Photo Credit: Microsoft Copilot
Cybersecurity defense firm Mandiant is stalking the Ticketmaster hacker known as Judische who was behind the massive Snowflake breach. This breach impacted Ticketmaster, AT&T, Lending Tree, and more than 165 companies who utilized Snowflake’s services.
A new 404 Media report highlights the cat-and-mouse game that cybersecurity experts are playing with the hacker in an attempt to track them down. The hacker, using the pseudonym Judische, spoke with 404 Media about the hack. Judische says he’s made around $2 million by stealing data from these companies and extorting them to pay up for the data’s supposed deletion.
Judische has published tranches of data from companies who refused to give in to the extortion scheme, including a tranche of Ticketmaster tickets for live shows including Taylor Swift’s ‘The Eras Tour.’
In these extortion attempts, Judische would contact the victim company and offer to produce a video proving the heisted data was deleted in exchange for payment. “But Judische often made terrible mistakes in those videos,” the report says. “In at least one case, the video showed his system’s hostname, which is how the computer identifies itself on a network.”
“Armed with that information, Austin Larsen, a senior threat analyst with Mandiant, identified where the server hosting some of Judische’s data was located. Larsen provided information to the relevant parties and the server was removed—delaying Judische from publishing a victim’s stolen data.”
Mandiant is coordinating with both U.S. and international law enforcement to take down Judische, who says he’s not too worried about what he calls “civilian law enforcement.”
While we don’t know if Ticketmaster paid Judische any ransom (he asked for $8 million), we do know that AT&T ponied up at least $370,000 to the hackers to delete the data they obtained. Mandiant has build a ‘moderate confidence’ profile of the hacker, saying they believe it is a male in his 20s who possibly lives in Canada. The hacker has an interest in video games, geopolitics, and catgirls. The cat-and-mouse game resulted in servers hosting stolen data in Moldova being taken down and moved to Ukraine—with Ukrainian officials eventually seizing those servers.
