In the extortion campaign against Snowflake customers, cybercriminals are demanding ransom payments of between 300,000 and 5 million US dollars from up to 10 companies. This is reported by security experts investigating the attacks.
The hacker group UNC5537 stole login data to penetrate the Snowflake accounts of up to 165 customers and access sensitive data. According to Austin Larsen from the security company Mandiant, the campaign has now entered a “new phase”.
Data being auctioned online – security researchers under threat
The captured information is illegally offered for sale by the cyber criminals on darknet forums. The aim is to put pressure on the companies concerned by threatening to steal their data and to persuade them to pay substantial ransoms. “We assume that the perpetrators will continue to try to blackmail the victims,” says Larsen.
The gang’s actions are unscrupulous. Members from North America and Turkey are even said to have issued death threats against IT security researchers investigating their activities. In one case, artificial intelligence was even used to create fake naked pictures of a researcher in order to harass him.
Several cases already known
While Snowflake has stated that it is no longer detecting any unauthorized access to its servers and intends to complete its internal investigation soon, some customer companies have already admitted to the data theft. Ticketmaster’s parent company Live Nation and the technology group Pure Storage have already fallen victim to the blackmail campaign. The automotive supplier Advanced Auto Parts is also investigating possible incidents in connection with Snowflake.
In view of the complex and highly lucrative attacks, security experts have issued urgent warnings for companies. Everyone must now check whether they may have been targeted by UNC5537 and urgently strengthen their security precautions.