Cybercrime

Man arrested in Canada believed to be behind Snowflake customer breach

Connor Moucka was arrested last week at the behest of the United States, CyberScoop has learned.

November 5, 2024

Listen to this article

0:00

This feature uses an automated voice, which may result in occasional errors in pronunciation, tone, or sentiment.

In this photo illustration, A ticketmaster website is shown on a computer screen on November 18, 2022 in Miami, Florida. A person allegedly responsible for the Ticketmaster breash was in arrested in Canada last week. (Joe Raedle/Getty Images)

Canadian authorities have arrested a person suspected of orchestrating a series of data exfiltration attacks targeting customers of the data storage firm Snowflake.

Alexander “Connor” Moucka was taken into custody Oct. 30, based on a provisional arrest warrant, according to Canada’s Department of Justice. He is scheduled to appear in court Tuesday.

The Canadian Department of Justice confirmed to CyberScoop that the arrest was carried out at the request of the United States.

While the specific charges against Moucka remain undisclosed, insiders familiar with the case have identified him as a key figure behind the attacks. Presentations from cybersecurity researchers given earlier this year labeled the individual, who was known by several online monikers including “Judische” and “Waifu,” as a 26-year-old from Ontario, Canada. Moucka was arrested in Kitchener, a city in Ontario approximately 65 miles west of Toronto.

Attempts to reach Moucka have been unsuccessful. The FBI declined to comment. The White House did not respond to CyberScoop’s request for comment.

The breaches, which were discovered between April and July, affected major companies like AT&T, Ticketmaster and Santander. It was believed earlier this year that as many as 165 companies were impacted by the breach. Those responsible for the breaches tried to blackmail these companies by threatening to sell the stolen data on criminal forums.

Researchers found evidence that Judische collaborated with another hacker, John Binns, on the attack targeting AT&T, which the company said in July included records of “nearly all” of its customers’ data for a six-month period in 2022. Binns, previously indicted for an attack on T-Mobile in 2021, was arrested by Turkish authorities after the AT&T attack and remains in custody.

During a presentation at LabsCon earlier this year, a Mandiant researcher presented evidence that whomever is responsible for the Snowflake breaches is a member of “The Com,” an online ecosystem that includes groups engaging in cybercriminal activity, violence, extortion, kidnappings, shootings and robberies, according to researchers who track the activity and law enforcement officials.

Bloomberg was the first to report on Moucka’s arrest.