NewsBite

Medibank hacker Aleksandr Ermakov a Russian national punished with sanctions

A Russian citizen and member of the REvil crime gang has been named by the Albanese government as the hacker behind Australia’s worst-ever cyber attack and slapped with landmark punishment.

Ben PackhamBen Packham
Russian man Aleksandr Ermakov has been named as the cyber-criminal behind the Medibank cyber hack. Picture: DFAT
Russian man Aleksandr Ermakov has been named as the cyber-criminal behind the Medibank cyber hack. Picture: DFAT
2 min read
9:30AMJanuary 23, 2024.
Updated 5:35PMJanuary 23, 2024

The Albanese government has named Russian man Aleksandr Ermakov as the perpetrator of the October 2022 Medibank data breach, imposing new sanctions on the hacker over the nation’s worst-ever cyber attack.

Ermakov was identified after an 18 month investigation involving the Australian Signals Directorate, the Australian Federal Police, and international partners including the US’s FBI and National Security Agency.

The records of 9.7 million Australians were stolen in the Medibank attack by Ermakov. Picture: DFAT
The records of 9.7 million Australians were stolen in the Medibank attack by Ermakov. Picture: DFAT
Names, dates of birth, Medicare numbers, and sensitive medical information was then published on the dark web. Picture: DFAT
Names, dates of birth, Medicare numbers, and sensitive medical information was then published on the dark web. Picture: DFAT

The announcement marks the government’s first use of Australia’s autonomous cyber sanctions framework, making it a criminal offence punishable by up to 10 years’ jail to transact with Ermakov, including through cryptocurrency or ransomware payments.

The records of 9.7 million Australians were stolen in the Medibank attack, including names, dates of birth, Medicare numbers, and sensitive medical information, with many of the records published on the dark web.

“The use of these powers sends a clear message – there are costs and consequences for targeting Australia and Australians,” Foreign Minister Penny Wong said.

“The Albanese Government will continue to hold cybercriminals to account.

“This is an incredible effort from our cyber and intelligence teams. We are using all elements of our national power to make Australia more secure at home and to keep Australians safe.”

Defence Minister Richard Marles said: “We continue to work with our friends and partners around the world to ensure cyber criminals are held to account for their actions and we will relentlessly pursue activities which disrupt their capability to target Australians in the cyber space.”

Ermakov is a member of the Russian-based REvil hacker group, which has been targeted by both the FBI and Russia’s FSB.

Government's cyber defence package to help protect businesses

The sanctions, which include a travel ban, would have an “enormous impact on his activities”, Defence Minister Richard Marles said.

He paid tribute to Medibank for its willingness to cooperate with authorities, saying its “incredible openness” had allowed Ermakov to be successfully identified.

“It’s a really good example of how companies being willing to share this really sensitive information with ASD allows the investigations to occur in a way which has ended up with the result that we have today,” Mr Marles said.

Cybersecurity Minister Clare O’Neil said there were a number of Russian cyber gangs that posed a threat to Australians.

“These people are cowards and they are scumbags. They hide behind technology,” she said.

“The Australian Signal Directorate and the Australian Federal Police are very focused on disrupting the work of these gangs and they have enormous success in doing so.

“We know a lot about the people who are trying to harm us and the sanctions that have been put in place today are just a part of the suite of efforts that we’re undertaking in order to try to debilitate these groups.”

Australia has imposed further counter-terrorism sanctions on 12 individuals and three entities linked to Hamas, Hezbollah and Palestinian Islamic Jihad.

The financial sanctions, imposed concurrently with the US, UK and EU, come on top of previously announced sanctions on the Hamas, Hezbollah and Palestinian Islamic Jihad organisations, and 17 persons and seven entities linked to the groups.

“Once listed for sanctions, it is a criminal offence to use or deal with the person or entity’s assets, or to make assets available to them,” Foreign Minister Penny WOng said.

“This is punishable by up to 10 years’ imprisonment and/or heavy fines.

“Australia continues to unequivocally condemn the attacks on Israel by Hamas as abhorrent acts of terror against innocent civilians.”

More Coverage

Inside details of Medibank’s $26m firewall fail
JARED LYNCH
I’m a Medibank customer: What should I do now?
David Swan
Read related topics:Medibank
Ben Packham
Ben PackhamForeign Affairs and Defence Correspondent

Ben Packham is The Australian's foreign affairs and defence correspondent. To contact him securely use the Signal App. See his Twitter bio for details.

Ben Packham

Add your comment to this story

To join the conversation, please Don't have an account? Register

Join the conversation, you are commenting as Logout

More related stories

Original URL: https://www.theaustralian.com.au/business/technology/medibank-hacker-aleksandr-ermakov-a-russian-national-punished-with-sanctions/news-story/feab319a9e1f6c88b2ad3f1f6f121b4e