Breaking: AFP confirms Medibank Hacker likely to be Russian

The Australian Federal Police have this afternoon confirmed the hacker or hackers behind the Medibank cyber attack are most likely in Russia.

AFP Comissioner Reece Kershaw made a statement this afternoon which was brought on my Prime Minister Anthony Albanese confirming that he had given permission for the AFP to hold a press conference to reveal some of what they knew about the Hacker behind the Medibank attack.

The attack was described by Comissioner Kershaw as an “unacceptable attack on Australia”, one that “deserves a response that matches the malicious and far reaching consequences that this crime is causing”.

He went on to explain that there had been significant covert measures undertaken in cooperation with Interpol, and that the AFP “believe those responsible for the breach are in Russia”.

Explaining that their intelligence points to a “group of affiliated cyber criminals” Comissioner Kershaw explained that the same group was likely responsible for past breaches around the world.

EFTM understands this relates to the REvil group which operated extensively in 2021 before disbanding after several members were arrested by Russian authorities.

In the emails between the hacker and Medibank which have been released by the hacker, there is talk of the Revil group and affiliate programs – for example in early November, seemingly frustrated by Medibank’s delays the hacker said “You asked for guarantees, we gave them to you. The Revil affiliate program was not available for a while, but recently Revil has reappeared on the horizon. We gave you 3 affiliate programs to choose from, since you provided this choice to us, we chose the more reliable one. No data was transferred to the affiliate program, only we control the data, moreover, the affiliate program did not participate in the negotiation process, since we mainly communicated through mail, not through chat.

It was clear the Hacker was frustrated, going on to say “We have already reported several times that it is time to move on to discussing the payment, but you ignore this moment all our communication Our communication with you looks empty. We give you 24 hours to close the issue of the amount and terms of payment. After that, we will begin to act.”

Perhaps most poignantly the Commissioner said “We believe we know which individuals are responsible, but will not be naming them“.

The AFP will now be holding talks with Russian authorities, via the National Centra Bureau in Moscow with whom they have previously co-operated on as part of Intel for operations and Arrests.

What’s yet to be clear is just how co-operative Russian authorities will be with this current investigation, given the situation that simmers between Russia and the West over the war in Ukraine.

Perhaps pointing to this, Comissioner Kershaw said “Russia benefits from intelligence sharing through interpol”.

The AFP message to the public : “We are not going to give up bringing those responsible to justice”.

Their message to the hacker: “We know who you are, and the AFP has significant runs on the board when it comes to bringing people to justice“

Thems fighting words.

The first big test of these words will be to see if the hacker releases more information on the Dark Web tomorrow having already released some 740 people’s names and personal health information.