SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Australia
Guides
#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware
Search
Story image
#
SaaS
#
Ransomware
#
Cloud Security

Canadian & Turkish authorities arrest cybercriminal duo

Today
Author image
By Melania Watson, Interview Editor

Canadian and Turkish authorities have arrested two cybercriminals involved in a global campaign targeting misconfigured Software-as-a-Service (SaaS) platforms, compromising data from over 100 organisations.

Alexander 'Connor' Moucka, the alleged mastermind behind the operation known as threat cluster UNC5537, was detained by Canadian law enforcement. His accomplice, John Binns, was previously apprehended by Turkish authorities. These arrests have been considered a significant development in the cybersecurity realm.

The campaign, which began in April 2024, exploited vulnerabilities in misconfigured SaaS instances using stolen credentials.

This method allowed access to sensitive organisational data across multiple industries. The campaign's success has been attributed to the reliance on common tools to exploit these vulnerabilities.

Austin Larsen, Senior Threat Analyst at Google Cloud's Mandiant division, highlighted the importance of these arrests.

"This arrest serves as a deterrent to cybercriminals and reinforces that their actions have serious consequences," Larsen stated.

The threat actors involved not only stole data but also engaged in extortion by demanding ransoms for compromised information. This approach reveals the emerging risks that organisations face when cloud services are not secured with robust protocols. As SaaS solutions become more widespread, misconfigurations and poor access controls present new opportunities for cyber actors.

Mandiant emphasised the significance of stolen credentials in many attacks, with breaches often beginning from access obtained via phishing, infostealer malware, or purchased credentials. Infostealers, designed to harvest login details and personal information, are increasingly utilised by cybercriminals for extortion activities.

The arrest of Moucka and Binns has been a notable setback for the underground markets that trade in stolen data and malicious tools.

However, experts warn that the demand for such credentials remains high, as discussions about the development and sale of infostealers continue on dark web forums, fuelling extortion-based attacks.

Security professionals are urging organisations to reassess and enhance their cloud security strategies. Misconfigurations in cloud services are a primary cause of data exposure, and companies are encouraged to adopt proactive security measures, including regular audits, timely patching, and strict access controls, to minimise the risk of similar breaches.

The capture of Moucka and Binns provides a level of reassurance to affected organisations and highlights the importance of international collaboration in tackling cybercriminals.

Nevertheless, as threat actors advance their techniques, the cybersecurity industry must remain vigilant, especially as reliance on SaaS and cloud services continues to expand.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Coalition expands Australian team with cyber experts
Enterprise data and Generative AI: Safeguarding innovation and security in Australia’s cyber landscape
Logicalis Australia achieves Platinum status with Palo Alto
QuintessenceLabs deploys key appliance in Equinix centres
Genetec appoints Dale Simons as Account Executive for Victoria and Tasmania
Top stories
Google's Cloud mandates MFA, sparking mixed reactions
Exclusive: AWS’ sustainable cloud push drives 99% carbon footprint reduction for Aussie users
Dynatrace joins Her Tech Circle to boost gender equity
Threat actors increasingly strike out of hours, forcing a rethink on cybersecurity
CrowdStrike to acquire Adaptive Shield for cloud security