---
title: "Snowflake Attacker Arrested, Hellcat Targets Schneider, Whistleblower Granted Relief | DMARC Report"
description: "Snowflake Attacker Arrested, Hellcat Targets Schneider, Whistleblower Granted Relief from DMARC Report explains practical steps for email authentication."
image: "https://dmarcreport.com/og/blog/snowflake-attacker-arrested-hellcat-targets-schneider-whistleblower-granted-relief.png"
canonical: "https://dmarcreport.com/blog/snowflake-attacker-arrested-hellcat-targets-schneider-whistleblower-granted-relief/"
---
Quick Answer
\_According to the FBI's 2022 Internet Crime Report (IC3), 300,497 US-based victims reported phishing incidents in a single year, and Business Email Compromise (BEC) caused more than $2.7 billion in direct losses. DMARC Report Snowflake Attacker Arrested, Hellcat Targets Schneider, Whistleblower Granted Relief
Related: [Free DMARC Checker](/tools/dmarc-checker/) ·[How to Create an SPF Record](/tools/spf-record-generator/) ·[SPF Record Format](/blog/spf-format-checker-dos-and-donts-for-email-authentication/)
Share
[ ](https://www.linkedin.com/sharing/share-offsite/?url=undefined%2Fblog%2Fsnowflake-attacker-arrested-hellcat-targets-schneider-whistleblower-granted-relief%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=Snowflake%20Attacker%20Arrested%2C%20Hellcat%20Targets%20Schneider%2C%20Whistleblower%20Granted%20Relief&url=undefined%2Fblog%2Fsnowflake-attacker-arrested-hellcat-targets-schneider-whistleblower-granted-relief%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=undefined%2Fblog%2Fsnowflake-attacker-arrested-hellcat-targets-schneider-whistleblower-granted-relief%2F "Share on Facebook") [ ](https://reddit.com/submit?url=undefined%2Fblog%2Fsnowflake-attacker-arrested-hellcat-targets-schneider-whistleblower-granted-relief%2F&title=Snowflake%20Attacker%20Arrested%2C%20Hellcat%20Targets%20Schneider%2C%20Whistleblower%20Granted%20Relief "Share on Reddit") [ ](mailto:?subject=Snowflake%20Attacker%20Arrested%2C%20Hellcat%20Targets%20Schneider%2C%20Whistleblower%20Granted%20Relief&body=Check out this article: undefined%2Fblog%2Fsnowflake-attacker-arrested-hellcat-targets-schneider-whistleblower-granted-relief%2F "Share via Email")
> From a product strategy perspective, DMARC reporting is evolving from a security tool to a business intelligence platform, says Brad Slavin, General Manager of DuoCircle. The data in aggregate reports tells you not just who’s spoofing you, but who’s sending legitimate email on your behalf - and whether they’re doing it correctly.
\_According to the [FBI’s 2022 Internet Crime Report (IC3)](https://www.ic3.gov/Media/PDF/AnnualReport/2022IC3Report.pdf), 300,497 US-based victims reported phishing incidents in a single year, and Business Email Compromise (BEC) caused more than $2.7 billion in direct losses. DMARC Report
Snowflake Attacker Arrested, Hellcat Targets Schneider, Whistleblower Granted Relief
```
```
/
```
```
RSS Feed
```
Share
Link
Embed
```
/\*! This file is auto-generated \*/ ’ title=“Embed Code” class=“input-embed input-embed-17799” readonly/>
```
```
Hello everyone! It’s November, and everyone is gradually getting into that holiday mood. But this festive season, do not let your carelessness wipe away your bank account. Don’t forget to \*\*double-check your [cybersecurity](https://dmarcreport.com/blog/major-cybersecurity-trends-that-will-reign-in-2024/) setups before you get busy with the celebrations. Also, keeping yourself well-versed with the latest cyber events is a must so that you don’t fall prey to similar [threat attacks](https://www.msspalert.com/news/fbi-blocks-chinese-threat-actors-menacing-u-s-critical-infrastructure).
This week, we will talk about the arrest of the notorious Snowflake attacker. Also, we will shed light on how the Hellcat [ransomware attack](https://www.cyberdaily.au/security/9900-threat-actors-target-austal-usa-in-ransomware-attack-us-navy-data-at-risk) targeted Schneider Electric. Lastly, you will get to know about the [Columbian whistleblower](https://www.theguardian.com/us-news/2022/sep/16/columbia-whistleblower-us-news-rankings-michael-thaddeus) and the **case drop event**.
