Russia knows who is behind the Medibank hack, but is refusing to play ball with Australian police.
Last year, health insurer Medibank suffered a landmark data breach which exposed the personal data of its 9.7 million current and former customers to Russian-based attackers.
Seven months on from the historical hack, Australians still don’t know the identity of the criminals behind it all – and Russia won't help Australian cops over the finish line.
In an interview with 60 Minutes, Australian Federal Police (AFP) commissioner Reece Kershaw revealed the AFP shared key information to the Russian state regarding individuals and groups related to the hack, for which Russia has not returned the favour.
"We haven't received much intelligence back," said Kershaw. "We have shared our viewpoint on who we think some of these individuals and groups are."
Kershaw said interactions between Russian and Australian police are a "one-way street", and suggested Russia's refusal to co-operate enables a safe haven for cyber criminals targeting Australia.
"Given the fact that we've shared some very detailed specific intelligence, we'd like to see a result come back, and we're still waiting on that front," said Kershaw.
Kershaw's comments come six months after he linked the attack to Russia.
In November 2022, the commissioner said the AFP then believed it knew the specific individuals behind the hack despite not explicitly naming them.
He similarly urged Russian law enforcement to assist with the investigation at the time but was instead met with criticism from the Russian ambassador over the AFP's decision to go public without sharing its intelligence with Moscow.
Soon after, Kershaw authorised Australian officials to share information with Russia about the hacker(s) via international policing agency Interpol.
Notably, Kershaw and the AFP still haven't publicly announced who they think carried out the attack – but common speculation points to notorious Russia-linked ransomware gang, REvil.
According to the Sydney Morning Herald, when asked to comment on Kershaw's stonewalling allegations, a spokesman for the Russian embassy in Canberra said: “Unfortunately, we can’t comment on anything as we are not familiar with these comments.”
Five Eyes watching closely
During his interview, which took place alongside a rare AFP-hosted meeting of the Five Eyes law enforcement group in Melbourne, Kershaw labelled Russia a significant cyber crime concern.
"In Russia in particular, we've been concerned about the cyber crime groups, organised crime groups who are harvesting Australia's data and information, and for profit," he said.
The Five Eyes group is the world's strongest police alliance, comprising policing chiefs from Australia, New Zealand, US, UK, and Canada.
Russia has targeted all nations represented by Five Eyes, and members were quick to echo concerns over the country's burgeoning cyber criminal activity.
"Of the state threats issues, it's Russia that occupies most of our time," said Graeme Biggar, Director-General at the UK's National Crime Agency.
"The vast majority of the cyber crime in the world, and particularly the ransomware, which is the most threatening to national security, comes from Russian-based, Russian language cyber crime groups."
Biggar suggested Russian-based cyber crime groups exist "because they are allowed to", and noted ransomware as the "highest threat to our cyber security".