This summer, a mysterious hacker group launched a series of landmark data breaches, all targeting customers of cloud data storage companies. Currently, a suspected hacker (considered by experts to be the leader of the group) has been arrested in Canada and may be on his way to stand trial in a U.S. court.

On Monday, Bloomberg reported that a Canadian man named Alexander Mukai (also known as Connor Mukai) was detained at the end of the month due to a provisional arrest warrant. The report further stated that Mukai subsequently appeared in court on the 1st for a hearing in the extradition proceedings.

Security researcher and Chief Research Officer of a security company, who has been tracking Muka's online activities for a long time, stated that under the leadership of the hacker alias, Muka is considered a notorious figure in the underground cybercrime world. She hinted that Muka's alleged hacking activities could date back several years before the intrusion incident.

The leader of a gang responsible for numerous major breaches over the past five years. According to a report by Google's security company in the month, suspicious activities related to customer accounts were first detected in the month. A joint investigation into the hacking incident was commissioned.

The report states that the system of the first unknown victim was breached, with the intruder using login details previously stolen by information-stealing malware. According to the report, in the ensuing months of chaos, data stored by over customers in the system may have been compromised or stolen. In this cyberattack, records from companies such as &, Santander Bank, and Owner were breached, affecting hundreds of millions of entries.

In the monthly report, it was stated that most of the compromised accounts did not have multi-factor authentication enabled and were accessed using credentials collected from information stealer logs (some of which can be traced back to years). Since the breach, it has updated its systems to require multi-factor authentication to be enabled by default.

A spokesperson for the company stated that it would not comment on the arrest. A spokesperson for the Canadian Department of Justice said that Muk was arrested at the request of the United States. As the extradition request is considered confidential communication between nations, we are unable to provide further comment on this case.

The cybersecurity company, a subsidiary of Google, responsible for investigating the vulnerability incident, referred to the hackers behind it as, the company's threat intelligence analyst Austin Larsen () described him as "one of the most influential threat actors of the year" in a statement to Wired. This operation led to significant data loss and ransom activities for organizations, highlighting the astonishing scale of harm that can be caused by individuals using off-the-shelf tools.

Although for months, the hacker behind the username has been linked to a Canadian, it is believed that they are not the only ones involved in the incident. As reported by Wired magazine, an American hacker is suspected of involvement in the & intrusion, for which the company paid millions of dollars to remove millions of stolen customer records. Other members of the cybercrime gang remain at large.

(Now accused as Muka) hails from a cybercrime community known as "", an underground network composed of young hackers and internet trolls active on platforms, responsible for hacking and other digital crimes including ransomware, card swapping, cryptocurrency theft, sextortion, and harassment. The ransomware organization is one of several criminal groups associated with the community, having launched highly destructive ransom attacks against victims such as MGM Resorts and Caesars Entertainment.

These people treat criminal laws as a checklist. I know he has been part of the organization for a long time, close to a decade. Apparently, he was immersed in the organization's culture in his teens, how old is Mukka now. When people grow up in an organization, they become like this.

Throughout the past year, we have been tracking him and his accomplices, during which he once made a security operation mistake that could have led to law enforcement discovering his identity. Although he refused to disclose what the error was and when it specifically occurred, he subsequently attempted to cover up this accidental discovery by posting false leads and misinformation on the platform, which he referred to as "poison."

Law enforcement agencies have been aware of Muka's identity since at least the beginning of the month. While Muka's arrest is far from the end of this cybercrime network, it is a potentially significant step in addressing the chaos caused by large criminal networks. It is an example of a larger principle observed in the world of cybercrime, where a small number of criminals are often responsible for the majority of harm. This case is significant because they successfully apprehended one of the very few criminals who caused serious harm. It's a good start. We need to arrest more cybercriminals who cause severe damage.