HQ/EMEAFind out how we can help your business
Canadian law enforcement agencies have apprehended an alleged suspect, a recent SnowFlake data theft campaign member. The incident has resulted in the loss of millions of dollars worth of data after targeting over 165 firms, all of which were Snowflake’s cloud storage customers.
The Canadian Department of Justice revealed that they arrested the suspect, Alexander Moucka, last week. He is also known by his hacker names, Waifu and Judische. The arrest was executed upon the request of the United States. Moucka is due to appear in court again today.
In addition, the Canadian DOJ spokesperson said that they arrested Moucka and issued a provisional arrest warrant on Wednesday, October 30, 2024, in response to a request from the United States.
The suspect appeared in court later that day, and his case was deferred until Tuesday, November 5, 2024. However, the Canadian government sector cannot provide further information on this matter since extradition requests are considered confidential state-to-state interactions.
The SnowFlake data theft event became successful after the threat actors leveraged stolen customers’ credentials to gain access and launch malware.
According to a joint investigation by law enforcement agencies, the SnowFlake data theft incident occurred after a hacker group, tracked at that time as UNC5537, used customers’ credentials to gain initial access to targeted devices.
These stolen credentials became the primary weapon of the threat actors, allowing them to target at least 165 organisations that failed to configure MFA protection on their SnowFlake accounts.
That is only a small sample of Snowflake’s 9,400 customers, which include some of the world’s largest corporations, including Adobe, AT&T, Doordash, HP, Okta, PepsiCo, Siemens, US Foods, Western Union, and many others.
Data breaches related to these attacks, which began in April 2024, have affected hundreds of millions of people who use AT&T, Ticketmaster, Santander, Pure Storage, Advance Auto Parts, Los Angeles Unified, and Neiman Marcus.
This event has forced Snowflake to demand multi-factor authentication (MFA) for all accounts created since last month. Lastly, the company will move its users to use a password with a minimum password length of 14 characters to avoid falling victim to another widespread malware campaign.
