BrianKrebs on Nostr: Might be my best sleuthing scoop this year (ah still 30+ days to go!): Hacker in ...
Might be my best sleuthing scoop this year (ah still 30+ days to go!):
Hacker in Snowflake Extortions May Be a U.S. Soldier
Two men have been arrested for allegedly stealing data from and extorting dozens of companies that used the cloud data storage company Snowflake, but a third suspect — a prolific hacker known as Kiberphant0m — remains at large and continues to publicly extort victims. However, this person’s identity may not remain a secret for long: A careful review of Kiberphant0m’s daily chats across multiple cybercrime personas suggests they are a U.S. Army soldier who is or was recently stationed in South Korea.
Published at
2024-11-27 00:51:20 UTCEvent JSON
{
"id": "6f366c9f8ddea5e4fde657fb77f52793f3c426a95063394a985ff92b821d8541",
"pubkey": "662250ce4d037de109a64a6a0230f7899f922b76346388b3e7ca06fe9490358d",
"created_at": 1732668680,
"kind": 1,
"tags": [
[
"proxy",
"https://infosec.exchange/@briankrebs/113552174657055171",
"web"
],
[
"imeta",
"url https://media.infosec.exchange/infosec.exchange/media_attachments/files/113/552/161/936/299/203/original/48a954e18daa76d2.png",
"m image/png"
],
[
"imeta",
"url https://media.infosec.exchange/infosec.exchange/media_attachments/files/113/552/171/408/251/737/original/e2c0f39c35f8bfc0.png",
"m image/png"
],
[
"proxy",
"https://infosec.exchange/users/briankrebs/statuses/113552174657055171",
"activitypub"
],
[
"L",
"pink.momostr"
],
[
"l",
"pink.momostr.activitypub:https://infosec.exchange/users/briankrebs/statuses/113552174657055171",
"pink.momostr"
],
[
"-"
]
],
"content": "Might be my best sleuthing scoop this year (ah still 30+ days to go!):\n\nHacker in Snowflake Extortions May Be a U.S. Soldier\n\nTwo men have been arrested for allegedly stealing data from and extorting dozens of companies that used the cloud data storage company Snowflake, but a third suspect — a prolific hacker known as Kiberphant0m — remains at large and continues to publicly extort victims. However, this person’s identity may not remain a secret for long: A careful review of Kiberphant0m’s daily chats across multiple cybercrime personas suggests they are a U.S. Army soldier who is or was recently stationed in South Korea.\nhttps://media.infosec.exchange/infosec.exchange/media_attachments/files/113/552/161/936/299/203/original/48a954e18daa76d2.png\nhttps://media.infosec.exchange/infosec.exchange/media_attachments/files/113/552/171/408/251/737/original/e2c0f39c35f8bfc0.png\n",
"sig": "8bce3b941662b083e85a567efdec3fde62673279cd2b558664af5807a7ef16eebe45b8c6d9f1a0adb29d973ad70badd163f85fccb7850d1fa0906e5d571a8d0c"
}
