Australian police announced Friday that Russian hackers are responsible for the theft of private medical data from 9.7 million people, including the prime minister, who are clients of the insurance company Medibank.
A “group of loosely associated cybercriminals likely to be responsible for significant past breaches around the world” carried out the cyberattack from Russia, Australian Federal Police officer Reece Kershaw said.
Kershaw confirmed that the Australian police will seek help from the Russian security forces: “We will talk to the Russian police about these people.”
The official indicated that the hackers had been identified, but refused to reveal the names.
Cybersecurity analysts have suggested that the attack has some features associated with a Russian hacking group called REvil, which previously targeted Brazilian meat giant JBS and pop star Lady Gaga, among others.
The group was reportedly dismantled by Russian authorities earlier this year after extorting an $11 million (€10.8 million) ransom from JBS Foods.
Kershaw said Australian police are taking “secret action”
“The Australian Federal Police have scored some points in the past when it comes to bringing foreign criminals back to Australia to face justice,” he said.
Hours earlier, hackers, under the name “Extortion Gang”, had published private medical data on the dark web for the third consecutive day, this time from more than 700 Medibank customers with alcohol consumption.
In the first two days, the group had exposed clinical data from HIV-positive patients, drug addicts or those who had abortions.
On Thursday, the ‘Extortion Gang’ had warned that it would continue to publish private medical information until it received a ransom of 9.7 million dollars (9.6 million euros), one dollar (0.99 euro cents) for the record stolen from each of the Medibank records. 9.7 million current and former customers.
Medibank CEO David Koczkar condemned the release of the information. “The relentless nature of this tactic used by criminals is designed to cause distress and harm,” Koczkar said in a statement.
Australian Prime Minister Anthony Albanese, who is among the Medibank clients whose personal records were stolen, called on the media and the general public not to disclose the stolen data, for example on social media.
Initially, the hackers allegedly threatened to expose celebrity clients’ diagnoses and treatments unless a ransom of an undisclosed amount was paid.
For its part, Medibank considered that there was a “limited possibility” that the rescue would prevent the publication of the data.
Source: TSF
