Russian suspect detained over Medibank cyberattack

Australian Federal Police still investigating

Russian suspect detained over Medibank cyberattack


By Roxanne Libatique

Aleksandr Ermakov, the Russian national accused of orchestrating the 2022 cyberattack on Medibank, has been detained in Russia for alleged cybercrimes.

The breach exposed the personal and health information of over nine million Medibank customers, including sensitive details such as names, birth dates, Medicare numbers, and specific health information. A significant amount of this data was subsequently listed for sale on the dark web.

Alleged hacker detained

In a development reported by ABC, the Australian Federal Police (AFP) acknowledged being informed of the detention of a Russian individual on charges of cyber offenses.

While the AFP has yet to confirm whether Ermakov’s arrest is directly related to the Medibank hack or involves other cyber activities, it has stated that its investigation into the incident remains active, with no additional details provided at this time.

Cyber sanctions

In a move that marked the first use of new cyber laws, the Australian government in January named Ermakov as the key figure behind the Medibank data breach and imposed financial sanctions against him.

According to ABC, Australian intelligence has linked Ermakov to REvil, a prominent Russian cybercrime group known for providing hacking tools to beginners in return for a portion of any collected ransoms. Experts in cybercrime have also suggested that Ermakov likely did not act alone in the theft of Medibank’s data.

Reports from Russian media have indicated that Ermakov’s detention is related to the hack, corroborating the Australian government’s allegations.

Related Stories

Keep up with the latest news and events

Join our mailing list, it’s free!