The government has imposed further sanctions over the cyberattack on Medibank Private. Photo: File.
The Federal Government has imposed additional cyber sanctions in response to the 2022 cyberattack against Medibank Private.
The sanctions mark the first time Australia has imposed cyber sanctions on an entity and the first time it has imposed sanctions on those providing the network infrastructure and services that make cyberattacks like that possible.
The government is imposing the cyber sanctions on the Russian entity ZServers and five Russian cybercriminals who provided the network infrastructure and services used to host and release the data stolen from Medibank.
The individuals are ZServers’ owner Aleksandr Bolshakov and employees Aleksandr Mishin, Ilya Sidorov, Dmitriy Bolshakov and Igor Odintsov.
The sanctions make it a criminal offence to provide assets to ZServers or the five sanctioned individuals or to use or deal with their assets, with penalties of up to 10 years’ imprisonment and/or heavy fines. The sanctions also ban the individuals from entering Australia.
The 2022 attack affected millions of Medibank’s customers whose personal and sensitive medical information was stolen. Some records were published on the dark web.
ZServers and the five sanctioned individuals also provided enabling services that supported a range of other cybercrimes, including ransomware activities conducted by affiliates of LockBit and BianLian and other ransomware groups.
Deputy Prime Minister Richard Marles said the sanctions send a clear message to malicious cyber actors that there are consequences for trying to do Australians harm.
“The Albanese Government continues to take decisive action to hold to account those responsible for one of Australia’s largest cyber incidents,” Mr Marles said.
“Importantly, this is the first cyber sanction against an enabler of cybercrime. Disrupting the criminal ecosystem in this way impacts hundreds of cybercriminals at once.”
Russian national Aleksandr Ermakov was the first person sanctioned for his role in the compromise of Medibank Private in 2022. Photo DFAT.
These measures follow the sanctions announced in January 2024 against Aleksandr Ermakov for his role in the Medibank Private data breach.
They are a result of the close collaboration between the Australian Signals Directorate (ASD), other Commonwealth agencies and key international partners, including the United Kingdom and the United States. The government says they have all worked tirelessly to unmask the cyber criminals.
The UK and the US have also imposed sanctions on malicious cyber actors.
Foreign Minister Penny Wong said the actions demonstrate the three nations’ collective resolve to combat cybercrime.
“The Albanese Government is using all elements of our national power to make Australia more secure and to keep Australians safe,” Senator Wong said.
“We are preventing, deterring and disrupting malicious cyber activity through attributions and targeted sanctions in the national interest.
“We will continue to work with our international partners to impose costs on cyber criminals and protect Australians from cyber threats.”
The ministers said the sanctions also reflect the government’s commitment in the 2023-2030 Australian Cyber Security Strategy to deter and respond to malicious cyber activity, including by using sanctions to hold cyber criminals to account.
Cyber Security Minister Tony Burke said the cybersecurity portfolio was established because national security requires cybersecurity.
Malicious cyber actors continue to target Australian governments, critical infrastructure, businesses and individuals.
Australia’s autonomous cyber sanctions framework is a key tool in imposing costs on cyber actors and protecting Australians from this threat.
Australians should report cybercrimes, incidents or vulnerabilities to the Australian Signals Directorate at 1300 CYBER1 (1300 292 371) or on its website.
Australian businesses can help protect themselves from ransomware by updating devices, regularly backing up files, and ensuring staff know never to visit suspicious websites, open emails from unknown sources, or click on suspicious links.
More information can be found at the Australian Signals Directorate.
Loading ...
