AFP Commissioner Reece Kershaw announced the "malicious" hack on the health insurer, which has seen private health information leaked on the dark web, is being carried out by individuals in Russia.
"Our intelligence points to a group of loosely affiliated cybercriminals who are likely responsible for past significant breaches in countries across the world," he said.
He said the cybercriminals are operating like a business with affiliates and associates supporting them.
Kershaw added other individuals involved in the "business" are based in other countries.
"We believe we know, which individuals are responsible but I will not be naming them," he said.
Australian authorities will be holding talks with Russian law enforcement about the individuals responsible for the cyberattack to bring them to face the country's justice system.
"It is important to note that Russia benefits from the intelligence sharing and data shared through Interpol and that comes with responsibilities and accountabilities," he said.
Kershaw also issued a stark warning to the criminals responsible: "We know who you are and the AFP has some significant runs on the scoreboard when it comes to bringing overseas offenders back to Australia to face the justice system."
'We know who is responsible': PM
The AFP's announcement comes after the prime minister earlier confirmed that authorities know who is behind the cyberattack.
"We know where they're coming from, we know who is responsible, and we say that they should be held to account," Anthony Albanese said.
He also claimed the nation where the alleged attacker is from, which has since been revealed as Russia, should be "held accountable".
"The fact is, the nation, where these attacks are coming from should also be held accountable for the disgusting attacks and the release of information including very private and personal information," he said.
"I am disgusted by the perpetrators of this criminal act," he said.
It is the third time in the same number of days that the cyber attackers have exposed private health information on a dark web forum, with today's instance allegedly revealing medical diagnoses related to alcohol.
Medibank CEO claims hackers 'enjoying notoriety'
Medibank CEO David Koczkar said the criminals are "enjoying the notoriety" of releasing the data leaks and expects the crimes to continue over coming days.
"We expect the criminal to continue to release stolen customer data each day," he said.
"The relentless nature of this tactic being used by the criminal is designed to cause distress and harm.
"These are real people behind this data and the misuse of their data is deplorable and may discourage them from seeking medical care."
Koczkar said customers whose data has been released onto the dark web will be contacted and the health insurer continues to provide support services to those impacted by the attack.