Australian police announced on Friday that Russian hackers were behind the cyber attack on Australian insurance giant Medibank, which affected 9.7 million people including the Prime Minister.< /p>
Medibank, one of the country's leading private health insurance companies, this week admitted that hackers had gained access to the personal data of 9.7 million former and current policyholders.
The Australian Federal Police Commissioner Reece Kershaw blamed the attack on Russian-based “cybercriminals”.
“We believe those responsible for the leaks are in Russia,” he said. told reporters.
“Our intelligence shows a group of loosely affiliated cybercriminals who are likely responsible for significant prior breaches across the world,” he added.
After releasing an initial “sample” of the data breaches given On Wednesday, the hackers posted a second Thursday on a dark web forum – which cannot be found using regular browsers.
They included particularly personal information about hundreds of people .
The first leaked data appears to have been selected to cause significant harm, targeting people being treated for drug addiction, sexually transmitted infections or pregnancy terminations.
The hackers demanded a ransom of 10 million US dollars. “We can make a discount (…) 1 dollar = 1 customer”, they specified on this forum. The insurer has so far refused to pay.
Mr. Kershaw said Australian police would seek help from their Russian counterparts.
“We will have discussions with Russian law enforcement about these people,” he said.
“We know who you are”
Mr Kershaw said he knew the names of the hackers but refused to divulge them. Cybersecurity analysts have suggested the attack has some characteristics associated with a Russian hacker group called REvil, which has previously targeted Brazilian meat giant JBS and pop star Lady Gaga, among others.
The group was reportedly dismantled by the Russian authorities earlier this year, after extracting an 11 million dollar ransom from JBS Foods.
Mr. Kershaw said Australian police were taking “covert action” to bring the pirates to justice.
“We know who you are,” he told the criminals.
“The Australian Federal Police have in the past scored a few points when it comes to bringing foreign offenders back to Australia for justice,” he said.
The Home Secretary Clare O'Neil said Thursday night that the “smartest and toughest” people in the country were hunting down hackers.
In a mocking response posted on the dark web , the hackers said, “We always keep our word.”
“We should release this data, because no one will believe us in the future,” the hackers promised.
'Good' and 'bad'
The group responsible for this cyberattack appears to be pressuring Medibank by searching the insurer's files for the personal information that could cause the most harm possible.
Within the first leaked data, the victims were divided into a list of “good guys” and “villains”.
Several people appearing in the “villains” list were associated with numeric codes linking them to drug addiction, alcoholism and HIV.
A file included, for example, the indication “p_diag: F122”. F122 is the code for “cannabis dependence” according to the International Classification of Diseases published by the World Health Organization.
Names, passport numbers, dates of birth and addresses were listed also among this data.
Australian Home Secretary Clare O'Neil has called these hackers “despicable criminals”.