Australian spies blame Russian for major cyber attack

Hackers infiltrated Australian private health insurer Medibank in November2022, stealing sensitive medical records and leaking them on the dark web.
Among the 9.7 million customers caught up in the high-profile cyber attack --one of the country's worst data breaches -- was Australian Prime MinisterAnthony Albanese.
Australian intelligence agencies have long suspected Russian hackers werebehind the breach, which has previously been tentatively linked to the REvilransomware collective.
Following an 18-month investigation, Australia has now taken the rare step ofnaming the individual believed responsible: Russian citizen AleksandrGennadievich Ermakov, who has also been hit with first-ever cyber sanctions.
"This is the first time an Australian government has identified a cybercriminal and imposed cyber sanctions of this kind and it won't be the last,"Home Affairs Minister Clare O'Neil told reporters.
"These people are cowards and they're scum bags," she added.
"They hide behind technology, and today the Australian government is sayingthat when we put our minds to it, we'll unveil who you are, and we'll makesure you are accountable."
The Medibank hackers started leaking private health records on the dark webafter the company, one of Australia's largest private health insurers,refused to pay a multi-million dollar ransom.
The leaks were selected to cause maximum harm: targeting records related todrug abuse, sexually transmitted infections and pregnancy terminations.
"Medibank in my view was the single most devastating cyber attack we haveexperienced as a nation," O'Neil said Tuesday.
"We all went through it, literally millions of people having personal dataabout themselves, their family members, taken from them and cruelly placedonline for others to see."
- 'Hack the hackers' -
Australia beefed up its cyber security laws in the wake of the Medibankattack, pledging that the country's intelligence agencies would proactively"hack the hackers".
In a taunting and cryptic reply posted to the dark web, the hackersresponded: "We always keep our word."
Ermakov, who used the online aliases blade_runner and JimJones, would now betargeted by a travel ban and strict financial sanctions, Foreign MinisterPenny Wong said.
"This will mean it's a criminal offence, punishable with up to 10 yearsimprisonment, to provide assets to him -- or to use or deal with his assets,"she told reporters.
Photos released by the Australian government showed Ermakov as a fresh-facedyoung man with short dark hair and a wry smile.
REvil -- an amalgam of ransomware and evil -- was reportedly dismantled byRussian authorities in 2022 after it extorted an $11 million ransom from JBSFoods, a major food conglomerate.
The Australian government confirmed Ermakov was a member of the REvilsyndicate.
Monash University cyber crime expert Nigel Phair said proving who was behindan attack was "one of the hardest things to do" in cyber security.
"This is unlikely to dissuade other internationally-based cyber criminalsfrom targeting Australian organisations or individuals, but is a step in theright direction," he said.
Defence Minister Richard Marles said Australia's intelligence agencies hadtracked down Ermakov with the help of the National Security Agency in theUnited States, and GCHQ in the United Kingdom.
"Ermakov doesn't have anonymity," he said.
"We have named him for the first time globally. And his identity is now ondisplay for every agency around the world."