Let’s get started with the week **1 bulletin**!
## Snowflake data attacker arrested in Canada
[Alexander ‘Connor’ Moucka](https://thenightly.com.au/politics/australia/man-arrested-after-cybercrime-investigation-into-software-breaches-that-affected-millions-of-australians-c-16649915) is allegedly the Snowflake offender who compromised the data of [165 Snowflake accounts](https://arstechnica.com/security/2024/11/suspect-arrested-in-snowflake-data-theft-attacks-affecting-millions/). \*\*Canadian authorities have arrested him finally but are acting highly tight-lipped. _They have not shared many details about the arrest, chances of extradition, or any other intricacies_.
Connor is also known as Waifu and Judische .
But what’s this buzz around Snowflake?
Basically, it is a cloud-based data storage company based in America. Snowflake operates on three major platforms, **namely Google Cloud**, [Amazon Web Services](https://en.wikipedia.org/wiki/Amazon%5FWeb%5FServices), and [Microsoft Azure](https://www.techtarget.com/searchcloudcomputing/definition/Windows-Azure). In May 2024, Snowflake opened up about a data breach with a limited number of its users. The point worth noticing is that none of these user accounts were protected by the [multi-factor authentication](https://www.onelogin.com/learn/what-is-mfa) system.
\_As per the authorities, there are records of Connor bragging about hacking into the victims’ accounts on Telegram. Soon, the attacks were confirmed, and it is this point that makes a strong case against Connor. \_A \*\*Canadian suspect was recently arrested in connection with a cyberattack on Snowflake’s [data infrastructure](https://www.zuar.com/blog/what-is-a-data-infrastructure/), highlighting the importance of [email security](https://dmarcreport.com/blog/an-overview-of-email-security-landscape-in-2023/) protocols like [DMARC](https://dmarcreport.com/), [SPF](https://dmarcreport.com/what-is-spf/), and [DKIM](https://dmarcreport.com/what-is-dkim/) in protecting against similar threats and reinforcing secure [email communications](https://writingcenter.unc.edu/tips-and-tools/effective-e-mail-communication/).
## Hellcat ransomware targeted Schneider Electric
The French industrial company, [Schneider Electric](https://www.controlglobal.com/industry-news/news/55126005/schneider-electric-projects-50-surge-in-us-industry-electrification-by-2030), has fallen prey to [cyberattacks](https://www.scworld.com/brief/cyberattack-confirmed-by-schneider-electric), and the perpetrators are none other than the **Hellcat group**. As per an insider, the threat actor had breached the [Jira tracking system](https://thenewstack.io/anti-agile-project-tracker-linear-the-latest-to-take-on-jira/) and was demanding a $125,000 ransom.
The threat actors went ahead and wrote on their Tor-based [leak website](https://www.foxnews.com/tech/2-7-billion-records-leaked-massive-us-data-breach) that \*\*sensitive details worth [40GB](https://www.securityweek.com/schneider-electric-launches-probe-after-hackers-claim-theft-of-user-data/) of compressed data had been compromised. They have also gone public on X and shared some insights on how they got access to Schneider’s data.
The threat actors have agreed to reduce the ransom to half if Schneider Electric acknowledges the [data breach](https://securityintelligence.com/news/national-public-data-breach-publishes-private-data-billions-us-citizens/). In case the \*\*French industrial company fails to pay the ransom, the hackers have threatened to make all the data public. _The most concerning thing at this moment is that this attack is the third one in a row within two years of span_. While the first cyberattack targeted the business division of Schneider Electric, the second one involved [MOVEit’s zero-day](https://www.logpoint.com/en/blog/moveits-zero-day-the-file-transfer-turmoil/) vulnerability.
Although the company has been tight-lipped about the incident, it has already jumped onto the **investigation process**. Schneider has said that there has been an instance of [unauthorized access](https://thehackernews.com/2024/06/ai-company-hugging-face-notifies-users.html) to Jira, the project execution tracking platform. Its global incident response team has already jumped into action to limit the impact and implement the mitigation steps .
