Snowflake Attacker Arrested, Hellcat Targets Schneider, Whistleblower Granted Relief
Hello everyone! It’s November, and everyone is gradually getting into that holiday mood. But this festive season, do not let your carelessness wipe away your bank account. Don’t forget to double-check your cybersecurity setups before you get busy with the celebrations. Also, keeping yourself well-versed with the latest cyber events is a must so that you don’t fall prey to similar threat attacks.
This week, we will talk about the arrest of the notorious Snowflake attacker. Also, we will shed light on how the Hellcat ransomware attack targeted Schneider Electric. Lastly, you will get to know about the Columbian whistleblower and the case drop event.
Let’s get started with the week 1 bulletin!
Snowflake data attacker arrested in Canada
Alexander ‘Connor’ Moucka is allegedly the Snowflake offender who compromised the data of 165 Snowflake accounts. Canadian authorities have arrested him finally but are acting highly tight-lipped. They have not shared many details about the arrest, chances of extradition, or any other intricacies.
Connor is also known as Waifu and Judische.
But what’s this buzz around Snowflake?
Basically, it is a cloud-based data storage company based in America. Snowflake operates on three major platforms, namely Google Cloud, Amazon Web Services, and Microsoft Azure. In May 2024, Snowflake opened up about a data breach with a limited number of its users. The point worth noticing is that none of these user accounts were protected by the multi-factor authentication system.
As per the authorities, there are records of Connor bragging about hacking into the victims’ accounts on Telegram. Soon, the attacks were confirmed, and it is this point that makes a strong case against Connor. A Canadian suspect was recently arrested in connection with a cyberattack on Snowflake’s data infrastructure, highlighting the importance of email security protocols like DMARC, SPF, and DKIM in protecting against similar threats and reinforcing secure email communications.
Hellcat ransomware targeted Schneider Electric
The French industrial company, Schneider Electric, has fallen prey to cyberattacks, and the perpetrators are none other than the Hellcat group. As per an insider, the threat actor had breached the Jira tracking system and was demanding a $125,000 ransom.
The threat actors went ahead and wrote on their Tor-based leak website that sensitive details worth 40GB of compressed data had been compromised. They have also gone public on X and shared some insights on how they got access to Schneider’s data.
The threat actors have agreed to reduce the ransom to half if Schneider Electric acknowledges the data breach. In case the French industrial company fails to pay the ransom, the hackers have threatened to make all the data public. The most concerning thing at this moment is that this attack is the third one in a row within two years of span. While the first cyberattack targeted the business division of Schneider Electric, the second one involved MOVEit’s zero-day vulnerability.
Although the company has been tight-lipped about the incident, it has already jumped onto the investigation process. Schneider has said that there has been an instance of unauthorized access to Jira, the project execution tracking platform. Its global incident response team has already jumped into action to limit the impact and implement the mitigation steps.
Whistleblower gets much-needed relief from Ohio authorities!
Ohio-based independent researcher Connor Goodwolf got into trouble after alerting the local media regarding the recent cyberattack incident. He claimed that the July security breach was bigger and more damaging than the Ohio government and authorities spilled tea on.
The City of Columbus was targeted by threat actors on July 18, 2024. The government claimed that it had restricted the attack before the malware could do any harm.
However, Connor Goodwolf claimed that Ohio only shares half-baked truth. He believed that the personal data of the citizens had been stolen and that it included private data, names, Social Security Numbers, and so much more.
As a result, the City of Columbus sued the researcher, stating that his actions were inappropriate. They also sought a restraining order on Connor that would prevent him from accessing the stolen data on Dark Web.
However, almost two months later, Ohio finally dropped the case on Connor and has come to a settlement with him. Goodwolf seeks a complete dismissal of prejudice, which means that the City of Columbus won’t be in a position to try him for the same case ever again.
The Rhysida ransomware gang is behind this major cyberattack on the City of Columbus, Ohio. They were able to gain access to sensitive data such as dates of birth, names, residential addresses, bank account details, driver’s licenses, and so on. The city authorities sent out letters to over 500,000 victims to inform them about the data breach. The notice sent mentioned that all these data have already been published on the Dark Web. Ohio has assured the victims that it is working closely with third-party cybersecurity experts as well as law enforcement teams to mitigate the issue.