Australia has identified a Russian behind a devastating cyberattack, revealing for the first time the identity of the 33-year-old hacker and linking him to an international crime syndicate, AFP reports.
In November 2022, hackers broke into Australian private health insurer Medibank, stealing sensitive medical data and releasing it to the dark web.
Among the 9.7 million customers trapped in the high-profile cyberattack - one of the country's worst data breaches - was Australian Prime Minister Anthony Albanese.
Australian intelligence services have long suspected Russian hackers, who were previously tentatively linked to the REvil ransomware collective, were behind the breach.
After an 18-month investigation, Australia has taken the rare step of naming the person believed to be responsible: Russian citizen Alexander Gennadievich Ermakov, who was also the subject of the first sanctions in cyberspace history.
"This is the first time an Australian government has identified a cybercriminal and imposed cyber sanctions of this kind, and it certainly won't be the last time," Home Affairs Minister Clare O'Neill said.
"These people are cowards and scumbags. They hide behind technology and today the Australian Government says when we get to grips with this we will expose who you are and make sure you are held accountable," she added.
In a separate statement, the U.S. Treasury Department said Washington was imposing sanctions on Ermakov in coordination with Australia and the UK. The two countries acted in solidarity with Sydney, recognizing "the similar risk this actor poses to the United States and the United Kingdom," the Treasury said.
"The joint move underscores our collective resolve to hold these criminals accountable," Treasury Deputy Secretary Brian Nelson said.
Medibank hackers began exporting private health records to the dark web after the company, one of Australia's largest private health insurers, refused to pay a multimillion-dollar ransom.
The leaks were tailored to cause maximum harm: they targeted records related to drug abuse, sexually transmitted infections and pregnancy terminations.
"In my opinion, Medibank was the most devastating cyberattack we've experienced as a nation," O'Neill said.
"We all experienced it - literally millions of people who had personal data taken about themselves, about their family members, and cruelly put online for other people to see."
Following the attack, Australia strengthened its cyber security laws, vowing that the country's intelligence agencies would "hack the hackers".
In a mocking and cryptic response posted on the dark web, the hackers replied, "We always keep our word."
Ermakov, who used the online pseudonyms blade_runner and JimJones, will now be subject to a travel ban and stiff financial penalties, Foreign Minister Penny Wong said.
"This will mean that providing assets to this person - or using his assets, or handling them - will be a criminal offence punishable by up to 10 years' imprisonment," she added.
REvil -- an amalgam of ransomware and evil -- was reportedly liquidated by Russian authorities in 2022 after extorting an $11 million ransom from JBS Foods, a large food conglomerate.
The Australian government confirmed that Ermakov was a member of the REvil syndicate.
Monash University cybercrime expert Nigel Fair said proving who was behind an attack was "one of the hardest things" in cybersecurity.
"This is unlikely to deter other internationally based cyber criminals from attacking Australian organisations or individuals, but it is a step in the right direction," he said.
Defence Minister Richard Marles shared that Australian intelligence agencies had tracked Ermakov with the help of the National Security Agency in the US and GCHQ in the UK.
"Ermakoff does not have anonymity," he said. "His identity is now on display for all agencies around the world." /BGNES