Australian cyber spies successfully disrupted a significant Russian operation involving stolen data by exploiting the partying habits of local criminals in Siberia.

The Australian Signals Directorate (ASD) collaborated with intelligence services from the Five Eyes nations to monitor ZServers, a company linked to high-profile cybercrimes prior to the Medibank hack.

ZServers, based in Barnaul, Russia, had been providing hosting services to cybercriminals since 2011 and was identified as the source of the stolen data.

ZServers offered various illicit services, including brute force entry and bulletproof hosting, which was marketed as secure from law enforcement.

The breach involved the theft of 520 gigabytes of personal information, including names, birthdates, addresses, Medicare numbers, and passport details, affecting millions of Australians.

This operation specifically targeted sensitive health information, with 9.7 million records stolen from the insurer Medibank in August 2022.

The ASD identified the hacker Aleksandr Ermakov, who had previously been arrested in Russia for unrelated ransomware crimes.

Analysts from the ASD profiled five Russian operators of ZServers, including Aleksandr Bolshakov, and waited for the right moment to act while they were socializing.

The operation led to the deletion of the stolen data and the public identification of the Russian suspects, who now face arrest if they travel abroad but remain free in Russia.

Medibank is currently supporting affected customers while facing civil claims from Australia's privacy regulator for failing to adequately protect sensitive data.

The ASD emphasized that companies like ZServers play a crucial role in facilitating cybercrime, highlighting the need to target such infrastructure to effectively combat online crime.