Further cyber sanctions in response to Medibank Private cyberattack
- The Hon Richard Marles MP, Deputy Prime Minister, Minister for Defence
- The Hon Tony Burke MP, Minister for Home Affairs, Minister for Cyber Security
The Albanese Government has imposed additional cyber sanctions in response to the 2022 cyberattack against Medibank Private.
The attack affected millions of Medibank’s customers whose personal and sensitive medical information was stolen. Some records were published on the dark web.
This is the first time that Australia has imposed cyber sanctions on an entity and the first time Australia has imposed sanctions on those providing the network infrastructure and services that make cyberattacks like this possible.
The Government is imposing these cyber sanctions on the Russian entity, ZServers, and five Russian cybercriminals who provided the network infrastructure and services used to host and release the data stolen from Medibank. The individuals are ZServers’ owner, Aleksandr Bolshakov, and employees Aleksandr Mishin, Ilya Sidorov, Dmitriy Bolshakov and Igor Odintsov.
ZServers and the five sanctioned individuals also provided enabling services that supported a range of other cybercrimes, including ransomware activities conducted by affiliates of LockBit and BianLian and other ransomware groups.
The sanctions announced today make it a criminal offence to provide assets to ZServers or the five sanctioned individuals, or to use or deal with their assets, with penalties of up to 10 years’ imprisonment and/or heavy fines. The sanctions also ban the individuals from entering Australia.
Today’s sanctions follow the Government’s decisive action to sanction Aleksandr Ermakov, announced in January 2024, for his role in the Medibank Private data breach.
They are a result of the close collaboration between the Australian Signals Directorate (ASD), other Commonwealth agencies and key international partners, including the United Kingdom (UK) and the United States (US), who have all worked tirelessly to unmask these cybercriminals.
The UK and the US have also imposed sanctions on these malicious cyber actors, demonstrating our collective resolve to combat cybercrime.
These sanctions reflect the Albanese Government’s commitment in the 2023-2030 Australian Cyber Security Strategy to deter and respond to malicious cyber activity, including by using sanctions to hold cybercriminals to account.
Malicious cyber actors continue to target Australian governments, critical infrastructure, businesses and individuals. Australia’s autonomous cyber sanctions framework is a key tool in imposing costs on cyber actors and protecting Australians from this threat.
Australians should report cybercrimes, incidents or vulnerabilities to the Australian Signals Directorate at 1300 CYBER1 (1300 292 371) or https://www.cyber.gov.au/report.
Australian businesses can help protect themselves from ransomware by updating devices, regularly backing up files and ensuring staff know to never visit suspicious websites, open emails from unknown sources or click on suspicious links. More information can be found at cyber.gov.au/ransomware
Quotes attributable to Deputy Prime Minister Richard Marles:
“These sanctions send a clear message to malicious cyber actors that there are consequences of trying to do Australians harm.
“The Albanese Government continues to take decisive action to hold to account those responsible for one of Australia’s largest cyber incidents.
“Importantly, this is the first cyber sanction against an enabler of cybercrime. Disrupting the criminal ecosystem in this way impacts hundreds of cybercriminals at once.”
Quotes attributable to Foreign Affairs Minister Penny Wong:
“The Albanese Government is using all elements of our national power to make Australia more secure and to keep Australians safe.
“We are preventing, deterring and disrupting malicious cyber activity through attributions and targeted sanctions in the national interest.
“We will continue to work with our international partners to impose costs on cyber criminals and protect Australians from cyber threats.”
Quote attributable to Cyber Security Minister Tony Burke:
“This Government established the cybersecurity portfolio because national security requires cybersecurity. This strong action is about keeping Australians safe.”
Media enquiries
- Minister's office: (02) 6277 7500
- DFAT Media Liaison: (02) 6261 1555