Australia has used its new cyber powers for the first time against Russian citizen Aleksandr Ermakov in connection with his alleged involvement in the Medibank data breach.
According to the sanctions notice Ermakov, born in Russia on 16 May 1990, was also known as Alexander Ermakov, GustaveDore, aiiis_ermak, blade_runner or JimJones.
The breach, which occurred in 2022, resulted in the unauthorised access and compromise of millions of Australians’ private data, including sensitive medical information after Medibank’s network was hacked.
Last November, Prime Minister Anthony Albanese and the AFP confirmed the Medibank hack was linked to a Russian individual.
On Monday Foreign Minister Penny Wong and Deputy Prime Minister Richard Marles held a media conference to expose Aleksandr Ermakov as the man the AFP had been investigating.
Foreign Minister Penny Wong officially approved the use of Australia’s cyber-sanctions in this case, marking the first instance of their application.
Wong directly linked Ermakov to the cyber attack on Medibank, signaling a proactive response to cyber threats and a commitment to holding individuals accountable for their actions.
On Tuesday Senator Wong told reporters in Canberra it was an egregious violation after impacting some of the most vulnerable members of the Australian community.
Ermakov Hit With Financial Sanctions & Travel Ban
What are the sanctions?
The sanctions make providing assets to Ermakov or dealing with his assets a criminal offense, with penalties of up to 10 years in prison and significant fines. This includes actions involving cryptocurrency wallets or ransomware payments.
Deputy Prime Minister Richard Marles said publicly naming Ermakov would have an “enormous impact on his activities”.
Marles revealed the United States, the United Kingdom and companies such as Microsoft were involved in the investigation and praised Medibank for being “incredibly open” with their engagement with the ASD.
He also disclosed that the United States, the United Kingdom, and entities like Microsoft actively participated in the collaborative investigation
Home Affairs Minister Clare O’Neil says it would not be the last time the government named and shamed the “scumbags” involved in cyber attacks.
“This is the first time an Australian government has identified a cyber-criminal and imposed cyber-sanctions of this kind and it won’t be the last,”
“Today the Australian government is saying that when we put our minds to it, we’ll unveil who you are, and we’ll make sure you are accountable.” she said.
The health insurance company reported that hackers gained unauthorised access to the basic personal information of 9.7 million individuals in Australia.
The hack comprised 5.1 million Medibank customers, 2.8 million AHM clients, and 1.8 million international customers. The compromised data included individuals’ names, dates of birth, Medicare numbers, and sensitive medical information.
The incident also raised significant concerns about the protection of individuals’ private data and the potential consequences of such breaches on their privacy resulting in records published on the dark web.
The efforts of the Australian Signals Directorate and the Australian Federal Police in Operation Aquila, which led to the identification of Ermakov, were commended by the government.
How Aleksandr Ermakov was linked to Medibank’s data breach
Following an extensive investigation conducted by the Australian Signals Directorate (ASD) and the Australian Federal Police (AFP), Ermakov has been implicated in the cyberattack.
Collaborating with intelligence agencies globally, such as the UK’s GCHQ, the FBI, and the NSA, the investigators also forged partnerships with Microsoft and Medibank.
Although the hackers’ identities have been known for a while, their public revelation occurred recently. In November, AFP Commissioner Reece Kershaw confirmed the identification of the responsible groups.
While he refrained from disclosing specific names, he expressed confidence in having identified the individuals behind the cyberattack.
During the announcement, Commissioner Kershaw disclosed plans for Australian authorities to engage in discussions with Russian law enforcement regarding the apprehension of the cyberattack perpetrators for legal proceedings in Australia.
The initiative sparked a diplomatic dispute, prompting Russia’s ambassador to Canberra to assert that Australia should have shared the intelligence with Moscow.
According to head of the Australian cyber security centre Abbigail Bradshaw identifying Ermakov was part of a strategy to disrupt Russian cybercriminal syndicates.
“We know a lot about Mr Ermakov through our analysis and what we do know is that cybercriminals trade in anonymity, it is a selling quality.
“Naming and identifying with the confidence that we have from our technical analysis will most certainly do harm to Mr Ermakov’s cyber business.” she says.
