Microsoft identifies role in tracking Medibank attacker

By

Threat centre fed research to ASD.

Microsoft has quietly disclosed that it played a "key role" in feeding information to the Australian Signals Directorate that helped identify who was behind the 2022 Medibank cyber attack. 

Microsoft identifies role in tracking Medibank attacker
Microsoft's John Lambert (left) and Mark Anderson, with ASD director-general Rachel Noble.
Microsoft

The federal government yesterday publicly attributed the attack to Aleksandr Ermakov, a 33-year-old Russian national whose alases included Alexander Ermakov, GustaveDore, aiiis_ermak, blade_runner, and JimJones.

It also announced “targeted financial sanctions” and a travel ban against Ermakov. The financial sanctions make it a crime to provide assets to Aleksandr Ermakov, or to use or deal with his assets, including through cryptocurrency wallets or ransomware payments.

In a glimpse behind the scenes of the investigation, Microsoft A/NZ national security officer Mark Anderson wrote that “behind closed doors there are exceptionally talented people collaborating across the Australian government and organisations like Microsoft to track these criminals.”

The meat of Microsoft’s input into the investigation came through its threat intelligence centre, Anderson wrote.

”Microsoft’s Threat Intelligence Centre (MSTIC) played a key role in providing evidence to support the investigation into the Medibank cyber attack," he wrote.

“MSTIC tracks more than 300 unique threat actors, including 160-plus nation-state actors and 50-plus ransomware groups daily.”

This, he said, was an example of the importance of global public and private partnerships to such investigations.

“Each identification of cybercriminals and disruption of cybercrime infrastructure brings forward lessons learned.”

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:

Most Read Articles

Services Australia's sweeping security uplift plans for myGov

Services Australia's sweeping security uplift plans for myGov

Medibank allegedly missed EDR alerts before data breach

Medibank allegedly missed EDR alerts before data breach

Northern Beaches Council reviews security stack to shore up widening perimeter

Northern Beaches Council reviews security stack to shore up widening perimeter

CrowdStrike rejects Delta Air Lines claims over outage

CrowdStrike rejects Delta Air Lines claims over outage

Log In

  |  Forgot your password?