Australia has imposed cyber sanctions on a Russian individual for a Medibank Private network data breach 18 months ago.
During the attack, more than 9.7 million records were allegedly stolen, including Medicare numbers, sensitive medical information, dates of birth, and names.
Russian citizen Aleksandr Ermakov has been handed a travel ban and targeted financial sanctions, making it a criminal offence to provide assets to this individual or use or deal with his assets, including via cryptocurrency wallets or ransomware payments.
Foreign Minister Penny Wong, Defence Minister Richard Marles, and Home Affairs and Cyber Security Minister Clare O'Neil announced the measure in a joint press conference on Jan. 23.
Ms. Wong said the cyber sanctions send a clear message that there are “costs and consequences for targeting Australia and targeting Australians.”
“This morning I can announce that Australia has used cyber-sanctions powers for the very first time on a Russian individual for his role in the breach of the Medibank private network,” Ms. Wong told media.
“I can confirm that thanks to the hard work of the Australian Signals Directorate and the AFP, we have linked Russian citizen and cybercriminal Aleksandr Ermakov to the attack.”
However, Shadow Home Affairs Minister James Paterson has accused the government of taking too long to act and questioned why it has taken the government so long to impose the sanctions.
“The Australian Signals Directorate confirmed they had provided advice to inform possible Magnitsky sanctions against the Medibank hackers in May 2023. So why has it taken the Albanese government so long to act? When it comes to national security, this government is always too slow and too weak.”
Government ‘Worked Tirelessly’
The government said the Australian Signals Directorate, Australian Federal Police and other Commonwealth agencies and international partners have “worked tirelessly” to link Mr. Ermakov to the compromise of the Medibank Private network.Deputy Prime Minister Richard Marles said these agencies had worked for the past 18 months to “unmask” those responsible for the cyberattack on Medibank and ensure Australians are protected from malicious cyber activity.
“We continue to work with our friends and partners around the world to ensure cyber criminals are held to account for their actions and we will relentlessly pursue activities which disrupt their capability to target Australians in the cyberspace.”
Home Affairs and Cyber Security Minister Clare O'Neil said the Australian government “condemns malicious cyber activity.”
“We will work with our partners and do everything in our power to punish individuals who attempt to perpetrate cybercrime in this country,” Ms. O'Neil said.