## Whistleblower gets much-needed relief from Ohio authorities!
Ohio-based independent researcher [Connor Goodwolf](https://www.nbc4i.com/news/local-news/columbus/city-hack/columbus-drops-lawsuit-against-data-leak-whistleblower-connor-goodwolf-but-with-a-catch/) got into trouble after alerting the local media regarding the recent cyberattack incident. He claimed that the July security breach was bigger and more damaging than the \*\*Ohio government and authorities spilled tea on.
The City of Columbus \*\*was targeted by threat actors on July 18, 2024\. The government claimed that it had restricted the attack before the [malware](https://www.infosecurity-magazine.com/news/government-sector-236-surge/) could do any harm.
However, Connor Goodwolf claimed that Ohio only shares half-baked truth. He believed that the [personal data](https://www.northjersey.com/story/news/2024/08/23/national-public-data-probably-has-your-personal-information-was-it-leaked/74916027007/) of the citizens had been stolen and that it included **private data**, names, [Social Security Numbers](https://www.cbsnews.com/news/social-security-number-leak-npd-breach-what-to-know/), and so much more.
As a result, the City of Columbus sued the researcher, stating that his actions were inappropriate. They also \*\*sought a restraining order on Connor that would prevent him from accessing the stolen data on [Dark Web](https://www.usatoday.com/story/tech/2024/03/30/att-data-breach-leak-dark-web/73156048007/).
However, almost two months later, Ohio finally dropped the case on Connor and has come to a settlement with him. _Goodwolf seeks a complete dismissal of prejudice, which means that the City of Columbus won’t be in a position to try him for the same case ever again_.
The [Rhysida ransomware gang](https://www.bleepingcomputer.com/news/security/port-of-seattle-says-rhysida-ransomware-was-behind-august-attack/) is behind this major cyberattack on the City of Columbus, Ohio. They were able to gain access to [sensitive data](https://www.prnewswire.com/news-releases/dig-security-state-of-cloud-data-security-2023-report-finds-exposed-sensitive-data-in-more-than-30-of-cloud-assets-301902104.html) such as dates of birth, names, residential addresses, bank account details, driver’s licenses, and so on. The city authorities sent out letters to over \*\*500,000 victims to inform them about the data breach. The notice sent mentioned that all these data have already been published on the Dark Web. Ohio has assured the victims that it is working closely with [third-party](https://www.investopedia.com/terms/t/third-party.asp) cybersecurity experts as well as law enforcement teams to mitigate the issue.
## Topics
[ dkim ](/tags/dkim/)[ DMARC ](/tags/dmarc/)[ email security ](/tags/email-security/)[ News ](/tags/news/)[ SPF ](/tags/spf/)
[ Vasile Diaconu ](/authors/vasile-diaconu/)
Operations Lead
Operations Lead at DuoCircle. Runs project management, developer coordination, and technical support execution for DMARC Report.
[LinkedIn Profile →](https://www.linkedin.com/in/vasile-diaconu/)
## Take control of your DMARC reports
Turn raw XML into actionable dashboards. Start free - no credit card required.
[Start Free Trial](https://app.dmarcreport.com/) [Check Your DMARC Record](/tools/dmarc-checker/)
## Related Articles
[ Foundational 4m Akira flaunts victims, Idaho targets orthodontist, AI granny protects Nov 22, 2024 ](/blog/akira-flaunts-victims-idaho-targets-orthodontist-ai-granny-protects/)[ Foundational 4m Ambient Light Spying, Cybersecurity Prices Drop, Euro 2024 Threats Jul 10, 2024 ](/blog/ambient-light-spying-cybersecurity-prices-drop-euro-2024-threats/)[ Foundational 4m Banks Drop OTPs, Major Cyber Heist, Spying Spouses Arrested Jul 18, 2024 ](/blog/banks-drop-otps-major-cyber-heist-spying-spouses-arrested/)[ Foundational 4m Car Cameras Hackable, UK Water Breach, Thailand Frees Captives Feb 28, 2025 ](/blog/car-cameras-hackable-uk-water-breach-thailand-frees-captives/)
```json
{"@context":"https://schema.org","@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com","logo":{"@type":"ImageObject","url":"https://dmarcreport.com/images/dmarcreport-logo.png"},"description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.wikidata.org/wiki/Q138898167","https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.g2.com/products/dmarc-report/reviews","https://github.com/duocircle","https://www.crunchbase.com/organization/duocircle-llc","https://www.trustradius.com/products/duocircle/reviews"],"aggregateRating":{"@type":"AggregateRating","ratingValue":"4.8","reviewCount":"470","bestRating":"5","worstRating":"1","url":"https://www.g2.com/products/dmarc-report/reviews"},"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://dmarcreport.com/support/"},"knowsAbout":["DMARC","DMARC Reporting","DMARC Aggregate Reports","DMARC Forensic Reports","Sender Policy Framework","DKIM","Email Authentication","Email Security","DNS Management","Email Deliverability"]}
