The hacker allegedly behind several of the biggest cybersecurity incidents of 2024 consented to be extradited from Canada to the U.S.
Connor Riley Moucka, also known as Alexander Antonin Moucka, signed a consent order on Friday in Ontario Superior Court in Kitchener that would allow him to be transferred to U.S. custody to face multiple charges. The consent order was first reported by CyberScoop.
Canadian officials declined to say when Moucka would be extradited.
Moucka was arrested in October after U.S. authorities said he was involved in a wide-ranging cyberattack on Snowflake, a large data storage company. About 165 companies were breached in 2024 when hackers stole login information to employee accounts on Snowflake.
Those affected include AT&T, Ticketmaster, Advance Auto Parts, one of the largest school districts in the U.S., Neiman Marcus, Santander, LendingTree and more.
The breaches caused alarm globally due to the sizable amount of information stolen. The AT&T hacker stole the logs of calls and texts to more than 100 million customers. The Ticketmaster breach involved about 560 million users.
In May 2024, Snowflake hired Mandiant to investigate the incident and confirmed that there was no issue with the platform’s security. The hackers, according to Mandiant, stole still-valid credentials dating back to 2020 and were able to access company accounts through those login details.
Mandiant said at the time that the hacker behind the campaign is “based in North America, and collaborates with an additional member in Turkey.”
At least one of the alleged Turkey-based hackers, John Erin Binns, was detained by Turkish authorities in May after being indicted for his role in a previous hack of T-Mobile.
Moucka allegedly spoke to news outlet 404Media last year, telling them that he expected to be arrested and had been destroying evidence in advance of his detainment. In the U.S., he faces charges including conspiracy to commit computer fraud, accessing a protected computer, transmitting a threat, wire fraud and aggravated identity theft.
Recorded Future
Intelligence Cloud.
No previous article
No new articles
Jonathan Greig
is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.
