Snowflake hacker may still be active, and hunting down new victims, experts claim

The hacker that managed to break into countless corporate Snowflake accounts and steal the data found inside is still active, researchers are saying. To this day, they are actively trying to extort money out of the victims of the attack that happened months ago.

This is according to Mandiant’s senior threat analyst Austin Larsen, Cyberscoop reports. Larsen spoke during SentinelOne’s LABScon security conference that took place last week and shared the news on the progress of the investigation. Mandiant was the company that Snowflake brought in to investigate the incident this spring, when it was first spotted.

Back then, Mandiant said it was tracking the crook under the moniker UNC5537, but since then they said they go by either “Judische”, or “Waifu”. They are actively targeting software-as-a-service (SaaS) organizations, and the newest incident happened “as recently as today,” Larsen said.

Brute-force

In April this year, a threat actor mounted a brute-force attack against the cloud storage service provider Snowflake, since many of its customers were not using multi-factor authentication (MFA). They successfully broke into many organizations, including Santander Bank, Ticketmaster, and many others. Initially, it was thought that at least 165 organizations were compromised. However, Larsen now believes mere “dozens” of firms were affected.

Mandiant “obtained a series of private communications in which we were able to identify [Judische and associates] essentially coordinating and planning a lot of the Snowflake activity, in some cases, even telling the IP address that they’re dumping logs to,” Cyberscoop cited Larsen.

The group allegedly extorted between $2 million and $2.7 million, and continues to strike organizations to this day.

The identity of the attacker is unknown, but the truth is slowly unraveling. Both Mandiant and cybersecurity journalist Brian Krebs believe the hacker is a 26-year-old software engineer located in Ontario, Canada.

Via Cyberscoop

More from TechRadar Pro

https://cdn.mos.cms.futurecdn.net/37QNiscnBcfEK4bb9EcBd3-1200-80.jpg

Source link

Zoom is scaling back worker stock grants

AI is no silver bullet for workforce transformation without planning

The eSIM revolution: How digital SIMs align with today’s mobile habits

Visual AI: A Future-Proof Solution for Better Meetings Today

What UK political parties are promising in the 2019 general election

Otto Warmbier’s parents want North Korea to suffer for their son’s death

Could a ‘youthquake’ cause Boris Johnson to lose the general election?

People are driving through flames to escape this California wildfire

New ‘Westworld’ trailer introduces us to another dystopian tech company

What’s the point of ‘Charlie’s Angels’ without Sam Rockwell dancing?

These striking photos capture the future of human flight

‘Heathers’ is still the best dark comedy about high school hell

These are the shortest (and longest) daily commute times

U.S. billionaire Dan Friedkin agrees to buy EPL soccer club Everton

E Split Corp. Class A and Preferred Distributions By Investing.com

Southwest Airlines tells staff ‘difficult decisions’ ahead

The YouTuber who has become one of Gen Z’s most beloved celebrities

26 last-minute holiday gifts that are still thoughtful and unique

Practicing gratitude regularly can make you less stressed and sleep better

8 things millennials wish you would just stop getting them for the holidays

Snowflake hacker may still be active, and hunting down new victims, experts claim

These are the shortest (and longest) daily commute times

Zoom is scaling back worker stock grants

U.S. billionaire Dan Friedkin agrees to buy EPL soccer club Everton

AI is no silver bullet for workforce transformation without planning

Leave a reply Cancel reply