```
```json
{"@context":"https://schema.org","@type":"WebSite","name":"DMARC Report","url":"https://dmarcreport.com","description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","publisher":{"@type":"Organization","name":"DMARC Report","url":"https://dmarcreport.com","logo":{"@type":"ImageObject","url":"https://dmarcreport.com/images/dmarcreport-logo.png"},"description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}}
```
```json
[{"@context":"https://schema.org","@type":"BlogPosting","headline":"Snowflake Attacker Arrested, Hellcat Targets Schneider, Whistleblower Granted Relief","description":"Snowflake Attacker Arrested, Hellcat Targets Schneider, Whistleblower Granted Relief from DMARC Report explains practical steps for email authentication.","url":"https://dmarcreport.com/blog/snowflake-attacker-arrested-hellcat-targets-schneider-whistleblower-granted-relief/","datePublished":"2024-11-07T11:06:45.000Z","dateModified":"2026-04-16T15:53:43.000Z","dateCreated":"2024-11-07T11:06:45.000Z","author":{"@type":"Person","@id":"https://dmarcreport.com/authors/vasile-diaconu/#person","name":"Vasile Diaconu","url":"https://dmarcreport.com/authors/vasile-diaconu/","jobTitle":"Operations Lead","description":"Vasile Diaconu is the Operations Lead at DuoCircle, the company behind DMARC Report and AutoSPF. He coordinates between engineering, product, and technical support - running project management, interfacing with developers on customer-reported issues, and making sure work that comes in through the support channel actually gets closed out. Vasile sits at the intersection of customer feedback and engineering execution, giving him a direct view of which email authentication problems customers hit most often in production.","image":"https://media.mailhop.org/dmarcreport/images/team/vasile-diaconu.jpg","knowsAbout":["SaaS Operations","Technical Support Coordination","Customer Issue Resolution","Engineering Program Management","Deployment Operations"],"worksFor":{"@type":"Organization","name":"DMARC Report","url":"https://dmarcreport.com"},"sameAs":["https://www.linkedin.com/in/vasile-diaconu/"]},"publisher":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com","logo":{"@type":"ImageObject","url":"https://dmarcreport.com/images/dmarcreport-logo.png"},"description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.wikidata.org/wiki/Q138898167","https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.g2.com/products/dmarc-report/reviews","https://github.com/duocircle","https://www.crunchbase.com/organization/duocircle-llc","https://www.trustradius.com/products/duocircle/reviews"],"aggregateRating":{"@type":"AggregateRating","ratingValue":"4.8","reviewCount":"470","bestRating":"5","worstRating":"1","url":"https://www.g2.com/products/dmarc-report/reviews"},"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://dmarcreport.com/support/"},"knowsAbout":["DMARC","DMARC Reporting","DMARC Aggregate Reports","DMARC Forensic Reports","Sender Policy Framework","DKIM","Email Authentication","Email Security","DNS Management","Email Deliverability"]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://dmarcreport.com/blog/snowflake-attacker-arrested-hellcat-targets-schneider-whistleblower-granted-relief/"},"articleSection":"foundational","keywords":"dkim, DMARC, email security, News, SPF","wordCount":1112,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/dmarcreport/images/2022/04/dmarc-alignment-6379.jpg","caption":"Snowflake Attacker Arrested, Hellcat Targets Schneider, Whistleblower Granted Relief","width":900,"height":600},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}}]
```
```json
{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://dmarcreport.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://dmarcreport.com/blog/"},{"@type":"ListItem","position":3,"name":"Foundational","item":"https://dmarcreport.com/foundational/"},{"@type":"ListItem","position":4,"name":"Snowflake Attacker Arrested, Hellcat Targets Schneider, Whistleblower Granted Relief","item":"https://dmarcreport.com/blog/snowflake-attacker-arrested-hellcat-targets-schneider-whistleblower-granted-relief/"}]}
```