Russian Medibank hacker first to be hit with sanctions

Kat Wong, Andrew Brown and Neve Brissenden |

The Medibank data breach was the most devastating cyber attack Australia has experienced.
The Medibank data breach was the most devastating cyber attack Australia has experienced.

A Russian man has been sanctioned by the government for his role in a data breach which compromised the personal details of more than 10 million Australians.

At least 9.7 million Medibank customers had information including names, dates of birth, addresses and phone numbers compromised in October 2022, some of which was published on the dark web.

But a joint operation conducted by the Australian Signals Directorate and the Australian Federal Police with other agencies and international partners was able to link a Russian citizen and cybercriminal for his role in the cyber attack.

Meibank signage
Ten million Medibank customers had their private information compromised in a 2022 cyber attack. (Diego Fedele/AAP PHOTOS)

The Australian government responded on Tuesday, imposing cyber sanction powers for the first time on Aleksandr Ermakov.

This means it will be a criminal offence to provide assets, overhaul, or use or deal with Mr Ermakov’s assets, including through cryptocurrency wallets or ransomware payments – any breaches will be punishable with up to 10 years in prison.

Though the sanctions are notable, Monash University cybersecurity expert Nigel Phair said they are unlikely to dissuade other internationally-based cyber criminals from targeting Australian organisations or individuals.

“While it most likely won’t result in the arrest of this individual (or probably any others), it puts sand in the gears of the cyber criminals by degrading their efforts to work with others in future criminal pursuits,” he said.

Professor Phair said Australian organisations needed to continue to work on their cybersecurity measures.

“We (must) grow our national expertise to collectively safeguard our ‘cyber borders’,” he said.

Home Affairs Minister Clare O’Neil called the cybercriminals “cowards and scumbags who hide behind technology”.

Penny Wong (l), Richard marles (c), Clare O'Neil (R)
Clare O’Neil says numerous Russian criminal cyber gangs are a threat to Australians. (Mick Tsikas/AAP PHOTOS)

“This is a very important day for cyber security in our country,” she told reporters in Canberra.

“It has helped us understand the enormous cost is a problem … and showed us something about the calibre of people we are dealing with.

There are several Russian cyber gangs at the heart of the threats Australians face, according to the government.

The sanctions imposed are part of Australia’s efforts to debilitate these organisations 

Many of them are dynamic and work in clusters, Australian Cyber Security Head Abigail Bradshaw said, so naming and identifying cybercriminals will hurt their efforts.

Foreign Affairs Minister Penny Wong said the sanctions sent a message.

“There are costs and consequences for targeting Australia and targeting Australians,” she said.

“The sanctions are part of Australia’s efforts to ensure that we uphold the international rules-based order.”

Opposition cyber security spokesman James Paterson said the coalition welcomed the sanctions but criticised the time it took to impose the penalty.

“The opposition called on the Albanese Government to take this action in November 2022 – why are we only seeing action being taken now?” he said.  

“The … government’s delays do not reflect the diligent and timely work of our law enforcement and security agencies which enabled the sanctioning of the individual.”

While it was unlikely Russia’s government would penalise Mr Ermakov, work was needed to minimise the likelihood of further cyber attacks, Senator Paterson said.

“Cyber sanctions are important though, because what we’re trying to do is shape international norms, we’re trying to put a cost to this behaviour,” he told Sky News.

“We cannot just click our fingers and make this go away.”