Man arrested in Canada believed to be behind Snowflake breach
Canadian authorities have arrested a person suspected of orchestrating a series of data exfiltration attacks targeting customers of the data storage firm Snowflake.
Alexander “Connor” Moucka was taken into custody Oct. 30, based on a provisional arrest warrant, according to Canada’s Department of Justice. He is scheduled to appear in court Tuesday.
The Canadian Department of Justice confirmed to CyberScoop that the arrest was carried out at the request of the United States.
While the specific charges against Moucka remain undisclosed, insiders familiar with the case have identified him as a key figure behind the attacks. Presentations from cybersecurity researchers given earlier this year labeled the individual, who was known by several online monikers including “Judische” and “Waifu,” as a 26-year-old from Ontario, Canada. Moucka was arrested in Kitchener, a city in Ontario approximately 65 miles west of Toronto.
Attempts to reach Moucka have been unsuccessful. The FBI declined to comment. The White House did not respond to CyberScoop’s request for comment.
The Snowflake breaches, which were discovered between April and July, affected major companies like AT&T, Ticketmaster and Santander. It was believed earlier this year that as many as 165 companies were impacted by the breach. Those responsible for the breaches tried to blackmail these companies by threatening to sell the stolen data on criminal forums.
Researchers found evidence that Judische collaborated with another hacker, John Binns, on the attack targeting AT&T, which the company said in July included records of “nearly all” of its customers’ data for a six-month period in 2022. Binns, previously indicted for an attack on T-Mobile in 2021, was arrested by Turkish authorities after the AT&T attack and remains in custody.
During a presentation at LabsCon earlier this year, a Mandiant researcher presented evidence that whomever is responsible for the Snowflake breaches is a member of “The Com,” an online ecosystem that includes groups engaging in cybercriminal activity, violence, extortion, kidnappings, shootings and robberies, according to researchers who track the activity and law enforcement officials.
Bloomberg was the first to report on Moucka’s arrest.