“We know who you are” says AFP to Medibank hackers

The hackers responsible for a cyber attack against Australian health insurer Medibank have been identified by the Australian Federal Police (AFP) as being associated with Russia.

The breach, which was initially identified on October 13, saw 200GB of data stolen, 9.7 million people affected and the private medical details for a significant number of people distributed on the dark web.

Commissioner of the AFP, Reese Kershaw, directly addressed the hackers, saying “we know who you are”. He also said that the AFP believed they had identified which gang was behind the cyber attack, but that they do not current plan to reveal this information.

The AFP identified the hackers while working with Interpol, who Russia will be accountable to. This confirms what has been potentially suspected about the data breach since messages from the hacker were posted on a dark web site backed by Russian ransomware gang REvil.

“Our intelligence points to a group of loosely affiliated cybercriminals who are likely responsible for past significant breaches in countries across the world,” Kershaw said.

“These cybercriminals are operating like a business, with affiliates and associates who are supporting the business.

“To the criminals – we know who you are and, moreover, the AFP has some significant runs on the scoreboard when it comes to bringing overseas offenders back to Australia to face the justice system.”

The commissioner said that the AFP will be talking with Russian law enforcement about the people they had identified, although they did note that this does not necessarily mean all of those involved in the cyber attack are based in Russia.

Kershaw said the AFP is also “scouring the dark web” for any evidence of malicious actors using the leaked data for wrongdoing and that they would take “swift action” against anyone who attempts to “benefit, exploit or commit criminal offences using stolen Medibank customer data”.

Regarding the release of private data on the dark web, CEO of Medibank, David Koczkar, said: “I unreservedly apologize to our customers. The continued release of this stolen data on the dark web is disgraceful. Unfortunately, we expect the criminal to continue to release stolen customer data each day.

“These are real people behind this data and the misuse of their data is deplorable and may discourage them from seeking medical care. It is obvious the criminal is enjoying the notoriety. Our single focus is the health and wellbeing and care of our customers.”

Koczkar continued: “We remain committed to fully and transparently communicating with customers and we will be contacting customers whose data has been released on the dark web.”