cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

Government sanctions hacker behind Medibank data breach

The federal government has revealed that a Russian citizen is behind the nearly 10-million-person hack and will face serious sanctions under new cyber laws.

user icon David Hollingworth
Tue, 23 Jan 2024
Government reveals identity of hacker behind Medibank data breach
expand image

Three federal ministers have fronted the press to reveal the identity of the person behind 2022’s Medibank hack, which saw the personal data of 9.7 million Australians leaked on the dark web.

Deputy Prime Minister Richard Marles, Home Affairs Minister Clare O’Neil, and Foreign Minister Penny Wong made the announcement in Canberra on Tuesday (23 January) morning, confirming that a Russian individual named Aleksandr Ermakov was the person responsible for the attack.

In addition to sharing the hacker’s identity, the government also announced it would be using – for the first time – the ability to sanction an individual under Australia’s new cyber laws.


“I can confirm that thanks to the hard work of the Australian Signals Directorate and the AFP, we have linked Russian citizen and cyber criminal Aleksandr Ermakov to the attack,” Foreign Minister Wong said at a press conference.

“Australia has used cyber sanctions powers for the very first time on a Russian individual for his role in the breach of the Medibank Private network.”

According to the official sanctions notice, Ermakov is 24 years old and known under several aliases: GustaveDore, aiiis_ermak, blade_runner, and JimJones.

Australian Cyber Security Centre boss Abigail Bradshaw said that naming Ermakov would strike a blow to the hacker’s ability to “trade in anonymity”.

“It is a selling quality, and so naming and identifying with the confidence that we have from our technical analysis will, most certainly, do harm to [Ermakov’s] cyber business,” Bradshaw said.

In a separate statement, Foreign Minister Wong went into more detail.

“The Australian government has imposed a targeted financial sanction and a travel ban on Aleksandr Ermakov,” Foreign Minister Wong said. “This sanction makes it a criminal offence, punishable by up to 10 years’ imprisonment and heavy fines, to provide assets to Aleksandr Ermakov, or to use or deal with his assets, including through cryptocurrency wallets or ransomware payments.”

Foreign Minister Wong also said that “other leads” were being pursued as the investigation remains ongoing.

In a statement of her own on LinkedIn, Home Affairs Minister O’Neil offered some more scathing commentary.

“This is the first time an Australia government has identified a cyber criminal and imposed cyber sanctions of this kind, and it will not be the last,” Minister O’Neil said.

“Medibank in my view was the single most devastating cyber attack we have seen as nation. The cowards and scumbags behind this attack stole the records of millions of Australians, including names, dates of birth, Medicare numbers, and sensitive medical information and cruelly published these details on the dark web for others to see.”

Professor of Practice Nigel Phair of Monash University’s department of software systems and cyber security, faculty of information technology, has nothing but praise for the government’s response.

“I congratulate the Australian government for undertaking such a complex investigation,” Professor Phair said via email. “Attribution of cyber criminals is one of the hardest things to do. It is also the first time Australia has used sanctions, and while it most likely won’t result in the arrest of this individual (or probably any others), it puts sand in the gears of the cyber criminals by degrading their efforts to work with others in future criminal pursuits.”

“This is unlikely to dissuade other internationally based cyber criminals from targeting Australian organisations or individuals but is a step in the right direction. Australian organisations need to continue to protect their information holdings, the systems where these reside and the people who access it. This includes undertaking fundamental risk management and introducing a competent control framework.”

The Medibank hack was one of a string of high-profile attacks that placed cyber security front and centre in the minds of many Australians in 2022. It saw the personal details and medical records of about 9.7 million people compromised, some of which were published online.

At the time, a ransomware group called REvil was being investigated by the AFP, and the group had even been in contact with Medibank during negotiations on ransom payments. The group was demanding $15.6 million to not publish the data.

Aside from the reputational costs, Medibank is facing several class actions, as well as a $250 million penalty levied by the Australian Prudential Regulation Authority (APRA). Medibank itself has forecast the total cost for the hack to end up at $35 million in 2024.

UPDATED: To add further ACSC commentary and hacker’s age.
UPDATED: To add Minister O’Neil’s comments.
UPDATED: To add Professor Phair’s comments.

Comments powered by CComment

cd intro podcast

Introducing Cyber Daily, the new name for Cyber Security Connect

Click here to learn all about it
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.