Canadian authorities have arrested a suspect in the rumored hacking attacks on at least 165 Snowflake customers. Alexander “Connor” Moucka may be facing extradition to the United States.
Canadian police arrested Moucka in late October at the request of the U.S. Bloomberg reports that he is due in court this week and may be extradited.
Alexander Moucka is the main suspect behind the Snowflake hacks earlier this year. As such, he is considered one of the major threat actors of the moment.
Hacked Snowflake accounts
In April of this year, hackers launched a campaign against more than a hundred companies to demand a ransom for stolen customer data. They did so using readily available tools. The cases where the modus operandi is known involved infostealer campaigns in which login credentials were captured. Sometimes that data had been stolen years ago.
Security firm Mandiant found no evidence showing that unauthorized access to Snowflake customer accounts was the result of a vulnerability in Snowflake’s systems. Each incident had compromised customer data as the cause. There was nothing wrong with the lock, but the affected companies had left the key on the lock, so to speak.
Read more: Mandiant reports at least 165 Snowflake customers affected in hacking campaign
About 165 companies were affected by the hack, at least that we know of. Known victims that had their data stolen included AT&T, Live Nation (Ticketmaster’s parent company), and Advanced Auto Parts.
Especially the news in late May about Ticketmaster, which lost the data of 560 million customers, got the ball rolling. Ticketmaster is a well-known player and a near-monopolist in ticket sales for concerts and performances by the biggest artists.
Extortion
After stealing the data, the hacker, (or hackers, since it is still unclear if there are more suspects), tried to monetize it.
When companies refused to pay, the malicious actors threatened to post the data on hacker forums and trade it. Rumors said that complete data sets were on offer for 20 million dollars. There is no evidence that such bulk data was actually sold.
Also read: List of Snowflake customers affected since Ticketmaster leak continues to grow