In an intriguing operation, Australian cyber spies leveraged a night out in a Siberian bar to dismantle a Russian cybercriminal enterprise, ZServers. This operation was critical in addressing a significant data breach involving stolen Medibank Private data, comprising 520 gigabytes of personal information from 9.7 million records, available for blackmail.
The investigation pinpointed a notorious hacker, Aleksandr Ermakov, who had caused the breach, and linked him to ZServers, which allegedly provided hosting services for various cybercriminal activities. The Australian Signals Directorate (ASD), aware of ZServers’ questionable clientele, meticulously scrutinised the five Russian individuals involved, ultimately devising a plan to disrupt their operations.
By gathering extensive intelligence on their networks and social habits, ASD targeted the gang when they were expected to be socialising. The agency successfully severed ZServers’ access to its servers, erasing the stolen data and significantly curbing the operation’s effectiveness.
Following this two-and-a-half-year endeavour, the group faced international sanctions, limiting their movement and online activities. Defence Minister Richard Marles emphasised the operation’s importance in preventing the further spread of stolen data, asserting that ZServers’ tactics of maintaining anonymity were ineffective against the intelligence efforts of ASD and its global partners.