SafetyDetectives
$ United States dollar
$ United States dollar Euro£ British poundAED UAE dirhamARS Argentine pesoAU$ Australian dollarBGN Bulgarian levR$ Brazilian realCA$ Canadian dollarCHF Swiss francCLP Chilean pesoCN¥ Chinese yuanCOP Colombian pesoCZK Czech korunaDKK Danish kroneEGP Egyptian poundHK$ Hong Kong dollarHUF Hungarian forintIDR Indonesian rupiah Israeli new shekelINR Indian rupee¥ Japanese yen South Korean wonMX$ Mexican pesoMYR Malaysian ringgitNOK Norwegian kroneNZ$ New Zealand dollarPLN Polish złotyRON Romanian leuRUB Russian rubleSAR Saudi riyalSEK Swedish kronaSGD Singapore dollar฿ Thai bahtTRY Turkish liraNT$ New Taiwan dollarUAH Ukrainian hryvnia Vietnamese DongZAR South African rand

Hacker Behind Snowflake Customer Breaches Arrested in Canada

Penka Hristovska
Penka Hristovska Senior Editor
Published on: November 7, 2024
Penka Hristovska Penka Hristovska
Published on: November 7, 2024 Senior Editor

Canadian authorities have apprehended a man believed to be responsible for a series of hacks that impacted around 165 customers of Snowflake.

Canada’s Department of Justice said police arrested Alexander “Connor” Moucka on October 30 based on a provisional arrest warrant issued at the request of the U.S. He is scheduled to appear in court today.

“As extradition requests are considered confidential state-to-state communications, we cannot comment further on this case,” said Ian McLeod, spokesperson for Canada’s Department of Justice, in a statement. He did confirm that Moucka “appeared in court later that afternoon and his case was adjourned to Tuesday November 5, 2024.”

Snowflake, a U.S.-based company that helps major firms analyze and store internal data, suffered a security breach earlier this year. The campaign was revealed in late May when the company announced that a small number of customers without multi-factor authentication were targeted by threat actors.

This breach affected approximately 165 organizations, including AT&T, Neiman Marcus, and possibly Ticketmaster. The attacker (or attackers) sourced the login credentials from various “infostealing” malware strains, some of which have been in use since 2020.

The hacker, known by the alias “Judische,” threatened to extort these organizations, claiming they would sell the stolen data on criminal forums if the companies didn’t comply with their demands for payment.

In May, Judische bragged on Telegram about successfully hacking several well-known victims of Snowflake. By September, he claimed to have profited $2 million from these transactions.

However, Judische made several significant mistakes that likely helped authorities track him down, such as unintentionally revealing his computer’s system information in a ransom video intended to pressure a victim into compliance.

Google’s Mandiant cybersecurity team actively monitored Judische’s activities and gathered approximately 300 indicators connected to his operations. The team collaborated with both U.S. and international law enforcement agencies to facilitate his capture.

About the Author
Penka Hristovska
Penka Hristovska
Senior Editor
Published on: November 7, 2024

About the Author

Penka Hristovska is an editor at SafetyDetectives. She was an editor at several review sites that covered all things technology — including VPNs and password managers — and had previously written on various topics, from online security and gaming to computer hardware. She’s highly interested in the latest developments in the cybersecurity space and enjoys learning about new trends in the tech sector. When she’s not in “research mode,” she’s probably re-watching Lord of The Rings or playing DOTA 2 with her friends.

Leave a Comment