Release details
Release type
Related ministers and contacts
The Hon Richard Marles MP
Deputy Prime Minister
Minister for Defence
Media contact
Senator The Hon Penny Wong
Leader of the Government in the Senate
Minister for Foreign Affairs
The Hon Clare O’Neil MP
Minister for Home Affairs
Minister for Cyber Security
Media contact
Release content
23 January 2024
Subjects: Cyber sanction in response to Medibank Private cyber attack; sanctions in response to terrorist attacks perpetrated by Hamas; Hamas-Israel conflict; cost of living; Australia-Tuvalu Falepili Union treaty and Nauru.
PENNY WONG, FOREIGN MINISTER: Thank you very much for coming, it's good to be here with the Deputy Prime Minister and Minister O'Neil. This morning I can announce that Australia has used cyber sanctions powers for the very first time on a Russian individual for his role in the breach of the Medibank Private network. As you might recall, more than 9 million records of Australians, including names, dates of birth, Medicare numbers and sensitive information were stolen in the 2022 attack, and the majority published on the dark web. It was an egregious violation, it impacted some of the most vulnerable members of the Australian community. I can confirm that thanks to the hard work of the Australian Signals Directorate and the AFP we have linked Russian citizen and cyber criminal Aleksandr Ermakov to the attack.
Richard will speak more about the substantial efforts which have gone towards this and can I thank the officials for their work on it. I also want to acknowledge Tim Watts, the Assistant Foreign Minister, who has worked so hard on this attribution and on these sanctions.
The sanctions imposed are targeted financial sanctions and a travel ban. This will mean it is a criminal offence punishable with up to 10 years' imprisonment to provide assets to Ermakov, or to use or deal with his assets including through cryptocurrency wallets or ransomware payments. This is the first time Australia's autonomous cyber sanctions have been used. It sends a clear message that there are costs and consequences for targeting Australia and for targeting Australians. These sanctions are part of Australia's efforts to ensure that we uphold the international rules-based order and upholding the norms of responsible state behaviour in cyberspace.
As I have often said, we wish to use all the elements of our national power to uphold these rules and to keep Australians safe and secure. We will continue to hold cyber criminals to account.
Separately, on another front, I can announce further sanctions. Overnight, Australia has imposed further counterterrorism and financing sanctions on 12 persons and three entities who are linked to Hamas, Hizballah and Palestinian Islamic Jihad. This is concurrent with further sanctions imposed on Hamas-linked targets by the United States, the United Kingdom and the European Union.
I'm happy to take questions about that separate tranche of sanctions which I have signed off on later in the press conference, and I'll now hand over to the Deputy Prime Minister.
RICHARD MARLES, DEPUTY PRIME MINISTER: Well, thank you Penny, and let me start by saying that the decision that the Foreign Minister has taken today is a hugely significant and unprecedented step, and it comes as a result of the significant efforts on the part of the Australian Signals Directorate in identifying Aleksandr Ermakov as a person who participated in the cyber attack on Medibank last year.
Australians should take an enormous sense of confidence in the professionalism and skill that exists within ASD in this case, because it's an example of the work that has been able to be undertaken by ASD in a meticulous way over the last 18 months in hunting down Aleksandr Ermakov and being able to identify him as a part of the hack in relation to Medibank.
We have here today Abi Bradshaw who is the head of the Australian Cyber Security Centre who can answer more technical questions in relation to what has occurred here. In undertaking these efforts ASD has obviously worked very closely with the Australian Federal Police but also our partners overseas, the FBI, the NSA in America, GCHQ in the UK. And again, this is a demonstration of how working with our partners, with these agencies, there is an enormously powerful effect which can be brought to bear in holding cybercriminals to account, and the sanctions that are being put in place on Aleksandr Ermakov today and publicly naming him will have an enormous impact on his activities and send a very strong message to cybercriminals around the world that we mean business.
