Identity of Medibank hacker confirmed, government invokes cyber sanctions

A Russian individual has been named by the federal government as the person responsible for the 2022 Medibank hack that compromised the information of more than 4 million Australians.

Foreign Minister Penny Wong, Home Affairs Minister Clare O’Neil and Deputy Prime Minister Richard Marles confirmed on Tuesday morning that the man behind the hack was Aleksandr Ermakov and said the country’s cyber sanction laws would be used for the first time.

Wong, Marles and O’Neil confirmed at a joint press conference in Canberra that sensitive information was stolen and published on the dark web in an “egregious violation”, impacting some of the most vulnerable members of the Australian community.

“Australia has used cyber sanctions powers for the very first time on a Russian individual for his role in the breach of the Medibank Private network,” Wong said.

“I can confirm that thanks to the hard work of the Australian Signals Directorate and the AFP [Australian Federal Police], we have linked Russian citizen and cybercriminal, Aleksandr Ermakov to the attack.”

The personal information of customers of the country’s largest health insurer were harvested in an event that caused anger among those affected for the response from the company.

The stolen data was from current and former customers and included names, addresses, birth dates, Medicare numbers, contact information and claims data from the private health insurer.

The sanctions against Ermakov include financial penalties and a travel ban, meaning it is a criminal offence of up to 10 years imprisonment for individuals to provide assets to Ermakov or to use or deal with his assets, including through cryptocurrency wallets or ransomware payments.

Marles praised Medibank for its openness with ASD, while also confirming the government worked with companies such as Microsoft and overseas partners in the United States and United Kingdom to investigate the hacker.

“There is an enormously powerful effect which can be brought to bear in holding cybercriminals to account and the sanctions that have been put in place on Aleksandr Ermakov today and publicly naming him will have an enormous impact on his activities and send a very strong message to cybercriminals around the world that we mean business,” Marles said.

The Medibank hack was the “single most devastating” cyberattack the nation has experienced, O’Neil said, as it helped the government understand the enormous cost this problem has on Australians.

“It also showed us something about the calibre of people we are dealing with in terms of this problem … these people are cowards, and they are scumbags, they hide behind technology,” she said.

Who is Aleksandr Ermakov?

Ermakov is a Russian citizen and cybercriminal who was identified under a joint operation by the ASD and AFP. The naming of Ermakov was part of the ASD’s approach to disrupt the business of Russian cybercriminal syndicates.

Deputy director-general Abigail Bradshaw said identifying Ermakov would affect Russian cybercriminal syndicates and gangs that were dynamic and had multiple partners.

“We know a lot about Mr Ermakov through our analysis and what we do know is that cybercriminals trade in anonymity, it is a selling quality and so naming and identifying with the confidence that we have from our technical analysis will most certainly do harm to Mr Ermakov’s cyber business,” she said.

Australia has also imposed further counterterrorism and financing sanctions on 12 persons and three entities who are linked to Hamas, Hezbollah and the Palestine Islamic Jihad.

Cut through the noise of federal politics with news, views and expert analysis from Jacqueline Maley. Subscribers can sign up to our weekly Inside Politics newsletter here.

Most Viewed in Politics