Arrest of a Cybercriminal Accused of Massive Data Theft from Snowflake
Articles by the same author:
1
2
3
4
Canadian law enforcement arrested Alexander Moucka, a 25-year-old Canadian citizen, on October 30, 2024, under a U.S.-issued arrest warrant. Bloomberg revealed on November 4, 2024, that this cybercriminal, operating under the aliases “Judische” and “Waifu,” was behind the spectacular hack of Snowflake’s storage units.
Attributed by Mandiant to a group called UNC5537, this extensive breach began in late 2023. It stemmed from Snowflake storing massive amounts of client data on accounts protected only by a username and password, without two-factor authentication.
Using stolen Snowflake credentials available on the dark web, UNC5537 managed to steal customer data from 160 major organizations worldwide. Among the victims, telecommunications operator AT&T admitted in July 2024 to the theft of call and text message data for nearly all of its clients, affecting 110 million people. In April 2024, “Judische” also claimed responsibility for hacking the Snowflake database of Santander Bank.
According to Mandiant, the two masterminds behind UNC5537 are Alexander Moucka and an American fugitive in Turkey, John Erin Binns. The latter is already wanted by the U.S. Department of Justice (DoJ) for the theft of personal data from 76.6 million T-Mobile customers in 2021. The Snowflake hacking investigation also unveiled the involvement of another cybercriminal, “Kiberphant0m,” who was allegedly tasked by Judische to sell databases of companies refusing to pay a ransom.
According to cybersecurity researcher Brian Krebs, Alexander Moucka is also reportedly involved in a vast network of harassment and extortion targeting minors. The DoJ has filed several indictments against him related to various cybercrime cases, which are currently sealed.