The federal government has linked overnight action taken against Russian service provider ZServers and five people connected to the hosting provider to the Medibank cyber-attack.
It was reported early on Wednesday that authorities in Australia, the US and UK had taken action against ZServers, mostly due to alleged facilitation of Lockbit ransomware infections.
But Australia has now elaborated on its role in the action, linking it not only to ransomware facilitation but also to the Medibank breach.
ZServers is said to have been the operator of network infrastructure and services used to host and release the data stolen from Medibank.
The government said in a statement that it is, for the first time, imposing “cyber sanctions on an entity and … on those providing the network infrastructure and services that make cyberattacks like this possible.”
“These sanctions send a clear message to malicious cyber actors that there are consequences of trying to do Australians harm,” Deputy Prime Minister Richard Marles said.
“Importantly, this is the first cyber sanction against an enabler of cybercrime. Disrupting the criminal ecosystem in this way impacts hundreds of cyber criminals at once.”
The sanctions make it a criminal offence to provide assets to ZServers or the five sanctioned individuals, or to use or deal with their assets, with penalties of up to 10 years’ imprisonment, alongside heavy fines. The sanctions also ban the individuals from entering the country.
In a separate statement, Australian Federal Police Assistant Commissioner Richard Chin said hosts such as ZServers “offer cybercriminals protection by refusing to take down websites containing dangerous, illegal content despite being flagged by law enforcement agencies, governments and even victims”.
The announcement comes a year after Russian citizen Aleksandr Ermakov was sanctioned over his alleged involvement in the Medibank cyber attack.
Former Cyber Minister Clare O’Neil revealed in January 2024 that Ermakov was a member of the Russian REvil group of attackers.
REvil was taken offline in 2021 in an international operation.