I want to acknowledge Microsoft in the work that they have done with ASD in being able to pursue this investigation. Most significantly though, I want to acknowledge Medibank. Medibank have been incredibly open in the way in which they have engaged with ASD, and this has been fundamentally important in allowing ASD to do its work, and it's a really good example of how companies being willing to share this really sensitive information with ASD allows the investigations to occur in a way which has ended up with the result that we have today.
It's a great outcome for the country, obviously, but it's a really good outcome for Medibank. And there are lots of lessons that both ASD and Medibank and AFP will have learnt along the way, and that's a great thing for Medibank, as I say it's a great thing for the country in terms of improving our cyber security.
I think over the last few years we have seen the consequence of cyber attacks across the country, we've seen in fact across the world. We understand that this is one of the great challenges which faces our country and our economy today. But in the Australian Signals Directorate we have an agency which is at world's best practice and today's announcement is very much an example of that.
CLARE O’NEIL, HOME AFFAIRS AND CYBER SECURITY MINISTER: Thank you, DPM, and could I thank the DPM and the Foreign Minister. You'll be aware that one of Anthony Albanese's first decisions as Australian Prime Minister was to make a Cyber Security Minister a Cabinet position for the first time. This was a decision that was an indication of how centrally important this national security is to our government and to all Australians, and it's not just, of course, the appointment of me in that role that's changed the game here, but the Deputy Prime Minister and the Foreign Minister, and all of the parts of government for which we are responsible working closely together and being laser focused on this really important issue for Australians.
This is a very important day for cyber security in our country. This is the first time an Australian Government has identified a cyber criminal and imposed cyber sanctions of this kind, and it will not be the last.
Medibank in my view was the single most devastating cyber attack that we have experienced as a nation. We all went through it, literally millions of people having personal data about themselves, about their family members taken from them and cruelly placed online for others to see.
It helped us, I think, understand the enormous cost this problem will have to all of us as Australians if we don't step up to this challenge. It also showed us something about the calibre of people we are dealing with in terms of this problem on the other side. These people are cowards and they are scumbags. They hide behind technology, and today the Australian Government is saying that when we put our minds to it we will unveil who you are, and we will make sure that you are accountable.
I want to join these two Ministers in thanking the Australian Signals Directorate and the Australian Federal Police. One of the most important things we have done about cyber security as a government is make sure that we get incredibly close collaboration between different parts of government.
We talked soon after the Medibank incident occurred about setting up the Hack the Hackers taskforce. The announcement today is a direct result of the focus of those activities, and we were able to announce additional resourcing for Hack the Hackers through the Cyber Security Strategy that we announced last year.
I want Australians to know that the decision and the announcement that the Foreign Minister's made today is just one piece of the work that Hack the Hackers is doing. We can't always be very open about the work that Hack the Hackers is embarking on, but what I do want Australians to know is that I see, and we see as a government, that you are being affected by cyber security issues.
Please know that the smartest cyber guns in our country work for the Australian Government, they work for you. They work day and night in hunting down people who are seeking to do harm to Australians and debilitating them before they are able to do so. Today is a great credit to their work, and I want to join these Ministers in thanking them for their efforts.
DEPUTY PRIME MINISTER: So we're happy to take questions. If we can focus, to begin with, on questions on this announcement.
JOURNALIST: Ministers, as I understand it Ermakov is a member of the REvil hacker group. Now, is that correct for a start?
HOME AFFAIRS AND CYBER SECURITY MINISTER: Yeah.
JOURNALIST: Now, under pressure from the US Government, the FSB in Russia raided the REvil and arrested a whole stack of fellows. I understand that Ermakov wasn't among those. So what use is these sanctions going to be given that REvil is still in activity as we speak?
HOME AFFAIRS AND CYBER SECURITY MINISTER: So I might say a little bit about that, and I might invite Abigail Bradshaw to come forward and speak a little bit as well.
So we know that there are a number of Russian cyber gangs that are at the heart of the threats that Australians are faced with. The Australian Signals Directorate and the Australian Federal Police are very focused on disrupting the work of these gangs, and they have enormous success in doing so.
