Aussie Police Identify Russian Hackers Blackmailing Medibank

Australian police have blamed cyber criminals in Russia for the data breach of Australia’s leading health insurer.

Last month Medibank Private confirmed a ‘cyber incident’ where hackers stole 200GB of Australian patient data, including names, addresses, phone numbers, dates of birth, financial data, and in some case actual medical data.

Now in a short press conference, Australian Federal Police (AFP) Commissioner Reece Kershaw told reporters that investigators know the identity of the individuals responsible for the attack on Medibank, but he declined to name them, CNN reported.

Medibank blackmail

“The AFP is undertaking covert measures and working around the clock with our domestic agencies and international networks including Interpol. This is important because we believe those responsible for the breach are in Russia,” Commissioner Kershaw said.

It seems the hackers managed to obtain the health data of 9.7 million past and present customers, including 1.8 million international customers.

Unfortunately, the stolen files include health claim data for almost half a million people, including 20,000 people based overseas.

And to make matters worse, the Russian cyber criminals this week began releasing curated tranches of customer data onto the dark web. They categorised the files with titles such as good-list, naughty-list, abortions and boozy. This last category is for those patients who sought help for alcohol dependency.

Commissioner Kershaw was quoted by CNN as saying that police intelligence points to a “group of loosely affiliated cyber criminals” who are likely responsible for previous significant data breaches around the world, without naming specific examples.

“These cyber criminals are operating like a business with affiliates and associates who are supporting the business. We also believe some affiliates may be in other countries,” said Commissioner Kershaw, who reportedly declined to take questions due to the sensitivity of the investigation.

Don’t pay ransomware

In his statement on Friday, Commissioner Kershaw said Australian government policy did not condone paying ransoms to cyber criminals.

“Any ransom payment small or large fuels the cybercrime business model, putting other Australians at risk,” he said.

Kershaw said investigators at the Australian Interpol National Central Bureau would be talking with their Russian counterparts about the individuals, who he addressed directly with a threat to see them charged in Australia.

“To the criminals, we know who you are,” Kershaw was reported by CNN as saying. “And moreover, the AFP has some significant runs on the scoreboard when it comes to bringing overseas offenders back to Australia to face the justice system,” he said.

Earlier Friday, Australian Prime Minister Anthony Albanese reportedly said he was “disgusted” by the attacks and, without naming Russia, said the government of the country they come from should be held accountable.

“The nation where these attacks are coming from should also be held accountable for the disgusting attacks, and the release of information including very private and personal information,” Albanese reportedly said.

REvil hackers

Cyber security experts have said the criminals are likely linked to REvil, the Russian ransomware gang infamous for carrying out attacks on targets in the United States and elsewhere, including major international meat supplier JBS Foods last June.

Last November, the US State Department offered a $10 million reward for information leading to the identification or location of key leaders of REvil, also known as the Sodinokibi organised crime group.

In mid-January, Russian state news agency TASS reported that at least eight REvil ransomware hackers had been detained by Russia’s Federal Security Service (FSB) at the request of the US.

The FSB security services reportedly raided 25 addresses and arrested 14 individuals in Moscow, St. Petersburg, Leningrad and Lipetsk.

The gang shut down its operations in July 2021, before staging a failed comeback in September and having its information infrastructure hacked and forced offline by an international operation in October 2021.

In November 2021 a 22-year-old Ukrainian national was arrested in Romania and charged with activities as part of the REvil gang.

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Google Must Face Trial In Ad Tech Monopoly Case

Google loses bid for summary judgement as judge says 'too many facts in dispute' as…

7 hours ago

Silicon In Focus Podcast: Feeding the Machine

Learn how your business can meet the challenges associated with managing data across multiple platforms…

7 hours ago

Apple, Meta Likely To Face EU Antitrust Charges

Apple, Facebook parent Meta reportedly likely to face EU antitrust charges before August under new…

7 hours ago

Adobe Shares Jump On AI Success

Adobe shares post biggest gains in more than four years after it reports user take-up…

8 hours ago

Winklevoss’ Gemini To Pay $50m In Crypto Fraud Settlement

Winklevoss twins' Gemini Trust to pay $50m to settle cypto fraud claims over failed Gemini…

8 hours ago

Meta Delays EU AI Launch After Privacy Complaints

Meta delays Europe launch of AI in Europe after user, privacy group complaints over plans…

9 hours ago