US soldier pleads guilty to AT&T and Verizon cyberattacks, linked to Snowflake data theft

Image depicting hands typing on a keyboard, with phishing hooks holding files, passwords and credit cards.

(Image credit: Shutterstock / janews)

A US Army soldier is facing charges linked to the Snowflake hack
The accused faces $500,000 in fines and 20 years behind bars
The soldier intends to plead guilty to all charges

A US army soldier accused of two counts of unlawfully transferring confidential phone records has said he intends to plead guilty.

The soldier attempted to “knowingly and intentionally sell and transfer, and attempt to sell and transfer, confidential phone records,” US prosecutors said [PDF].

Cameron John Wagenius, the accused, informed a federal court in Seattle of his plea on Wednesday following his arrest in January 2025. Prosecutors have also found links between Wagenius’ attacks against AT&T and Verizon, with the 2024 Snowflake hack that saw upwards of 150 accounts compromised.

Up to 10 years in prison

Wagenius faces a fine of up to $250,000 and a maximum prison sentence of 10 years for each of the two counts, according to documents filed by his lawyer. Wagenius’ involvement in the Snowflake hacks, alongside Connor Moucka and John Binns, was confirmed by prosecutors in January, who linked methods used the AT&T and Verizon attacks to the Snowflake account breaches.

U.S. attorney Tessa Gorman said the breaches “arise from the same computer intrusion and extortion and include some of the same stolen victim information.” The attack against Snowflake was among the worst cyberattacks of 2024, with corporate accounts linked to AT&T, Santander, and Ticketmaster compromised, with Moucka and Binns reportedly making upwards of $2 million through extortion.

In the underground world, Wagenius used the pseudonym ‘Kiberphant0m’, the same alias that threatened to leak sensitive US government call logs when one of his co-conspirators in the Snowflake attack was arrested.

Kiberphant0m demanded comms with AT&T, writing on a dark web forum that, “In the event you do not reach out to us, [AT&T], all presidential government call logs will be leaked. You don’t think we don’t have plans in the event of an arrest? Think again.”

Moucka, who was arrested in Canada, and Binns, who was arrested in Turkey, are both awaiting extradition to the US, where they face 20 counts of various crimes, including conspiracy, computer fraud and abuse, wire fraud, and aggravated identity theft.

Via TheRegister

This is the best endpoint protection software
Take a look at our guide to the best password manager
Lee Enterprises blames cyberattack for encrypting critical systems as US newspaper outages drag on

Benedict has been writing about security issues for over 7 years, first focusing on geopolitics and international relations while at the University of Buckingham. During this time he studied BA Politics with Journalism, for which he received a second-class honours (upper division), then continuing his studies at a postgraduate level, achieving a distinction in MA Security, Intelligence and Diplomacy. Upon joining TechRadar Pro as a Staff Writer, Benedict transitioned his focus towards cybersecurity, exploring state-sponsored threat actors, malware, social engineering, and national security. Benedict is also an expert on B2B security products, including firewalls, antivirus, endpoint security, and password management.