Australia sanctions Russian man for role in Medibank cyberattack

United States

Australia has sanctioned a Russian individual for his role in a cyberattack on health insurer Medibank MPL, -3.66%, the first time that Australia’s cyber sanctions framework has been used, officials said.

Nearly 10 million records were stolen in the 2022 attack, including names, dates of birth and sensitive medical information, and some of those records were published on the dark web, authorities said.

The government identified the individual being sanctioned as Aleksandr Ermakov. It said the sanction makes it a criminal offense to provide assets to Ermakov, or to use and deal with his assets. He is also subject to a travel ban.

Officials said the Australian Signals Directorate, one of Australia’s intelligence agencies, worked with the Australian Federal Police, other agencies and international partners to link Ermakov to the Medibank cyberattack.

“The use of these powers sends a clear message–there are costs and consequences for targeting Australia and Australians,” Foreign Minister Penny Wong said.

Australia has been subject to some high-profile cyberattacks in recent years, and deterring cybercriminals has been a focus for the government. Officials recently released a fresh cybersecurity strategy that called for publicly attributing cyberattacks and imposing sanctions when there was sufficient evidence to do so.

Telecom Optus was hit with a data breach in 2022 that also exposed customers’ personal information. In 2020, Australian officials said businesses and government agencies were being targeted by a sophisticated state actor in a large-scale cyberattack. And a 2019 incident targeted computer systems in the country’s parliament.

In October, Microsoft MSFT, -0.54% said it would collaborate with the Australian Signals Directorate to improve protection from cyber threats, amid concerns among cybersecurity professionals globally that cyberattacks were rising and stretching resources.