Login
iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
The Australian government has imposed sanctions on a Russian service used by cybercriminals, including those behind the MediBank Private cyber attack of 2022.
Alongside fellow AUKUS members the US and the UK, Australia announced sanctions against Russian entity ZServers and five cybercriminals that aided in the hosting and sharing of the stolen MediBank data.
ZServers is known for providing the necessary network infrastructure for cybercriminals to launch devastating cyber attacks.
The five individuals sanctioned are ZServers’ employees, including the owner Aleksandr Bolshakov and four employees - Aleksandr Mishin, Ilya Sidorov, Dmitriy Bolshakov and Igor Odintsov.
Under the new sanctions, it will be a criminal offence to use the services of ZServers and the five individuals, and will ban them from entering Australia. The penalty for this is as many as 10 years in prison and “heavy fines,” according to the release.
“These sanctions send a clear message to malicious cyber actors that there are consequences of trying to do Australians harm,” said Deputy Prime Minister Richard Marles.
“The Albanese Government continues to take decisive action to hold to account those responsible for one of Australia’s largest cyber incidents.
“Importantly, this is the first cyber sanction against an enabler of cybercrime. Disrupting the criminal ecosystem in this way impacts hundreds of cybercriminals at once.”
This marks the first time that Australia has placed sanctions on an entity.
The Australian Federal Police (AFP), who took part in the takedown, says that organisations like ZServers are known as bulletproof hosting (BPH) providers, as they are “resistant but not immune” to takedown operations, making them a lucrative offer for cyber criminals.
"Bulletproof hosting providers offer cybercriminals protection by refusing to take down websites containing dangerous, illegal content despite being flagged by law enforcement agencies, governments and even victims," said Assistant Commissioner Richard Chin.
"Calling these hosting providers 'bulletproof' is a false marketing gimmick. Cybercriminals think they are safeguarded by these service providers, however, one massive swing from authorities can crack open and disrupt the infrastructure.
"Cybercrime service providers allow criminals to distribute and share the most vile content online, including child sexual abuse material, extremist content and ransomware used to conduct malicious cyber-attacks.”
LockBit, which has suffered from global takedowns a number of times and most recently had members arrested and affiliates ousted as part of Operation Cronos, was also a user of ZServers for its cybercriminal activity.
Even following this, LockBit has continued its activity, leaking data belonging to the FBI director late last year and teasing a new LockBit 4.0 encryptor.
However, disabling infrastructure like ZServers is likely another step towards putting the group out of action.
Regional Vice President for Australia and New Zealand at Rubrik David Rajkovic celebrated the AUKUS cooperation in dismantling ZServers and its significance in stopping threat actors like LockBit.
“While submarines might take the headlines, the cyber cooperation under AUKUS is just as critical to our national security,” said Rajkovic.
“Overnight, law enforcement from Australia, the US, and the UK combined to take down Zserver infrastructure and cripple the ability of the Lockbit ransomware gang to launch their attacks.
Law enforcement actions like these have a real impact on the cyber landscape. Last year, ransomware payments declined significantly, falling 35 per cent from USD$1.25 billion to USD$814 million.
“Takedowns like this were a key contributor to the fall in payments, along with increased refusals by victims to pay ransoms due to a greater maturity around improving cyber resilience.
Rajkovic however acknowledged that this is not a final nail in the coffin and that more BPH providers will pop up and support cybercriminals and threat groups.
“For every seizure, there is another group waiting in the wings,” said Rajkovic.
“When it comes to ransomware recovery, a proactive response posture which includes immutable backups, pre-calculated recovery points, and an ability to scan both production and backup data for threats is critical to ensuring rapid restoration of operations.”
Be the first to hear the latest developments in the cyber industry.
