Hackers Demand as Much as $5 Million From Snowflake Clients

Cybercriminals are demanding payments of between $300,000 and $5 million apiece from as many as 10 companies breached in a campaign that targeted Snowflake Inc. customers, according to a security firm helping with the investigation.

Bloomberg
First Published18 Jun 2024, 12:44 AM IST
Hackers Demand as Much as $5 Million From Snowflake Clients
Hackers Demand as Much as $5 Million From Snowflake Clients

(Bloomberg) -- Cybercriminals are demanding payments of between $300,000 and $5 million apiece from as many as 10 companies breached in a campaign that targeted Snowflake Inc. customers, according to a security firm helping with the investigation.

The hacking scheme has entered a “new stage” as the gang looks to profit from the most valuable information it has stolen, said Austin Larsen, a senior threat analyst at Google’s Mandiant security business, which helped lead Snowflake’s inquiry. That includes auctioning companies’ data on illegal online forums to try to pressure them into making payments, he said.

“We anticipate the actor to continue to attempt to extort victims,” Larsen said.

Snowflake, a cloud-based data analytics firm, said on June 2 that hackers had launched a “targeted” effort directed against Snowflake users that used single-factor authentication techniques. The company declined to comment on any specific customers.

The hacking group used stolen login details to access the Snowflake accounts of as many as 165 Snowflake customers and steal data, Larsen said. It has used the stolen information in attempts to extort money from five to 10 of Snowflake’s customers, he said. It wasn’t immediately clear which of Snowflake’s clients have been affected.

Mandiant has attributed the attack to a group it calls “UNC5537,” with members based in North America and Turkey. Larsen said members of the gang have made death threats against cybersecurity experts investigating it. In one case, UNC5537 used artificial intelligence to create fake nude photos of a researcher to harass them, Larsen said.

Mandiant said it was investigating the “possibility” that a UNC5337 hacker collaborated with a diffuse cybercriminal group known as “Scattered Spider” on at least one intrusion within the past six months, however the nature of such a relationship remains murky. Cybersecurity vendor CrowdStrike Holdings Inc. assigned the Scattered Spider name to the group, which functions as a loose community.

Illicit data brokers are now seeking prices above typical black-market rates for the data stolen from Snowflake customers, possibly in the hopes of pressuring the affected firms to pay a ransom, Larsen said. Snowflake has said it plans to close its internal investigation into the hacking campaign and that it hadn’t detected any unauthorized access into its customers’ servers in recent days.

Ticketmaster owner Live Nation Entertainment Inc. said it had discovered “unauthorized access” within a third-party cloud database, which a person familiar with the matter said was hosted on Snowflake.

Since then, Pure Storage Inc. has also disclosed that it experienced a breach of a Snowflake workspace. Advanced Auto Parts said it was investigating reports that the company may have experienced Snowflake-related issues.

Mandiant on Monday released guidance for companies on how to detect UNC5537 hackers, based on recent activity. Credentials from several customers previously were exposed via so-called information-stealing malware, the company said. 

(Updated to include additional context in sixth and eleventh paragraphs.)

More stories like this are available on bloomberg.com

©2024 Bloomberg L.P.

Catch all the Corporate news and Updates on Live Mint. Download The Mint News App to get Daily Market Updates & Live Business News.MoreLess
First Published:18 Jun 2024, 12:44 AM IST
HomeCompaniesNewsHackers Demand as Much as $5 Million From Snowflake Clients

Most Active Stocks

Tata Steel

168.00
03:59 PM | 10 JUL 2024
-3.8 (-2.21%)

Indian Oil Corporation

171.95
03:59 PM | 10 JUL 2024
0.25 (0.15%)

Bharat Electronics

333.70
03:58 PM | 10 JUL 2024
-0.85 (-0.25%)

Ashok Leyland

225.95
03:52 PM | 10 JUL 2024
-2.4 (-1.05%)
More Active Stocks

Market Snapshot

  • Top Gainers
  • Top Losers
  • 52 Week High

Capri Global Capital

225.65
03:49 PM | 10 JUL 2024
11.15 (5.2%)

Vardhaman Textiles

532.60
03:47 PM | 10 JUL 2024
26 (5.13%)

India Cements

295.50
03:29 PM | 10 JUL 2024
13.85 (4.92%)

NLC India

276.40
03:59 PM | 10 JUL 2024
12.9 (4.9%)
More from Top Gainers

Recommended For You

    More Recommendations

    Gold Prices

    • 24K
    • 22K

    Fuel Price

    • Petrol
    • Diesel
    OPEN IN APP
    HomeMarketsCibilPremiumMint Shorts