Australia has imposed sanctions on a Russian entity, ZServers, and five individuals for their alleged roles in the 2022 Medibank cyberattack. This significant action marks the first time Australia has levied cyber sanctions against an entity and individuals facilitating such attacks.
The cyberattack, targeting the health insurance company Medibank, resulted in the theft of sensitive personal and medical information from approximately 9.7 million customers. This data was subsequently leaked onto the dark web.
Foreign Minister Penny Wong, alongside Defense Minister Richard Marles and Home Minister Tony Burke, announced the sanctions. The statement highlighted the severity of the attack and the government’s commitment to holding those responsible accountable.
Those sanctioned include ZServers owner Aleksandr Bolshakov, and employees Aleksandr Mishin, Ilya Sidorov, Dmitriy Bolshakov, and Igor Odintsov. All are Russian citizens.
“This is the first time that Australia has imposed cyber sanctions on an entity and the first time Australia has imposed sanctions on those providing the network infrastructure and services that make cyberattacks like this possible,” the statement declared.
The sanctions impose criminal penalties—up to 10 years imprisonment or substantial fines—for providing assets to the sanctioned entities or individuals, or for using or dealing with their assets. Entry into Australia is also prohibited for those sanctioned.
This action builds upon previous sanctions imposed last year against Russian citizen Aleksandr Gennadievich Ermakov for his alleged involvement in the same Medibank cyberattack.
Australia’s firm stance against cyberattacks and the perpetrators underlines its commitment to protecting its citizens’ data. The sanctions demonstrate a clear message: those involved in such attacks will face serious consequences.
