For much of this summer, a mysterious group of hackers carried out a historic series of major data breaches, all targeting customers of cloud data storage company Snowflake. Now, an alleged hacker (who experts believe is the ringleader of that group) has been arrested in Canada and could be on his way to a US court.
On Mondays, Bloomberg and 404 Media reported that a Canadian man named Alexander Moucka, who also goes by the name Connor Moucka, was detained in late October on a provisional arrest warrant. Moucka then appeared at a court hearing today, November 5, as part of the extradition process. 404 Media first reported.
Under the hacker aliases Waifu and Judische, Moucka is believed to be a notorious figure in the cybercriminal underground, says Allison Nixon, a security researcher and research director at security firm Unit 221B, who has long followed his activity. online. She alludes to Moucka’s alleged hacking activity dating back to years before Snowflake’s breaches. “I was waiting for this one,” Nixon says. “Waifu was the leader of a group responsible for many major intrusions over the past half decade.”
Suspicious activity linked to Snowflake customer accounts was first detected in April, according to a June report. Mandiant, security company owned by Googlewho was employed by Snowflake to jointly investigate the hack. The first unknown victim’s Snowflake systems were accessed using login data that was previously taken by data-stealing malware, according to the report. Over the next two chaotic months, more than 165 Snowflake customers, according to the Mandiant report, potentially had data they stored on Snowflake systems exposed or stolen. The hacking spree saw hundreds of millions of records accessed from AT&T, Santander, Live Nation Entertainment, owner of Ticketmaster, and more.
Mandiant’s June report said that most of the compromised Snowflake accounts did not have multi-factor authentication enabled and were accessed using credentials collected from breach logs, some dating back to 2020. Since the breaches, Snowflake has updated their systems to require multi-factor authentication to be performed. activated by default.
A Snowflake spokesperson tells WIRED he has no comment on the arrest. Ian McLeod, a spokesman for Canada’s Department of Justice, says Moucka was arrested at the request of the United States. “As extradition requests are considered confidential state-to-state communications, we cannot comment further on this case,” McLeod says.