Hackers working for the Intelligence services of several Western countries penetrated the Russian Internet search company Yandex in an attempt by using a ‘malware’ to try to spy on user accounts.
The malware, called Regin, is used by the ‘Five Eyes’ intelligence alliance – made up of the United States, the United Kingdom, Australia, New Zealand, and Canada – according to sources quoted by the Reuters news agency.
Western cyber attacks against Russia are rarely recognized and for now, it has not been possible to determine which country has been behind the attack against Yandex, which took place between October and November 2018.
Yandex spokesman Ilia Grabovski acknowledged the incident, although she declined to give more details. “This particular attack was detected at a very early stage by the Yandex security team, it was totally neutralized before it caused damage,” he added.
The company, generally known as the ‘Russian Google’ for its ‘online’ services of search, mail and even taxi reservations, claims to have more than 108 million monthly users in the Eurasian country. In addition, it operates in Belarus, Kazakhstan, and Turkey.
The sources quoted by Reuters have pointed out that the hackers seemed to look for technical information that could explain how they verify user accounts, which would allow these services to pass themselves off as one of them and access their private messages.
The ‘malware’ was identified as a tool of ‘Five Eyes’ in 2014 after the revelations of the former analyst of the National Security Agency (NSA) Edward Snowden.
The Intercept, along with two newspapers from the Netherlands and Belgium, linked a previous version of Regin with a computer attack on the Belgian telecommunications company Belgacom in 2013, blamed on the intelligence services of the United Kingdom and the NSA.
However, the sources have detailed that part of the Regin code found in Yandex systems had not been used in previous cyber-attacks. Yandex has contacted the cybersecurity company Kaspersky, who has determined that the target was a group of developers within the company.
The US cybersecurity company Symantec recently said it has discovered a new version of Regin, although it has refused to say where citing confidentiality reasons.