Australian spy agencies say Russian citizen behind cyber attack

Australia named Russian hacker Aleksandr Gennadievich Ermakov as the individual behind the 2022 Medibank hack. PHOTO: REUTERS
Updated
Jan 23, 2024, 06:57 PM
Published
Jan 23, 2024, 10:50 AM

SYDNEY - Australia has pinned a crippling 2022 cyber attack on a Russian citizen, announcing on Jan 23 a series of “unprecedented” sanctions targeting the newly unveiled 33-year-old hacker.

Anonymous hackers caused one of Australia’s worst data breaches in November 2022, stealing sensitive medical records from one of the country’s largest private health insurers.

Among the 9.7 million customers impacted by the high-profile cyber attack was Australian Prime Minister Anthony Albanese.

Australian intelligence agencies have long suspected criminal Russian hackers were behind the breach, which has previously been linked to the notorious REvil collective.

Following an 18-month investigation, Australia has now taken the rare step of naming the individual believed responsible: Aleksandr Gennadievich Ermakov.

“This is the first time an Australian government has identified a cyber criminal and imposed cyber sanctions of this kind, and it won’t be the last,” Home Affairs Minister Clare O’Neil told reporters.

“These people are cowards and they’re scumbags,” she added.

“They hide behind technology and today, the Australian government is saying that when we put our minds to it, we’ll unveil who you are, and we’ll make sure you are accountable.”

The Medibank hackers started leaking private health records on the dark Web after the company refused to pay a multi-million dollar ransom.

The first leaks were selected to cause maximum harm: targeting records related to drug abuse, sexually transmitted infections, or pregnancy terminations.

“Medibank in my view was the single most devastating cyber attack we have experienced as a nation,” Ms O’Neil said on Jan 23.

“We all went through it, literally millions of people having personal data about themselves, their family members, taken from them and cruelly placed online for others to see.”

More On This Topic
Australia says hacks surging, state-sponsored groups targeting critical infrastructure
Australia ports firm fights to restore operations after cyber incident

‘Hack the hackers’

Australia beefed up its cyber security laws in the wake of the Medibank attack, pledging that the country’s intelligence agencies would proactively “hack the hackers”.

In a taunting and cryptic reply posted to the dark Web, the hackers responded: “We always keep our word.”

Ermakov, who used the online aliases blade_runner and JimJones, would now be targeted by a travel ban and strict financial sanctions, Foreign Minister Penny Wong said.

“This will mean it’s a criminal offence, punishable with up to 10 years imprisonment, to provide assets to him – or to use or deal with his assets,” she told reporters.

Defence Minister Richard Marles said Australia’s intelligence agencies had tracked down Ermakov with the help of the National Security Agency in the United States, and GCHQ in the United Kingdom.

“Ermakov doesn’t have anonymity,” he said.

“We have named him for the first time globally. And his identity is now on display for every agency around the world.”

REvil – an amalgam of ransomware and evil – was reportedly dismantled by the Russian authorities in 2022, after extracting a US$11 million (S$14.7 million) ransom from JBS Foods, a major food conglomerate. AFP

More On This Topic
Australia’s health system prime target for hackers, minister says
New battleground takes shape as nations gather cyber forces

Join ST's Telegram channel and get the latest breaking news delivered to you.

Available for
iPhones and iPads
Available in
Google Play

MCI (P) 066/10/2023. Published by SPH Media Limited, Co. Regn. No. 202120748H. Copyright © 2024 SPH Media Limited. All rights reserved.

Back to the top