Who is Aleksandr Ermakov, the Russian hacker sanctioned by Australia?

Australia has levelled a set of sanctions against Ermakov, including “targeted financial sanctions”, and a travel ban as part of a plan to disrupt Russian cybercrime syndicates.

He’s being held responsible for an attack on health insurance business Medibank, which exposed the private information of nearly 10 million Australians.

Here is the information known about Aleksandr Ermakov:

Australia’s intelligence agencies believe Aleksandr Ermakov is linked to Russian cyber-crime syndicates. (DFAT)

Who is Aleksandr Ermakov?

Aleksandr Ermakov’s identity has been revealed to the world by the Australian government and intelligence agencies.

Aleksandr Ermakov is a Russian citizen, who Australia’s intelligence agencies say has links to cybercrime gangs.

Ermakov is believed to be associated with the “REvil” hacking group, a notorious group of Russian cybercriminals.

Abbigail Bradshaw, the head of the Australian cyber security centre said that publicly identifying Ermakov was part of a strategy to disrupt Russian cybercriminal syndicates.

“REvil is only one of many cyber-gangs. They’re dynamic and have multiple partners,” she said.

“We know a lot about Mr Ermakov through our analysis and what we do know is that cybercriminals trade in anonymity, it is a selling quality.

“Naming and identifying with the confidence that we have from our technical analysis will most certainly do harm to Mr Ermakov’s cyber business.”

Aleksandr Ermakov picture in an unknown bottle shop. (DFAT)

Why has Aleksandr Ermakov been sanctioned?

Aleksandr Ermakov has been sanctioned over his role in the massive Medibank hack of 2022, one of the largest and most compromising cyberattacks in Australian history.

It is unclear if he operated alone.

The health insurer said that 9.7 million Australians had their basic personal information accessed by the hackers, including 5.1 million Medibank customers, 2.8 million AHM clients and 1.8 million international customers.

Today Foreign Minister Penny Wong and Deputy Prime Minister Richard Marles held a media conference to expose Aleksandr Ermakov as the man the AFP had been investigating.

“Ermakov doesn’t have anonymity, we have named him for the first time globally,” Marles said.

“His identity now being completely plain is on display for every agency around the world.”

He’s being held responsible for an attack on health insurance business Medibank, which exposed the private information of nearly 10 million Australians. (DFAT)

How was Aleksandr Ermakov linked to the Medibank hack?

Ermakov was linked to the attack after an investigation by the Australian Signals Directorate (ASD) and the Australian Federal Police (AFP).

They also partnered with intelligence agencies around the world including the UK’s GCHQ, the FBI, and the NSA.

Investigators also reportedly worked closely with Microsoft and Medibank.

The identity of the hackers has been known for some time, but were only publicly named today.

In November, AFP Commissioner Reece Kershaw announced that the responsible groups had been identified.

“We believe we know, which individuals are responsible but I will not be naming them,” he said.

He announced then that Australian authorities would be holding talks with Russian law enforcement about the individuals responsible for the cyberattack to bring them to face the country’s justice system.

The move triggered a diplomatic row, with Russia’s ambassador to Canberra saying Australia should have shared the intelligence with Moscow.

What are the sanctions?

The Australian Government has imposed a targeted financial sanction and a travel ban on Aleksandr Ermakov.

The move will make it an offence to provide assets to Aleksandr Ermakov, or to use or deal with any of his assets.

This includes any payments made through cryptocurrency wallets or ransomware payments.

What are the penalties for breaking the sanctions?

This sanction makes it a criminal offence, punishable by up to 10 years’ imprisonment and heavy fines.

This is the first use of Australia’s autonomous cyber sanctions framework.

Source link

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button