The Arkana Security Extortion Gang listed briefly over the weekend, appearing as new stolen tickets data, but instead it is theft figure during 2024 snowflake data theft attacks.
Forced recovery Posted screenshot posted Of the allegedly stolen data, advertising of 569 GB ticketmaster data for sale, which made speculation that it was a new violation.
Source: Bleepingcomputer
However, Bleepingcomputer has determined that the files shown in the Arkana post match the samples of ticketmaster data that we had previously seen during the 2024 snowflake data theft attacks.
In addition, the caption in one of the images was “Rapflacade Copy 4 Quick Cell 1 Buyer,” who references to a device called “rapflake”.
Rapeflece is a custom tool designed by danger actors to reconcile and exfiltrate data from the database of Snowflake.
As mentioned earlier, snowflake attacks targeted many organizations, including Santnder, Ticketmaster, AT & T, Advance Auto Parts, Neemon Marcus, Los Angeles Unified, Pure Storage and Silans. These attacks were known by a forced recovery group as Shainhemers.
These attacks were organized using the compromise snowflake credentials stolen by infosteals, which was then used to download the data of the company for use in forced recovery schemes.
Ticketmaster was one of the most widely outdoor victims in snowflake attack, which stolen personal and ticketing information. Data was offered for online sale, the company confirmed the violation in late May and began to inform the affected customers.
Following the initial leakage, the danger actors released their efforts to force them, claiming that a series of posts on a hacking forum had print-on-hom tickets and even Taylor Swift tickets.
While Arkana did not specify the origin of the data, the use of snowflake references and the files that match the first leaked files indicate that the group was trying to re -use old theft data.
Whether or not Arkana had bought this data earlier, is the group made up of danger actors who had earlier data, or whether they are working with shiny genirs to sell it, it is not clear.
On 9 June, the entry for ticketmaster data was removed from the Arkana security data leak site.
The name “Shineans” has been linked to a large number of violations over the years, including large -scale powerscool data breeches, where data for 62.4 million students and 9.5 million teachers for 6,505 school districts in the US, Canada and other countries was stolen.
Recently, Mandiants tied the shinniers to a recent campaign targeting salesforce accounts, where danger actor customers were violating accounts for stealing data and withdrawing companies.
As many danger actors have been arrested in the last three years, tied to Shinhetors (1, 2, 2, 3), It is not clear that it is a original group or other danger actor who claims them to throw up law enforcement.
Bleepingcomputer contacted Arkana and Ticketmaster about the listing, but he received no response.
Patching meant complex scripts, long and endless fire drills. No more.
In this new guide, the tines break down how it is leveling with modern organ automation. Patch fast, reduce overhead, and focus on strategic tasks – no complex script is required.
