Australia has blamed a spectacular 2022 cyberattack against the Australian private health insurance group Medibank on a Russian hacker, Aleksandr Ermakov against whom it announced a series of “unprecedented” sanctions (AFP/Archives/Muhammad FAROOQ)
Australia on Tuesday blamed a spectacular 2022 cyberattack on a Russian hacker, Aleksandr Ermakov, 33, against whom it announced a series of “unprecedented” sanctions.
In November 2022, Australian private health insurance group Medibank was the target of hackers during a high-profile cyberattack.
Hackers gained access to the medical data of some 9.7 million patients, including that of Australian Prime Minister Anthony Albanese, in one of the worst data thefts ever recorded in the country.
Australian intelligence agencies have long suspected Russian hackers of being behind the attack, which had previously been linked to the REvil hacking collective.
At the end of 18 months of investigation, Australia took the exceptional decision to reveal the identity of the alleged perpetrator: Aleksandr Gennadievich Ermakov and announced an unprecedented set of sanctions against him.
“This is the first time an Australian government has identified a cybercriminal and imposed cybersanctions of this type and it will not be the last,” Home Affairs Minister Clare O’Neil told reporters.
“These people are cowards and trash,” she said.
“They’re hiding behind the technology and now the Australian government is saying when we take care of it, we’re exposing who you are and we’re holding you to account.”
In this attack, hackers began leaking personal medical records maintained by Medibank on the dark web after the company refused to pay a multimillion-dollar ransom.
The first leaks were selected to cause maximum harm: they concerned files related to drug use, sexually transmitted infections or terminations of pregnancies.
“Medibank, in my opinion, was the most devastating cyberattack we have seen as a nation,” Ms. O’Neil said Tuesday.
“We’ve all been there, millions of people have had personal data about themselves and their family members taken away and cruelly put online for others to see.”
– “Hack the pirates” –
Australia has strengthened its cybersecurity laws following the Medibank attack, pledging that the country’s intelligence agencies will proactively “hack the hackers”.
In a provocative and cryptic response posted on the dark web, the hackers responded: “We always keep our word.”
Aleksandr Ermakov, who used the online aliases blade_runner and JimJones, is now subject to a travel ban and strict financial sanctions, Foreign Minister Penny Wong said.
“This means that providing assets to it, or using or managing its assets, will be a criminal offense, punishable by up to 10 years’ imprisonment,” she said. to journalists.
In photos published by the Australian government, Aleksandr Ermakov appeared with a young face, short brown hair and a smirk.
The REvil collective, whose name is a portmanteau of “ransomware” and “evil” – was dismantled in 2022 by Russian authorities after obtaining a ransom of $11 million from of JBS Foods, a food giant.
The Australian government confirmed he was a member of the REvil union.
Nigel Phair, a cybercrime expert at Monash University in Melboune, said finding out who is behind an attack is “one of the hardest things to do” in cybersecurity.
“This is unlikely to deter other international cybercriminals from targeting Australian organizations or individuals, but it is a step in the right direction,” he said.
Defense Minister Richard Marles said Australian intelligence agencies had tracked down Aleksandr Ermakov with the help of the American (NSA) and British (GCHQ) intelligence services.
“Ermakov is not anonymous,” he said. “We have named him, which is a first. And his identity is now displayed in all agencies around the world,” he stressed.
© 2024 AFP
Did you like this article ? Share it with your friends using the buttons below.
