The Royal Canadian Mounted Police (RCMP) arrested Alexander Connor Moucka (Alexander Connor Moucka), a hacker suspected of carrying out large-scale attacks on Snowflake cloud systems. The crime, carried out under the aliases Judische and Waifu, led to the biggest data breaches of the year, including Ticketmaster and AT&T.
According to Mandiant, the hacker organized a series of attacks on Snowflake accounts through the use of infostealer malware, which allowed him to steal passwords and gain access to more than a hundred accounts. Companies like Santander Bank, Advance Auto Parts, and even Ticketmaster were affected, with more than half a billion records made available by the leak. Snowflake was not directly attacked, but many customer accounts were only protected by one-factor authentication, making it much easier for hackers to gain access.
The Mandiant report points to UNC5537 as the group responsible for these attacks. According to researchers, this is a financially motivated cybercriminal group whose members operate from North America and Turkey. A total of 165 companies were compromised, and the attacks themselves cost Santander millions of dollars.
In recent months, international law enforcement agencies have intensified their efforts in the fight against hacking, and these arrests are another example of this. At the same time, the incident highlights the need to strengthen security for corporate customers, including the implementation of multi-factor authentication.