Australia passes bill allowing it to impose sanctions for cyber-attacks
The Australian Senate has passed a bill today providing a legal framework for its government to impose economic sanctions on foreign hackers that engage in cyberattacks against Australian targets.
The bill, submitted to the Australian Parliament in 2019, was modeled after the Magnitsky Act, a 2012 US law that allowed the US government to impose sanctions on corrupt Russian officials who imprisoned Sergei Magnitsky, a Moscow tax lawyer who exposed a tax fraud scheme.
Following its adoption, the US Magnitsky Act gave the US government a general legal framework to punish human rights abusers and corrupt foreign politicians across the globe.
The Australian version of the Magnitsky Act, which passed unanimously this week, can also be used to sanction corrupt politicians and human rights abuses but also includes a clause to punish foreign hackers as well.
A sanctioned entity under the new law can have its Australian assets frozen, denied entry into the country, and use of Australia's banking system.
"The reforms will ensure Australia can take timely action, including with like-minded partners where it is in our national interest, to impose costs on, influence, and deter those responsible for egregious situations of international concern, wherever they occur in the world, while minimising impacts on general populations," said Marise Payne, Australia's Minister for Foreign Affairs, in a statement released earlier today.
Until now, only the EU and the US have imposed sanctions on hackers, with Australia typically issuing statements of condemnation.
Possible targets for Australia's new sanctioning powers could include several ransomware operators and Chinese cyber-espionage groups, which have been some of the most active threat actors inside Australia over the past few years.
is a cybersecurity reporter who previously worked at ZDNet and Bleeping Computer, where he became a well-known name in the industry for his constant scoops on new vulnerabilities, cyberattacks, and law enforcement actions against hackers.