Australia has imposed sanctions on a Russian individual for his role in the cyberattack on health insurer Medibank MPL.
Officials said this was the first time Australia's cyber sanctions framework had been used.
Authorities said nearly 10 million records were stolen in the 2022 attack, including names, dates of birth and sensitive medical information, and some of those records were posted on the dark web.
The government identified the sanctioned person as Alexander Ermakov. She said the penalty makes providing assets to Ermakov or using and dealing with his assets a criminal offence. He is also subject to a travel ban.
The Australian Signals Directorate, one of Australia's intelligence agencies, worked with the Australian Federal Police, other agencies and international partners to link Ermakov to the Medibank cyberattack, officials said.
Foreign Minister Penny Wong said: “The use of these powers sends a clear message that there are costs and consequences to targeting Australia and Australians.”
Australia has been hit by some high-profile cyberattacks in recent years, and deterring cybercriminals has been a focus of the government. Officials recently released a new cybersecurity strategy that called for cyberattacks to be publicly attributed and penalties imposed when there is sufficient evidence to do so.
Telecom Optus suffered a data breach in 2022 which also exposed customers' personal information. In 2020, Australian officials said companies and government agencies were targeted by a sophisticated government actor in a large-scale cyberattack. The 2019 incident targeted computer systems in the country's parliament.
In October, Microsoft MSFT,
It said it would collaborate with the Australian Signals Directorate to improve protection against cyber threats, amid concerns among cyber security professionals globally that cyber attacks are increasing and stretching resources.
