Snowflake customer database instances are being targeted for data theft and extortion by financially motivated threat actors. Mandiant has reported that up to 10 companies have been breached, with ransom demands ranging from $300,000 to $5 million. The attackers are using stolen credentials obtained via infostealer malware, and approximately 80% of the victims had prior credential exposure. Around 165 organizations have been exposed in this campaign. Mandiant has released a threat hunting guide to assist defenders in mitigating these attacks.