A man allegedly behind a series of corporate cyberattacks in Canada is reportedly in custody. Bloomberg informed On Monday, the suspect, 26-year-old Alexander “Connor” Moucka, was arrested by authorities on an Oct. 30 provisional arrest warrant following a request from the United States. Hacks It targeted Snowflake’s corporate customersCloud data partner of AT&T, Live Nation and others.
The hacks targeted more than 100 organizations and led to the theft of millions of users’ personal information. Along with AT&T and Ticketmaster, that list includes Lending Tree, Advance Auto Parts and Neiman Marcus. AT&T declined to comment for this story. We also reached out to Live Nation but have not heard back. (We’ll update this story if you do.)
Krebs on security informed Moukka was named in multiple unsealed indictments by U.S. prosecutors and federal law enforcement agencies on Tuesday. The suspect allegedly took stolen credentials from cybercriminal forums (and similar places), betting that customers were reusing the same credentials elsewhere. He then allegedly used those logins to access the accounts of Snowflake’s corporate customers and threatened to sell the data on crime forums if they didn’t pay up. AT&T reported paid a ransom of $370,000 to the hacker to delete the records.
Krebs The online handles Mouckan uses says it corresponded to those A “prolific cybercriminal” who sits at the intersection of “Western, English-speaking cybercriminals and extremist groups who harass and extort minors to harm themselves or others.” The report alleges that Moucka is part of a hacker group called UNC5537, which also includes the “reluctant” American John Erin Binns, who is currently in Turkey. Binns was behind 2021 T-Mobile hack that affecting at least 76.6 million customers.
Snowflake pointed the finger at its corporate customers for failing to set up multi-factor authentication. “We have a broader problem in the security community and in enterprises where a lot of people don’t get the basics,” said Brad Jones, Snowflake’s Chief Information Security Officer. Bloomberg. But the apparent failure of Snowflake requires two-factor security sits on equal footing with its customers’ decisions not to set it up — especially with millions of customers’ data on the line.
Why did AT&T and other companies trust Snowflake with so much customer data? The wireless operator did not report this. Snowflake offers cloud-based data analysis services. In July, AT&T said that “almost all” of its customers had been hacked, meaning that nearly all of its subscribers had their data potentially analyzed by the wireless carrier’s cloud partner. A total of 110 million AT&T customers were reportedly affected.
Fortunately, AT&T said the breach did not involve the content of calls or texts. It did, however, include the phone numbers each account contacted and a tally of each customer’s calls, texts and call durations. It also contained cell site identification numbers. Cyber security expert Javad Malik told Engadget this summer the latter can “allow users to triangulate their locations”.