Malicious cyber activity and terrorism sanctions

The Australian Government has registered the Autonomous Sanctions (Designated Persons and Entities and Declared Persons – Thematic Sanctions Amendment (No 1) Instrument 2024, which is the first use of the Magnitsky-style Autonomous Sanctions Regulations for malicious cyber activity. Background.

The Autonomous Sanctions Regulations 2011 make provision for, among other things, the proscription of persons or entities for autonomous thematic sanctions in response to significant cyber incidents.

This first use of Australia’s autonomous cyber sanctions framework imposes targeted financial sanctions (including freezing of assets and a travel ban) on Aleksandr Ermakov, a Russian individual who the Australian Government has determined was involved in the cyber breach of the Medibank Private network.

The introduction of these sanctions follows an 18 month investigation by the Australian Government into the cyber incident, where 9.7 million records were stolen from Medibank Private.

The new cyber sanctions make it a criminal offence, punishable by up to 10 years’ imprisonment and heavy fines, to provide assets to Aleksandr Ermakov, or to use or deal with his assets, including through cryptocurrency wallets or ransomware payments.

Separately the Australian Government has introduced further counter-terrorism financing sanctions on 12 persons and three entities linked to Hamas, Hizballah and Palestinian Islamic Jihad.

These sanctions were implemented by the Charter of the United Nations (Listed Persons and Entities) Amendment (No. 1) Instrument 2024.

Broadly, the effect of counter-terrorism financing sanctions) is to:
• prohibit individuals and bodies corporate from using or dealing with assets owned or controlled by a listed person or entity, unless the Minister has granted a permit authorising them to do so; and
• prohibit individuals and bodies corporate from making an asset available directly or indirectly to a listed person or entity, unless the Minister has granted a permit authorising them to do so.

If you found this article helpful, then subscribe to our news emails to keep up to date and look at our video courses for in-depth training. Use the search box at the top right of this page or the categories list on the right hand side of this page to check for other articles on the same or related matters.

David Jacobson

Author: David Jacobson
Principal, Bright Corporate Law
About David Jacobson
The information contained in this article is not legal advice. It is not to be relied upon as a full statement of the law. You should seek professional advice for your specific needs and circumstances before acting or relying on any of the content.

Print Friendly, PDF & Email

Your Compliance Support Plan

We understand you need a cost-effective way to keep up to date with regulatory changes. Talk to us about our fixed price plans.