Moscow must hold Russian cybercriminals accused of hacking Australia’s largest health insurance company and exfiltrating customers’ personal medical records on the dark web, Australian officials say said on Friday.
Australian Federal Police have taken the unprecedented step of identifying responsibility for an unsolved cybercrime in which the personal data of 9.7 million current and former Medibank customers were stolen.
Australian Federal Police Commissioner Rhys Kershaw said a group of “loosely linked cybercriminals” operating like a corporation in Russia were involved in the Medibank attack and other major security breaches around the world. He said it was likely that
“I know who is responsible, but I won’t name them,” Kershaw told reporters. We are talking to the agency.”
Prime Minister Anthony Albanese, a Medibank customer whose personal data was stolen, said he had authorized police to reveal the source of the attack.
“We know where they came from and who is responsible, and we say they should be held accountable,” Albanese said.
“The countries in which these attacks take place must also be held accountable for the offensive attacks and for the disclosure of information, including highly private and personal information,” Albanese added.
Officials at the Russian Embassy in Australia could not be reached immediately for comment.
The extortionist is associated with the well-known Russian cybercriminal group REvil (short for Ransomware Evil, also known as Sodinokibi).
The Russian Federal Security Service said REvil “ceased to exist” in January after several arrests were made at the insistence of the United States.
The old REvil dark website had started redirecting traffic to a new site hosting stolen Medibank data.
Fergus Hanson, director of the Cyber Policy Center at the think tank Australian Strategic Policy Institute, said he was not surprised that the criminal gang was based in Russia.
Hanson said the usernames and passwords stolen by Medibank employees gave hackers access to the company’s databases and were sold on Russian dark web forums.
Hanson didn’t expect the perpetrators operating in Russia to be brought to justice.
However, Australia can use its offensive cyber capabilities against Russian gangs and prosecute their affiliates that police suspect are operating in other countries.
Hanson told the Australian Broadcasting Corporation: “There is the possibility of carrying out operations against the groups to disrupt their activities, but in terms of seeing them go to jail or appear in court, it’s very unlikely. I think the chances of that happening are pretty low,” he said.
Cybercriminals dumped personal medical records on the dark web for three days on Friday. This time, it focused on alcohol-related illnesses and pressured Medibank to pay a ransom.
Criminals on Wednesday described a “naughty” list of customer records, including those related to treatment for HIV and drug addiction, after Medibank denied paying a ransom for the return of hacked data. started.
In files the thieves labeled “liquor,” the focus shifted to aborted pregnancies in Thursday’s dumping and conditions associated with harmful levels of alcohol consumption in Friday’s dumping. The treatment records of more than 700 customers were released by Friday in what has been described as Australia’s most invasive cybercrime.
In addition, many of our customers’ other personal information is also exposed, and can be subject to spoofing and fraud, such as phone numbers and email addresses.
Confirming the third dump, Medibank CEO David Koczkar said his company is reaching out to and providing support to its compromised customers. He expected the daily dumps to continue.
“The relentless nature of this tactic used by criminals is designed to cause pain and harm,” Kotker said.
“These are the real people behind this data, and their misuse of the data is deplorable and could discourage them from seeking medical care,” he added.
The gang, which has come to be known in cybersecurity circles as BlogXX, accused Medibank of failing to pay a $9.7 million ransom demand.
“But we warned you. If we haven’t received the ransom, we will always keep our promises — no one will believe us in the future, so we should post this data,” they said on Friday. posted.
Kershaw said Australian government policy does not condone paying ransoms to cybercriminals.
“Any ransom payment, big or small, fuels the cybercrime business model and puts other Australians at risk,” said Kershaw.
Australian authorities want the data to remain confined to the dark web and not disseminated to a wider audience by social media or reported in detail by news media.
Albanese urged anyone with access to the data.
“We need to provide a deterrent to this type of criminal and disgusting behavior that is reprehensible,” Albanese said.
“It is causing a great deal of distress to the community. Yes,” Albanese added.
