A cybersecurity specialist at Google, Austin Larsen, revealed that the hacker behind a cybercrime campaign that impacted approximately 165 companies over the summer is still at large and has recently targeted a new set of organizations. The attacker, who had previously targeted customers of Snowflake Inc., has now turned their attention to American firms and critical infrastructure organizations in Russia and Bangladesh.
According to Larsen, the US victims of this cybercriminal are primarily in the healthcare, technology, and telecommunications industries. Despite the hacker openly bragging about their attacks to journalists and security researchers, they have managed to evade law enforcement, highlighting the challenges of tackling cross-border cybercrime facilitated by anonymizing communication services and a thriving black market for stolen credentials.
An analysis of the hacker’s online activities suggested that they are likely a male individual in their 20s based in Canada with apparent Nazi sympathies. However, Larsen refrained from disclosing the hacker’s identity or confirming whether it had been shared with law enforcement authorities.
The recent breach by the hacker involved stealing sensitive data from critical infrastructure companies in Russia and Bangladesh, a tactic that the cybercriminal has continued using. By infiltrating victim organizations through internet-based login portals using stolen passwords purchased on the dark web, the hacker, potentially working with accomplices, has amassed a substantial number of stolen credentials from various entities worldwide, posing a threat to data security and potentially engaging in extortion.
Larsen warned that the hacker continues to cause harm by compromising more companies and engaging in extortion. While the initial cybercrime campaign targeted companies like AT&T Inc., Live Nation Entertainment Inc., and Advanced Auto Parts Inc., the hacker has shifted focus away from Snowflake-related data to exploiting tools from another unnamed software provider.
The hacker, who had previously demanded $20 million for a complete set of Snowflake customer data, according to a pseudonymous communication verified by Larsen, has not seen any evidence of the data being purchased. A significant breakthrough in identifying the hacker came when Mandiant, a Google Cloud cyber unit, utilized technical infrastructure revealed in a video posted by the hacker to assist in their identification.
Larsen shared his findings at the LABScon cyber conference in Arizona, emphasizing the ongoing threat posed by the hacker to companies worldwide. The cybercriminal’s ability to target a wide range of organizations with stolen credentials highlights the need for enhanced cybersecurity measures to safeguard sensitive information and prevent extortion attempts.
The cybercrime landscape continues to evolve, with hackers exploiting vulnerabilities in digital infrastructure to access valuable data for illicit purposes. The challenge for law enforcement agencies lies in tracking and apprehending these cybercriminals who operate across borders and employ sophisticated methods to conceal their identities and activities.
As the hacker responsible for the recent string of cyberattacks remains at large, the need for international collaboration and advanced cybersecurity measures becomes increasingly imperative to counter the growing threat posed by cybercrime in today’s digital landscape.
©2024 Bloomberg L.P.