We know a lot about the people who are trying to harm us and the sanctions that are being put in place today are just a part of the suite of efforts that we're undertaking in order to try to debilitate these groups.
Part of the work that is happening globally is really important to this. The Deputy Prime Minister talked about the close collaboration we have with the FBI, with GCHQ in the UK, with other organisations around the world. What I've seen, even in the time that I've been Cyber Security Minister, is closer and closer collaboration day‑by‑day in working out who is behind this and debilitating them before they can harm Australians.
So why don't I get Abigail to come forward and just elaborate a little bit more on that.
ABIGAIL BRADSHAW, HEAD OF THE AUSTRALIAN CYBER SECURITY CENTRE: Thanks, Minister, thanks for the question. Well, REvil is only one of many Russian cyber criminal syndicates, and those gangs we know are dynamic and have multiple partners. So a disruption of REvil at one point in time doesn't cease its business.
We know a lot about Mr Ermakov through our analysis, and what we do know is that cyber criminals trade in anonymity. It is a selling quality, and so naming and identifying with the confidence that we have from our technical analysis will most certainly do harm to Mr Ermakov's cyber business.
JOURNALIST: What's the practical effect given that this criminal is in Russia, we can't get at him, and how would it affect him?
DEPUTY PRIME MINISTER: Well, I think Abi's probably answered that question in that, as Abi's just said, cyber criminals' calling card is anonymity. Aleksandr Ermakov no longer has that. We have named him for the first time globally, and his identity now being completely plain is on display for every agency around the world, but also anybody who is seeking to operate with him, so this will have a very significant impact on Aleksandr Ermakov.
FOREIGN MINISTER: I would just make the point, the second part of the sanction that I referred to is financial sanctions. So it would be an offence, including to use or deal with his assets including through cryptocurrency wallets or ransomware payments or to provide assets to him. So there's obviously a financial consequence as well as the point that Ms Bradshaw made.
JOURNALIST: A question for Minister O'Neil and Ms Bradshaw. The last on the prevention of future cyber breaches, last year there was a cyber hubs pilot program review that found that that particular program would not lead to significant uplift to prevent a Medibank style data breach. What cyber uplift activities are ongoing in the APS and across government to prevent future Medibank style breaches? And in the Cyber Strategy it said that the Cyber Coordinator would be leading those efforts supported by an office in Home Affairs. What is the composition for that office, and has that work been delayed with the changes with the Cyber Coordinator?
HOME AFFAIRS AND CYBER SECURITY MINISTER: Okay, thank you. So uplifting Commonwealth cyber security is a major feature of the government's work, and that is because when we came to office, we didn't have any real tools in place to make sure that the Commonwealth Government is doing the things that we ask of business.
We impose plenty of cyber requirements on major Australian organisations, but no one holds more sensitive data about our citizens than the Australian Government. So this is, as you would be aware, a core prong of the nation's new Cyber Security Strategy, and for the first time the Australian Government will start to impose on government departments and pieces of government the same requirements that we put on business.
This is not a small task. As any large organisation would know, the biggest cyber security issue that a lot of us face is IT infrastructure which is ageing. That's not going to stop us from addressing the problem, and the Australian Cyber Security Strategy has a very detailed plan about how we're going to go through this work.
You're correct that the Cyber Coordinator has a very important role in this. We have Hamish Hansford acting in that position at the moment. Nothing about the Cyber Coordinator's work has been delayed as a consequence of personnel changes there, I can certainly assure you of that. The Cyber Coordinator has a dedicated team that sits beneath that position within the Department of Home Affairs, the position is well‑resourced for the job that's available.
And I just remind you all, we didn't have a Cyber Coordinator under the former government, we didn't have a Cyber Security Minister under the former government. So for the first time we're actually going to tackle this task head on, but I just want people to understand this is a big one. The Australian Government is a very large organisation. Our security is not where it needs to be, and this is going to be a big focus of our efforts this year.
And I'll just invite Ms Bradshaw to just speak a little bit about the topic, which is a great passion to her as it is to me.
