * Russia Targeting Ukrainian Military Recruits With Android, Windows Malware, Google Says * Socure Acquires Risk Decisioning Company Effectiv for $136M LATEST NEWS * DocuSign Abused to Deliver Fake Invoices * Cybersecurity M&A Roundup: 37 Deals Announced in October 2024 * Google Patches Two Android Vulnerabilities Exploited in Targeted Attacks * Researcher Discloses 36 Vulnerabilities Found in IBM Security Verify Access * Schneider Electric Launches Probe After Hackers Claim Theft of User Data * 210,000 Impacted by Saint Xavier University Data Breach * US Sentences Nigerian to 26 Years in Prison for Stealing Millions Through Phishing * Google Says Its AI Found SQLite Vulnerability That Fuzzing Missed TRENDING DAILY BRIEFING NEWSLETTER Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts. WEBINAR: SHIELD YOUR DATA, SECURE YOUR FUTURE: A MULTI-LAYERED APPROACH TO OPERATIONAL RESILIENCE September 25, 2024 Join SecurityWeek and Hitachi Vantara for this this webinar to gain valuable insights and actionable steps to enhance your organization's data security and resilience. Register EVENT: ICS CYBERSECURITY CONFERENCE Oct. 21-24, 2024 | Atlanta The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity. Register PEOPLE ON THE MOVE Jared Bartel has been named CISO at Idaho State University. Automated phishing protection and scam prevention company Bolster has appointed Rod Schultz as CEO. Bugcrowd has appointed Trey Ford as CISO for the Americas. More People On The Move EXPERT INSIGHTS DESIGNING A FUTURE-FOCUSED CYBERSECURITY INVESTMENT STRATEGY CISOs must attempt to define a strategic approach to technology investment that will protect the business over the long term. (Marc Solomon) API SECURITY MATTERS: THE RISKS OF TURNING A BLIND EYE Willfully ignoring important security issues to make our lives easier is, unfortunately, something that does happen in the security field. (Joshua Goldfarb) BACK TO THE FUTURE, SECURING GENERATIVE AI While there are similar security challenges that parallel traditional security, we must understand that AI requires new ways to approach security. (Matt Honea) HOW TO IMPROVE THE SECURITY OF AI-ASSISTED SOFTWARE DEVELOPMENT CISOs need an AI visibility and KPI plan that supports a “just right” balance to enable optimal security and productivity outcomes. (Matias Madou) RISING TIDES: CHRISTIEN “DILDOG” RIOUX ON BUILDING PRIVACY AND WHAT MAKES HACKERS UNIQUE Veracode and Veilid Foundation co-founder discusses the "human rights issue" of accessible privacy and what makes hackers unique. (Jennifer Leggio) * * Flipboard Reddit Whatsapp Whatsapp Email * * * POPULAR TOPICS * Cybersecurity News * Industrial Cybersecurity SECURITY COMMUNITY * Virtual Cybersecurity Events * Webcast Library * CISO Forum * AI Risk Summit * ICS Cybersecurity Conference * Cybersecurity Newsletters STAY INTOUCH * Cyber Weapon Discussion Group * RSS Feed * Security Intelligence Group * Follow SecurityWeek on LinkedIn ABOUT SECURITYWEEK * Advertising * Event Sponsorships * Writing Opportunities * Feedback/Contact Us NEWS TIPS Got a confidential news tip? We want to hear from you. Submit Tip ADVERTISING Reach a large audience of enterprise cybersecurity professionals Contact Us DAILY BRIEFING NEWSLETTER Subscribe to the SecurityWeek Daily Briefing and get the latest content delivered to your inbox. * Privacy Policy Copyright © 2024 SecurityWeek ®, a Wired Business Media Publication. All Rights Reserved. DAILY BRIEFING NEWSLETTER Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time. Close