Home Videos Suspect arrested in Snowflake data-theft attacks affecting millions

Suspect arrested in Snowflake data-theft attacks affecting millions

Nov 05, 2024 comments off
Suspect arrested in Snowflake data-theft attacks affecting millions

As an Amazon Associate I earn from qualifying purchases.

Woodworking Plans Banner

Attack Path UNC5537 has actually been utilized in attacks versus as numerous as 165 Snowflake consumers.

Credit: Mandiant

Attack Path UNC5537 has actually been utilized in attacks versus as numerous as 165 Snowflake clients.


Credit: Mandiant

None of the impacted accounts utilized multifactor authentication, which needs users to offer a one-time password or extra ways of authentication besides a password. After that discovery, Snowflake imposed necessary MFA for accounts and needed that passwords be at least 14 characters long.

Mandiant had actually recognized the danger group behind the breaches as UNC5537. The group has actually described itself as ShinyHunters. Snowflake provides its services under a design called SaaS (software application as a service).

“UNC5537 aka Alexander ‘Connor’ Moucka has actually shown to be among the most substantial hazard stars of 2024,” Mandiant composed in an emailed declaration. “In April 2024, UNC5537 introduced a project, methodically jeopardizing misconfigured SaaS circumstances throughout over a hundred companies. The operation, which left companies reeling from considerable information loss and extortion efforts, highlighted the disconcerting scale of damage a person can trigger utilizing off-the-shelf tools.”

Mandiant stated a co-conspirator, John Binns, was detained in June. The status of that case wasn’t instantly understood.

Ticketmaster, other consumers understood to have actually been breached consist of AT&T and Spain-based bank Santander. In July, AT&T stated that individual details and phone and text records for approximately 110 million clients were taken. WIRED later on reported that AT&T paid $370,000 in return for a guarantee the information would be erased.

Other Snowflake consumers reported by numerous news outlets as breached are Pure Storage, Advance Auto Parts, Los Angeles Unified School District, QuoteWizard/LendingTree, Neiman Marcus, Anheuser-Busch, Allstate, Mitsubishi, and State Farm.

KrebsOnSecurity reported Tuesday that Moucka has actually been called in numerous charging files submitted by United States federal district attorneys. Press reporter Brian Krebs stated particular charges and claims are unidentified since the cases stay sealed.

Find out more

As an Amazon Associate I earn from qualifying purchases.

You May Also Like

Laser Mapping Reveals Previously Unknown Maya City with Stone Pyramids in Mexico

Laser Mapping Reveals Previously Unknown Maya City with Stone Pyramids in Mexico

Fast Radio Bursts Mostly Come from Massive Star-Forming Galaxies

Fast Radio Bursts Mostly Come from Massive Star-Forming Galaxies

Scientists Investigate Inner Workings of DNA Methylation in Plants

Scientists Investigate Inner Workings of DNA Methylation in Plants

Lion Cavern in Eswatini is World’s Oldest Ochre Mine, Archaeologists Say

Lion Cavern in Eswatini is World’s Oldest Ochre Mine, Archaeologists Say

Neuroscientists Identify 16 Neuronal Types Involved in Human Sense of Touch

Neuroscientists Identify 16 Neuronal Types Involved in Human Sense of Touch

‘A flash of copper caught our attention’: 4,000-year-old dagger discovered deep in Italian cave

‘A flash of copper caught our attention’: 4,000-year-old dagger discovered deep in Italian cave

About the Author: tech