HomeWorld NewsRussian cybercriminals accused of hacking into Australia's largest health insurer

Russian cybercriminals accused of hacking into Australia’s largest health insurer


Related stories


Moscow must be held to account for Russian cybercriminals accused of hacking into Australia’s largest health insurer and downloading clients’ personal medical records on the dark web, Australian officials said on Friday.

The Australian Federal Police took the unusual step of assigning blame for the unsolved cybercrime that resulted in the theft of personal data from 9.7 million current and former Medibank customers.

A group of “loosely affiliated cybercriminals” operating as a business in Russia were likely responsible for the Medibank attack, as well as other major security breaches around the world, Australian Federal Police Commissioner Reece Kershaw said.

“We think we know which people are responsible, but I won’t name them,” Kershaw told reporters. “What I will say is that we will have discussions with Russian law enforcement about these individuals.”

Prime Minister Anthony Albanese, a Medibank client whose personal data was stolen, said he had authorized police to reveal where the attack had come from.


“We know where they come from, we know who is responsible and we say they must be held accountable,” Albanese said.

“The nation these attacks come from must also be held accountable for the disgusting attacks and the disclosure of information, including very private and personal information,” Albanese added.

An official at the Russian embassy in Australia could not immediately be reached for comment.

The extortionists have been linked to the high-profile Russian cybercrime gang REvil, short for Ransomware Evil and also known as Sodinokibi.

Russia’s Federal Security Service said in January that REvil “ceased to exist” after several arrests were made at the insistence of the United States.

An old dark REvil website had started redirecting traffic to a new site hosting the stolen Medibank data.

Fergus Hanson, director of the cyber policy center at the Australian Institute for Strategic Policy think tank, said he was not surprised the criminal gang was based in Russia.


The stolen username and password of a Medibank employee, which allowed hackers to break into the company’s database, were sold on a Russian dark web forum, Hanson said.

Hanson doubted that the culprits operating in Russia would be brought to justice.

But Australia could use its offensive cyber capabilities against the gang in Russia and prosecute its affiliates whom police suspect are operating in other countries.

“There is the potential for operations against the group to disrupt their operations, but in terms of seeing them go to prison or appear in court, I think that’s pretty unlikely,” Hanson told Australian Broadcasting Corp.

People walk past a Medibank branch in Sydney on November 11, 2022. Extortionists have dumped personal medical records on the dark web for a third day as they pressure Australia’s largest health insurer to pay a ransom.
(AP Photo/Rick Rycroft)

Cybercriminals dumped personal medical records on the dark web for a third day on Friday, this time targeting alcohol-related illnesses, as they pressure Medibank to pay a ransom.

Criminals began dumping client records on Wednesday, including those related to HIV treatment and drug addiction, which they described as a “naughty” list, after Medibank ruled out paying a ransom for the return of the hacked data.

The focus was on pregnancies terminated at the dump on Thursday and Friday under conditions related to harmful levels of alcohol consumption, in a file that the thieves labeled “drunk.” The medical treatment records of more than 700 clients were released as of Friday in what has been described as Australia’s most invasive cybercrime.

Other personal details of many more customers have also been made public that could leave them vulnerable to identity theft or fraud, including phone numbers and email addresses.

Confirming the third dump, Medibank CEO David Koczkar said his company was contacting exposed customers and offering support. He expected the daily dumps to continue.

“The relentless nature of this tactic used by the criminal is designed to cause distress and damage,” Koczkar said.


“These are real people behind this data and misuse of their data is deplorable and may deter them from seeking medical attention,” he added.

The gang, which is increasingly known as BlogXX within cybersecurity circles, blamed Medibank for failing to pay a $9.7 million ransom demand.

“But we warn you. We always keep our word, if we don’t receive a ransom, we should publish this data, because no one will believe us in the future,” they posted on Friday.

Kershaw said Australian government policy did not condone paying ransoms to cybercriminals.

“Any ransom payment, small or large, feeds the cybercrime business model, putting other Australians at risk,” Kershaw said.

The Australian authorities hope that the data remains confined to the dark web and that social networks do not disseminate it to a wider audience or the media report it in detail.

Albanese urged that no one access the data.

“We need to provide a disincentive for this type of disgusting, criminal behavior that is reprehensible,” Albanese said.


“It is causing a lot of distress in the community. The government recognizes this and we are doing everything we can to limit the impact of this and provide that support to people who are going through this distressing time,” Albanese added.


- Never miss a story with notifications

- Gain full access to our premium content

- Browse free from up to 5 devices at once

Latest stories



Please enter your comment!
Please enter your name here