Australia sanctions second Russian cybercriminal

Brandon How

The Albanese government has deployed its autonomous cyber sanction powers for the second time, joining the United States and United Kingdom in imposing restrictions on another alleged Russian hacker.

Senior leader of ransomware group LockBit, Dmitry Yuryevich Khoroshev, is now subject to financial sanctions and a travel ban. The restrictions, announced on Wednesday, mean it is now illegal to provide assets to, or use or deal with Mr Khoroshev’s assets.

Mr Khoroshev was identified as a senior leader of LockBit by the Australian Signals Directorate (ASD) and the Australian Federal Police with support from international partners under Operation Cronos.

The powers were first used in January 2024 against another alleged Russian hacker involved in the 2022 Medibank cyber-attack, which compromised the personal details of nearly 10 million people.

Cybersecurity minister Clare O’Neil launches the 2023-2030 Australian Cyber Security Strategy in December 2023.

The identification of Mr Khoroshevb was a part of Operation Cronos, a Europol-led investigation which successfully disrupted LockBit critical infrastructure across Australia, Netherlands, Germany, Finland, France, Switzerland, the United States and the United Kingdom.

LockBit is a ransomware group that “works to destabilise and disrupt key sectors for financial gain”, according to the ASD’s Australian Cyber Security Centre (ACSC). ASD has also published an advisory on how to defend against LockBit.

Between April 2022 and March 2023, the group was behind 18 per cent of reported ransomware incidents in Australia. In the United States, the group has resulted in $91 million of ransomware payouts since the groups activity was first observed in the country in January 2020.

Cybersecurity minister Clare O’Neil said the sanctions are an “important step in breaking the ransomware business model, preventing cybercriminals from profiting from attacks on Australian citizens and businesses”.

“The damage done by LockBit in Australia is significant. For too long, criminals like those behind LockBit have hidden in the shadows,” Ms O’Neil said.

Foreign Affairs minister Penny Wong added that the Australian government “remains committed to promoting a rules-based cyberspace, grounded in international law and norms of responsible behaviour”.

She signalled that the government’s sanctions will continue to be used “where and when appropriate”.

The cyber sanctions framework was instituted in 2021 through the Autonomous Sanctions Amendment (Magnitsky-style and Other Thematic Sanctions) Bill.

Magnitsky-style listings – which target individuals responsible for corruption or human rights violations – were first used by the Coalition government at the end of March 2022. It targeted perpetrators of corruption and those involved with the abuse and death of Sergei Magnitsky, who had unveiled the corruption.

“Our government is changing that. Hunting down cyber criminals by working with our international partners to hack the hackers and punishing them where we can.”

Do you know more? Contact James Riley via Email.

Leave a Comment

Related stories