For a lot of this summer season, a mysterious group of hackers carried out a landmark spree of main information breaches, all focusing on prospects of the cloud information storage firm Snowflake. Now one alleged hacker—whom specialists imagine to be the ringleader of that group—has been arrested in Canada, and he could also be on his option to a US court docket.
On Monday, Bloomberg and 404 Media reported {that a} Canadian man named Alexander Moucka, who additionally goes by the title Connor Moucka, was detained on the finish of October on a provisional arrest warrant. Moucka then appeared in a court docket listening to at the moment, November 5, as a part of extradition proceedings, 404 Media first reported.
Underneath the hacker handles Waifu and Judische, Moucka is believed to be a infamous determine within the cybercriminal underground, says Allison Nixon, a safety researcher and the chief analysis officer at safety agency Unit 221B, who has lengthy tracked his on-line exercise. She alludes to Moucka’s alleged hacking exercise going again years previous to the Snowflake breaches. “I used to be ready for this one,” says Nixon. “Waifu was the chief of a bunch who was chargeable for many main intrusions over the past half decade.”
Suspicious exercise linked to Snowflake buyer accounts was first noticed in April, in line with a June report by Google-owned safety firm Mandiant, which was employed by Snowflake to collectively examine the hacking. The primary unknown sufferer’s Snowflake methods had been accessed utilizing login particulars that have been beforehand taken by infostealer malware, the report says. Over the subsequent couple of chaotic months greater than 165 Snowflake prospects, in line with Mandiant’s report, doubtlessly had information they saved in Snowflake’s methods, uncovered or stolen. Tons of of tens of millions of information from AT&T, Santander, Ticketmaster proprietor Dwell Nation Leisure, and extra have been accessed within the hacking spree.
Mandiant’s report in June stated that almost all of the compromised Snowflake accounts didn’t have multi-factor authentication turned on and credentials gathered from infostealer logs—some relationship again to 2020—have been used to entry them. For the reason that breaches, Snowflake has up to date its methods to require multi-factor authentication to be turned on by default.
A spokesperson for Snowflake tells WIRED it has no touch upon the arrest. Ian McLeod, a spokesperson for Canada’s Division of Justice, says Moucka was arrested following a request by the US. “As extradition requests are thought-about confidential state-to-state communications, we can’t remark additional on this case,” McLeod says.
