Suspect arrested in Snowflake data-theft attacks affecting millions

You May Be Interested In:Errant reference in macOS 15.2 seems to confirm M4 MacBook Airs for 2025


Attack Path UNC5537 has used in attacks against as many as 165 Snowflake customers.

Credit:
Mandiant

Attack Path UNC5537 has used in attacks against as many as 165 Snowflake customers.


Credit:

Mandiant

None of the affected accounts used multifactor authentication, which requires users to provide a one-time password or additional means of authentication besides a password. After that revelation, Snowflake enforced mandatory MFA for accounts and required that passwords be at least 14 characters long.

Mandiant had identified the threat group behind the breaches as UNC5537. The group has referred to itself ShinyHunters. Snowflake offers its services under a model known as SaaS (software as a service).

“UNC5537 aka Alexander ‘Connor’ Moucka has proven to be one of the most consequential threat actors of 2024,” Mandiant wrote in an emailed statement. “In April 2024, UNC5537 launched a campaign, systematically compromising misconfigured SaaS instances across over a hundred organizations. The operation, which left organizations reeling from significant data loss and extortion attempts, highlighted the alarming scale of harm an individual can cause using off-the-shelf tools.”

Mandiant said a co-conspirator, John Binns, was arrested in June. The status of that case wasn’t immediately known.

Besides Ticketmaster, other customers known to have been breached include AT&T and Spain-based bank Santander. In July, AT&T said that personal information and phone and text message records for roughly 110 million customers were stolen. WIRED later reported that AT&T paid $370,000 in return for a promise the data would be deleted.

Other Snowflake customers reported by various news outlets as breached are Pure Storage, Advance Auto Parts, Los Angeles Unified School District, QuoteWizard/LendingTree, Neiman Marcus, Anheuser-Busch, Allstate, Mitsubishi, and State Farm.

KrebsOnSecurity reported Tuesday that Moucka has been named in multiple charging documents filed by US federal prosecutors. Reporter Brian Krebs said specific charges and allegations are unknown because the cases remain sealed.

share Paylaş facebook pinterest whatsapp x print

Similar Content

A glob of jelly can play Pong thanks to a basic kind of memory
A glob of jelly can play Pong thanks to a basic kind of memory
Review: Amazon’s 2024 Kindle Paperwhite makes the best e-reader a little better
Review: Amazon’s 2024 Kindle Paperwhite makes the best e-reader a little better
Image from Pixelmator of its app in use. "BOO" showing in the editing window.
Apple is snapping up one of the best non-Adobe image editors, Pixelmator
Errant reference in macOS 15.2 seems to confirm M4 MacBook Airs for 2025
Errant reference in macOS 15.2 seems to confirm M4 MacBook Airs for 2025
Temporary scalp tattoo can be used to record brain activity
Temporary scalp tattoo can be used to record brain activity
Illustration of a chatbot icon on a digital blue wavy background
AIs are more likely to mislead people if trained on human feedback 
The News Spectrum | © 2024 | News