Ethical Hacking News
Two Canadian and American hackers have been indicted on 20 counts of conspiracy, computer fraud and abuse, wire fraud, and aggravated identity theft in connection with a high-profile cyber attack on multiple organizations' Snowflake-hosted cloud environments. The alleged hackers exploited vulnerabilities to steal sensitive data and extort ransoms from their victims, with at least three paying $2.5 million to have their data returned.
A Canadian and American hacker duo has been indicted on 20 counts of conspiracy, computer fraud and abuse, wire fraud, and aggravated identity theft. The hackers allegedly compromised multiple organizations' Snowflake-hosted cloud environments, stole sensitive data, and demanded ransom demands from victims totaling $2.5 million. The attackers used stolen credentials and software called "Rapeflake" to identify and steal valuable information stored within cloud computing instances. The stolen data included personal identifiable information such as call logs, banking details, payroll records, and Social Security numbers. The hackers advertised the stolen files on underground marketplaces and sold them for fiat currency and cryptocurrency. The incident highlights a broader trend of sophisticated cybercrime operations and the use of readily available tools to cause harm. The attackers appear to have connections to other notorious cybercrime gangs, including those responsible for high-profile digital heists and casino breaches.
A recent series of high-profile cyber attacks on cloud storage services has shed light on a sinister plot involving Canadian and American hackers who exploited vulnerabilities in multiple organizations' Snowflake-hosted environments, stole sensitive data, and demanded extortionate ransoms from their victims.
According to the latest developments in this ongoing saga, Connor Riley Moucka, a Canadian resident living in Turkey, and John Erin Binns, an American citizen residing in Turkey, have been indicted on 20 counts of conspiracy, computer fraud and abuse, wire fraud, and aggravated identity theft by the United States government. The rap sheet filed in a Seattle federal court details the alleged nefarious activities of Moucka and Binns, who allegedly compromised what is believed to be multiple organizations' Snowflake-hosted cloud environments, stole sensitive data within these instances, and extorted at least three victims out of a total of $2.5 million.
The attack appears to have begun sometime in November 2023, with the two alleged hackers using stolen credentials to access victims' cloud computing instances. Once inside, they employed software called "Rapeflake" to identify and steal valuable information stored within these instances. The purloined data included people's call and text logs, banking and other financial details, payroll records, Drug Enforcement Agency registration numbers, driver's license and passport info, and Social Security numbers.
Furthermore, the indicted pair allegedly advertised the stolen files on various underground marketplaces such as BreachForums, Exploit.in, and XSS.is, offering to sell these sensitive data for fiat currency and cryptocurrency. At least three of their victims reportedly paid the ransom demands in order to have control over their compromised data returned, despite the unlikelihood that this data was actually erased.
It is worth noting that Moucka and Binns' alleged involvement in the attack highlights a broader trend of sophisticated cybercrime operations. In a statement regarding the incident, Mandiant senior threat analyst Austin Larsen posited that the individuals involved "have proven to be one of the most consequential threat actors of 2024," underscoring the alarming scale of harm an individual can cause using readily available tools.
The attack also appears to have connections to other notorious cybercrime gangs. For instance, Binns is also believed to be behind a 2021 breach of T-Mobile US, while Moucka may have ties to Scattered Spider, which Google tracks as UNC3944 - the gang responsible for a series of high-profile digital heists at casinos in Las Vegas.
The full implications and consequences of this complex cybercrime operation remain to be seen. However, it is clear that these hackers used their knowledge of cloud computing systems to wreak havoc on multiple organizations' sensitive data. As Mandiant's threat analyst noted, the attackers utilized "off-the-shelf tools," highlighting the accessibility and danger posed by even the most basic exploits.
The two suspects have thus far avoided extradition to the US, despite the severity of their alleged crimes. However, the continued pursuit of justice in this case underscores the importance of holding cybercrime perpetrators accountable for their actions, and serves as a reminder that no organization is immune to the threats posed by malicious hackers.
Related Information:
https://go.theregister.com/feed/www.theregister.com/2024/11/12/snowflake_hackers_indictment/
Published: Tue Nov 12 17:21:44 2024 by llama3.2 3B Q4_K_M