ABIGAIL BRADSHAW: Thanks Minister. It is a topic of great passion, of course, and ASD is bringing the full weight of its technical prowess and expertise to supporting the hardening government IT program. That involves, of course, additional resources which have been made available to ASD through the REDSPICE funding. That means more technical capability for visibility of sensitive government networks, it means more teams working with government officials to uplift their networks and to implement the sort of expertise that needs to reside in every government department to make those networks secure.
In terms of the simple things that all Australians can do to harden their networks, there is a plethora of advice. I urge all Australians to visit today cyber.gov.au, and if you want to do three things to make your systems more secure, update your software, don't wait until later, put multifactor authentication or a PIN code on all of your favourite apps and have a great password.
JOURNALIST: Is this individual the only one involved or are there others, and what impact could these sanctions actually have [indistinct] to that?
DEPUTY PRIME MINISTER: There are other investigations which are ongoing, and they will continue. That has continued, I should say, since the moment this cyber attack occurred. As I said in the opening statement, it has been a painstaking effort to get to the point of naming this individual, but we continue to investigate others.
JOURNALIST: For the Deputy Prime Minister and the Foreign Minister, can I please get your response to Benjamin Netanyahu's rejection of a two‑state solution? Do you agree with members of your caucus who say that it's a step towards apartheid, he's not a partner for peace, and that Australia should accelerate recognition of Palestine in response?
DEPUTY PRIME MINISTER: So just before we go ‑ are there any more questions so we can ‑ on this issue? Okay, thanks Abi.
FOREIGN MINISTER: Well, as you know, I've just returned from the Middle East, and what I want to say is that that has reaffirmed my view and the government's view that any pathway to peace requires progress towards an independent Palestinian state, and that that is the best way to ensure peace and security and dignity for the Palestinian peoples and also for Israelis.
JOURNALIST: Netanyahu is willing to say that there should not be a Palestinian state --
FOREIGN MINISTER: Our position is the one I have outlined, which is the pathway to peace in the Middle East requires progress towards an independent Palestinian state. The visit simply reaffirmed and underscored that view.
JOURNALIST: DPM, are you concerned that a company that is ultimately owned by interests in Hong Kong is providing security for Australian Defence Force bases?
DEPUTY PRIME MINISTER: I think you're referring to Wilson. I mean, Wilson has been providing security to Australian Defence Force bases for many, many years across numerous governments. I'm confident about the processes that we have in place around providing assurance for those who contract with Defence and for those who contract with Defence in relation to base security.
JOURNALIST: Deputy PM, are you going to break an election promise on stage 3 tax cuts?
DEPUTY PRIME MINISTER: Look, our position hasn't changed. But let me say this: in all that we do, in every decision that we take, we are utterly concerned about easing the cost of living pressures on middle Australia, and in every decision we continue to take, that will remain our focus.
JOURNALIST: Is it worth breaking that promise?
JOURNALIST: Minister, positions don't change until they do. Would you welcome reducing, and would your electorate welcome reducing the generosity of the top element of stage 3?
DEPUTY PRIME MINISTER: We understand the importance of tax cuts, and we've said that all along. But let me make this clear: we are completely focused on easing the cost of living pressures on middle Australia. We've been doing that since the moment that we have been elected, and we've seen that through a number of initiatives, be it cheaper medicines, be it putting downward pressure on power prices.
The inflationary environment around the globe has persisted, and that is putting pressure on middle Australia, and so we will be entirely focused in all the decisions that we take on easing that pressure.
JOURNALIST: Just, Foreign Minister, Foreign Minister, on the – in the Pacific, so after the decision last week in Nauru, Taiwan has three diplomatic partners left, one of which is Tuvalu, under our Falepili Agreement with Tuvalu could we or would we ever intervene in whether their recognition of either Taiwan or China?
FOREIGN MINISTER: Look, the matter of diplomatic recognition is a matter for the sovereign nation concerned, just as it has been for Australia. So that's not something, you know, we would be intervening in, that's a sovereign decision for Tuvalu, just as it is a sovereign decision for Nauru.