Alleged 'Snowflake' Hacker Caught by Canadian Cybercrime Unit

Canadian authorities announced the apprehension of Alexander “Connor” Moucka, a suspect allegedly connected to a series of cybercrimes exploiting data from Snowflake Inc., a prominent cloud data warehousing company.

The suspect, also known as Waifu and Judische, is accused of orchestrating a targeted campaign that compromised the data integrity of roughly 165 Snowflake customers, including Ticketmaster and Neiman Marcus.

Threat Actor Aiming to Receive $20 Million for Stolen Data Set

“A person claiming to be behind the attacks spoke with Bloomberg News over Telegram earlier this year, saying that they were hoping to get $20 million for the full set of data they had stolen,” Bloomberg Canada reports. “No evidence suggests that bulk data was sold.”

The Snowflake breach came to light in June, when the company disclosed that it underwent an attack affecting a limited segment of its vast customer base. Security experts attributed the attacks to UNC5337, a North American financially motivated cybercrime group.

Perpetrators Used Infostealer Malware to Harvest Customer Credentials

The group was infamous for its preference for exploiting stolen credentials to facilitate data theft, extortion, and selling stolen documents on cybercrime forums.

Reportedly, threat actors harvested customer credentials using infostealer malware; some of the stolen details dated back to 2020, letting perpetrators use them for further malicious purposes.

Krebs and 404 Media Link Moucka to Cybercrime Communities

Ties between the cybercrime syndicate and the malicious campaigns started to grow stronger following reports by popular cyber journalist Brian Krebs and independent news outlet Media 404.

Their investigation linked Moucka to cybercrime online communities, notably one known as “The Com,” leading to his eventual arrest.

According to Canada's Department of Justice (DoJ), law enforcement made the arrest on October 30 under a US provisional arrest warrant. Ian McLeod, a spokesperson for the DoJ, noted that “extradition requests are considered confidential state-to-state communications,” so the specific charges against Moucka remain undisclosed.