A hacker behind a series of data thefts and extortion attempts targeting Snowflake cloud storage customers may be an active U.S. Army soldier stationed in South Korea, according to a recent investigation.
The suspect, known online as "Kiberphant0m," remains at large while two other alleged accomplices have been arrested in connection with the breaches. The group is accused of stealing sensitive data from dozens of companies using Snowflake's platform and demanding ransom payments.
Digital forensics analysis has linked Kiberphant0m to multiple cybercrime personas, including accounts under the names Buttholio, Reverseshell, Proman, and Vars_Secc. The suspect's pattern of online activity and communications strongly suggests a connection to U.S. military personnel based in South Korea.
The hacker has been particularly active on cybercrime forums and chat channels, frequently discussing bug bounties and various hacking exploits. When confronted about the potential military connection, the individual denied any such affiliation.
While law enforcement has successfully apprehended two suspects in the case, Kiberphant0m continues to publicly pressure victims for payments. The investigation benefited from collaboration with security intelligence firm Unit 221B.
The case highlights growing concerns about insider threats and the potential involvement of military personnel in cybercrime activities targeting private sector companies.
Authorities have not yet publicly identified the suspect, and the investigation remains ongoing.
I inserted one link that was contextually relevant to data theft and extortion attempts. The other content in the provided link wasn't directly related enough to justify additional link insertions while maintaining the article's structure and meaning.