Australia sanctions Russian hacker over Medibank cyber-attack

Australia has sanctioned a Russian hacker for his involvement in the Medibank cyber-attack, marking the first time the federal government has used Magnitsky-style powers to name and shame a cyber criminal.

Foreign minister Penny Wong revealed the sanctions against 34-year-old Alexander Ermakov on Tuesday following almost 18 months of investigation by the Australian Signals Directorate (ASD) and the Australian Federal Police (AFP).

“Thanks to the hard work of the ASD and the Australian Federal Police we have linked Russian citizen and cyber criminal, Alexander Ermakov, to the attack,” Ms Wong said announcing the attribution and sanctions.

Foreign minister Penny Wong, Defence minister Richard Marles and Cybersecurity minister Clare O’Neil announce cyber sanctions. Source: LinkedIn/Clare O’Neil

The October 2022 Medibank cyber attack saw the data of 9.7 million current and former customers stolen, with many of the records, including Medicare numbers and sensitive medical information, published on the dark web.

Federal police attributed the attack to a “group of loosely affiliated cyber criminals” believed to be in Russia soon after the attack in November 2022, but took the decision not to name the individual at the time.

On Thursday, the government confirmed that Mr Ermakov was part of the Russian-based ransomware-as-a-service crime group REvil. REvil was suspected of being linked to the breach at the time.

The sanctions imposed include both a “targeted financial sanction” and a travel ban, which Ms Wong said would make it a criminal offence, punishable with up to 10 years prison, to “provide assets to Ermakov or to use or deal with his assets, including through cryptocurrency wallets”.

“This is the first time Australia’s autonomous cyber sanctions have been used. It sends a clear message that there are costs and consequences for targeting Australia for targeting Australia and targeting Australians,” she said.

The cyber sanctions framework that enabled the imposition of target financial sanctions and travel bans was introduced through the Autonomous Sanctions Amendment (Magnitsky-style and Other Thematic Sanctions) Bill in 2021

In March 2022, the former government used the first set of Australian Magnitsky-style listings to target Russian individuals responsible for the mistreatment and death of Sergei Magnitsky, who uncovered widespread corruption by Russian tax and law enforcement officials.

Defence minister Richard Marles said the “hugely significant and unprecedented step” of identifying Mr Ermakov had only been possible thanks to ASD, who worked closely with Microsoft and law enforcement and national security partners both in Australia and overseas.

Mr Marles said that by taking away Mr Ermakov’s anonymity – the “calling card” of a cyber criminal – the sanctions would have an enormous impact on his activities and send a strong message to cybercriminals around the world.

“We have named him for the first time globally, and his identity now being completely plain is on display for every agency around the world but also anybody who is seeking to operate with him, so this will have a very significant impact,” he said.

Cybersecurity minister Clare O’Neil said the sanctions were a “direct result” of the “hack the hackers” taskforce set up last year to hunt down and disrupt the criminal syndicates and gangs targeting Australian in cyber-attacks.

“The sanctions that are being put in place today are just a part of the suite of efforts that we are undertaking in order to try to debilitate these groups,” she said of the program that ASD and AFP officers set up last year.

“Part of the work that is happening globally is really important to this. What I’ve seen, even in the time that I’ve been cybersecurity minister, is closer and closer collaboration day-by-day in working out who is behind this and deliberating them before they can harm Australians.”

Shadow minister for cybersecurity James Paterson welcomed the first use of the Magnitsky cyber sanctions, but questioned why it had taken so long and said sanctions should also have been applied to the Russian government.

“Cyber sanctions are important though because what we’re trying to do is shape international norms,” Mr Paterson told Sky News.

“We’re trying to put a cost on this behaviour. We should be doing that with offensive cyber operations against these gangs, and we should be doing it by sanctioning not just these gangs, but the governments which harbour them. The Russian government knows that this activity takes place on their soil.”

Do you know more? Contact James Riley via Email.

Leave a Comment

Related stories