Threat operation UNC5537 began data extortion efforts against organizations impacted by the Snowflake breach, with up to 10 affected entities pressured to pay ransoms ranging from $300,000 to $5 million, BNN Bloomberg reports.
Mandiant reported that up to 165 Snowflake customers had their accounts compromised by UNC5537 through credentials exposed by information-stealing malware, with attackers noted by Mandiant senior threat analyst Austin Larsen noting attackers' use of fake nude photos and death threats against cybersecurity researchers looking into their operations.
"We anticipate the actor to continue to attempt to extort victims," said Larsen. Investigation into a potential partnership between UNC5537 and the Scattered Spider hacking collective in one or more attacks during the last six months is also being conducted by Mandiant.
Such a development comes as Snowflake is mulling the end of its internal probe following the absence of any unauthorized server access detections among its clients during the past few days.
