1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Snowflake hacker may still be active, and hunting down new victim

    From TechnologyDaily@1337:1/100 to All on Mon Sep 23 12:15:05 2024
    Snowflake hacker may still be active, and hunting down new victims, experts claim

    Date:
    Mon, 23 Sep 2024 12:00:00 +0000

    Description:
    The number of victims is not in the hundreds, they say, but rather in the dozens.

    FULL STORY ======================================================================

    The hacker that managed to break into countless corporate Snowflake accounts and steal the data found inside is still active, researchers are saying. To this day, they are actively trying to extort money out of the victims of the attack that happened months ago.

    This is according to Mandiants senior threat analyst Austin Larsen,
    Cyberscoop reports. Larsen spoke during SentinelOnes LABScon security conference that took place last week and shared the news on the progress of the investigation. Mandiant was the company that Snowflake brought in to investigate the incident this spring, when it was first spotted.

    Back then, Mandiant said it was tracking the crook under the moniker UNC5537, but since then they said they go by either Judische, or Waifu. They are actively targeting software-as-a-service (SaaS) organizations, and the newest incident happened as recently as today, Larsen said. Brute-force

    In April this year, a threat actor mounted a brute-force attack against the cloud storage service provider Snowflake, since many of its customers were
    not using multi-factor authentication (MFA). They successfully broke into
    many organizations, including Santander Bank, Ticketmaster, and many others. Initially, it was thought that at least 165 organizations were compromised. However, Larsen now believes mere dozens of firms were affected.

    Mandiant obtained a series of private communications in which we were able to identify [Judische and associates] essentially coordinating and planning a
    lot of the Snowflake activity, in some cases, even telling the IP address
    that theyre dumping logs to, Cyberscoop cited Larsen.

    The group allegedly extorted between $2 million and $2.7 million, and continues to strike organizations to this day.

    The identity of the attacker is unknown, but the truth is slowly unraveling. Both Mandiant and cybersecurity journalist Brian Krebs believe the hacker is
    a 26-year-old software engineer located in Ontario, Canada.

    Via Cyberscoop More from TechRadar Pro Hundreds of Snowflake customers may have been hit by breach that stole "significant" data Here's a list of the best firewalls today These are the best endpoint protection tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/snowflake-hacker-may-still-be-active-an d-hunting-down-new-victims-experts-claim


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)