A group of hackers working for intelligence agencies stormed the Yandex, a Russian internet search firm, known as Google Russian, in late 2018 and deployed a rare form of malware in an attempt to spy on user accounts, a new report found.
Sources said the malware called Regin is used by the Five Eyes group to exchange information between the United States, Britain, Australia, New Zealand and Canada, while the intelligence agencies in those countries refused to comment, especially since Western cyber attacks against Russia are rarely recognized or talk about it publicly.
Sources in Russia and elsewhere, including three countries with direct knowledge of the breakthrough, said it was not possible to determine which of the five countries were behind the attack on Russian search engine, where the breakthrough took place between October and November 2018. Yandex spokesman Ilya Grabowski, said in a statement to “Reuters”, but declined to provide further details.
“This particular attack was detected at a very early stage by the Yandex security team and completely neutralized before any damage was done,” the company said. “The response of the Yandex security team ensured that user data was not compromised by the attack, Widely known as “Google Russian”, which has more than 108 million monthly users in Russia.
The Yandex search service, along with Russia, also works in Belarus, Kazakhstan and Turkey, the sources who described the attack told Reuters that hackers appeared to be looking for technical information that might explain how Yandex documents user accounts. This information can help a spy agency to impersonate Yandex their own messages.
The breakthroughs in the Yandex R & D unit were intended for espionage purposes rather than disrupting or stealing IP, they said. Hackers kept secretly accessing Yandex for at least several weeks without being detected, and the malicious Regin program was identified as a Five Eyes tool in 2014 after the disclosure of the former contractor Edward Snowden of the National Security Agency.