Security Affairs
JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Australian government announced sanctions for Medibank hacker

The Australian government announced sanctions for a member of the REvil ransomware group for the Medibank hack that occurred in 2022. The Australian government announced sanctions for Aleksandr Gennadievich Ermakov (aka GustaveDore, aiiis_ermak, blade_runner, JimJones), a Russian national who is a member of the REvil ransomware group. The man is responsible for the cyber attacks […]

French hospital

The Australian government announced sanctions for a member of the REvil ransomware group for the Medibank hack that occurred in 2022.

The Australian government announced sanctions for Aleksandr Gennadievich Ermakov (aka GustaveDore, aiiis_ermak, blade_runner, JimJones), a Russian national who is a member of the REvil ransomware group. The man is responsible for the cyber attacks that in 2022 hit the Australian insurance provider Medibank.

“This morning I can announce that Australia has used cyber sanctions powers for the very first time on a Russian individual for his role in the breach of the Medibank Private network. As you might recall, more than 9 million records of Australians, including names, dates of birth, Medicare numbers and sensitive information were stolen in the 2022 attack, and the majority published on the dark web. It was an egregious violation, it impacted some of the most vulnerable members of the Australian community. I can confirm that thanks to the hard work of the Australian Signals Directorate and the AFP we have linked Russian citizen and cyber criminal Aleksandr Ermakov to the attack.” said Penny Wong, Foreign Minister. “The sanctions imposed are targeted financial sanctions and a travel ban. This will mean it is a criminal offence punishable with up to 10 years’ imprisonment to provide assets to Ermakov, or to use or deal with his assets including through cryptocurrency wallets or ransomware payments. This is the first time Australia’s autonomous cyber sanctions have been used. It sends a clear message that there are costs and consequences for targeting Australia and for targeting Australians. “

In November 2022, Medibank announced that personal data belonging to around 9.7M of current and former customers were exposed as a result of a recent ransomware attack.

Medibank is one of the largest Australian private health insurance providers with approximately 3.9 million customers.

The company discovered the ransomware attack on October 12, the attackers had access to data belonging to around 5.1 million Medibank customers, around 2.8 million ahm customers, and around 1.8 million international customers.

In early November 2022, the threat actors leaked stolen data associated with roughly 10 million individuals.

Australian police investigated the case and discovered that Ermakov had a crucial role in the hack of the company. The Home Affairs and Cyber Security Minister of Australia has affirmed that Ermakov was not apprehended by Russian authorities in connection with the police operation targeting the REvil group.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, data breach)