Hacking operations reach new heights as one of three Snowflake hackers defies capture.
On October 30th, one hacker, Alexander Moucka, was arrested and the second, Conor Riley Moucka, is currently locked up in Turkey. Both were arrested for extorting dozens of victims, including companies connected to the storage company Snowflake.
Despite these successful takedowns, a third actor is still on the loose. This prolific hacker, known as Kiberphant0m could well be a US military member stationed in South Korea.
What’s intriguing is the complexity of how such a bandit is still free and what his motive could be. As prominent journalist Brian Krebs writes on his blog, apparently Moucka assigned Kiberphant0m to offload data from Snowflake customers who refused to pay the ransom demanded initially.
The type of data available, whether personal or corporate, makes it particularly alluring and lucrative for such a cyber-terrorist. Though complex, a typical process involves data exfiltration followed by ransom demands or the selling off of the data.
That means sensitive business information could leak, leading to lost revenue or reputational damage. Moreover, individuals could fall victim to identity fraud and phishing scams.
The fact that Kiberphant0m is on the loose may prove tricky for the feds to investigate, given the labyrinthine nature of military systems, while jurisdictional challenges could complicate matters further.
For context, in January 2024, Kiberphant0m allegedly joined BreachForums and posted over 4000 messages in an effort to recruit people to deploy malware.
Then, in June 2024, using the alter ego “Buttholio,” he became active on Telegram and Discord channels, regularly bragging about breaching telecom channels. He also revealed he was a soldier and referenced gameplay from Escape from Tarkov.
This, coupled with Kiberphant0m previously extorting data from telecommunications companies Verizon and AT&T, means that it might not be long before he’s caught – especially considering the arrests of his accomplices.
On the other hand, given Kiberphant0m likely used "military-grade tools" in these attacks, his knowledge of governmental cyber architecture could make him harder to pin down.
Another of his alter-egos, Reverseshell, posted a photo of his military uniform in a Telegram forum called Cecilio back in November 2022.
He also went by Boxfan and posted anti-Korean sentiment on Breachforums in January 2024 “Nobody likes ur shit kpop you evil fucks. Whoever can dump this DB [database] congrats. I don’t feel like doing it so I’ll post it to the forum.’’
Finally, KrebsonSecurity managed to share an infographic with all his scandalous messages across various handles. After reaching out to him on Telegram, Kiberphant0m claimed he was trolling and using a fictitious persona.
He even claimed, “I literally can't get caught…’’ citing his residence outside the USA as the reason. For now, this cocky attitude remains, but how long it lasts remains to be seen.
Your email address will not be published. Required fields are markedmarked