The hacker suspected of launching a series of major breaches involving data stored on Snowflake accounts was arrested in Canada last week after a request was issued by US officials. The individual in question, Alexander "Connor" Moucka (aka Judische and Waifu), was apprehended on 30 October 2024, on the basis of a provisional arrest warrant, following a request by the US.[1] The arrest of Moucka was first reported by Bloomberg and 404Media on earlier this week. “He appeared in court later that afternoon and his case was adjourned to Tuesday November 5, 2024,” the Canadian Justice Department said. “As extradition requests are considered confidential state-to-state communications, we cannot comment further on this case.”[2] Canada’s Justice Department declined to answer other questions about what charges Moucka is facing, whether he will also face charges in Canada, whether any devices were seized during his arrest and whether he was arrested alongside anyone else.
At least two sources told Bloomberg that the charges against Moucka are related to a string of about 165 data breaches earlier this year, when hackers stole login information to employee accounts on Snowflake. Those affected include AT&T, Ticketmaster, Advance Auto Parts, one of the largest school districts in the US, Neiman Marcus, Santander, LendingTree and more.
The breaches caused alarm globally due to the sizable amount of information stolen. The AT&T hacker stole the logs of calls and texts of more than 100 million customers. The Ticketmaster breach involved about 560 million users. Shortly after the Bloomberg story was released, 404Media said it had allegedly been speaking to Moucka but had not gotten a response from him over the last week. Moucka reportedly told the outlet that he expected to be arrested and had been destroying evidence in advance of his detainment.
In May, Snowflake hired Mandiant to investigate the incident and confirmed that there was no issue with their platform’s security. The hackers, according to Mandiant, stole still-valid credentials dating back to 2020 and were able to access company accounts through those login details. Mandiant said at the time that the hackers behind the campaign are “based in North America, and collaborates with an additional member in Turkey.”
At least one of the alleged Turkey-based hackers, John Erin Binns, was detained by Turkish authorities in May after being indicted for his role in a previous hack of telecom T-Mobile.
This article is shared at no charge for educational and informational purposes only.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. We provide indicators of compromise information via a notification service (RedXray) or an analysis service (CTAC). For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or feedback@redskyalliance.com
Weekly Cyber Intelligence Briefings:
- Reporting: https://www.redskyalliance.org/
- Website: https://www.redskyalliance.com/
- LinkedIn: https://www.linkedin.com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://register.gotowebinar.com/register/5378972949933166424
[1] https://thehackernews.com/2024/11/canadian-suspect-arrested-over.html
[2] https://therecord.media/alleged-snowflake-hacker-detained-in-canada/
Comments