“We will be holding talks with Russian law enforcement about these individuals,” AFP Commissioner says [300 words].
What: The Australian Federal Police (AFP) has identified the threat actor behind the catastrophic attack on health-insurer Medibank as being a Russia-based group. In a statement Friday, AFP Commissioner Reece Kershaw said that investigators had managed to trace the attack back to a set of “loosely affiliated cybercriminals” who were likely behind other significant breaches around the world. Some have identified the threat actor as being affiliated to the notorious REvil ransomware group.
“We believe we know which individuals are responsible, but I will not be naming them,” Kershaw said in the statement. “What I will say is that we will be holding talks with Russian law enforcement about these individuals.”
The statement went on to note that investigators under the so-called “Operation Guardian” initiative, that was established to protect customer information following a breach at Australian telecommunications company Optus earlier this year, are now scouring the web for people trying to illegally download data that was stolen in the Medibank breach.
“We know who you are, and moreover, the AFP has some significant runs on the scoreboard when it comes to bringing overseas offenders back to Australia to face the justice system,” Kershaw said.
Why it matters: The threat actor behind the attack on Medibank has begun systematically leaking sensitive data belonging to some 9.7 million customers, on dark web forums. The leaks began after Medibank CEO David Koczk publicly refused to pay the demanded $10 million ransom, the threat actor wanted. The leaked data includes personally identifiable data such as customer names, addresses, birth dates, phone numbers, email addresses, Medicare account numbers, passport numbers and, most damagingly, data related to health claims.