According to Russia, a group of hackers working for the Western Intelligence agencies managed to break into Russian Internet search company, Yandex, in late 2018. The said group of hackers employed a rare kind of malware, Regin, in order to spy on user accounts according to four people who have the knowledge of the matter.
The malware is known as Regin and is famous for being used by the ‘Five Eyes’ intelligence-sharing alliance that exists between the United States, Australia, Britain, Canada, and New Zealand. There has been no comment on this allegation by the intelligence agencies of these countries. However, western cyberattacks against Russia are rarely acknowledged or addressed in public. Sources who had direct knowledge of the hack have stated that it is not known for sure about the origin of the attack. The breach did take place however, between October and November 2018.
Yandex spokesman Ilya Grabovsky has acknowledged the incident in a statement to Reuters but has not provided any more details. He said, ‘This particular attack was detected at a very early stage by the Yandex security team. It was fully neutralized before any damage was done. Yandex security team’s response ensured that no user data was compromised by the attack.’ Yandex is also referred to as Russia’s Google because of the different online services that it offers and has over 108 million monthly users in Russia. It also operates in Belarus, Kazakhstan, and Turkey.
According to the sources that have described the Regin attack, the hackers seemed to be looking for obtaining the technical information that would help them understand how Yandex authenticates user accounts. This information could enable a spy agency to impersonate a Yandex user while accessing their private messages. The hack of Yandex’s research and development unit was aimed at espionage rather than disruption or stealing intellectual property. The hackers actually maintained their access to Yandex covertly for a few weeks prior to detection. The Regin malware came to light as a tool used by Five Eyes in 2014 after Edward Snowden – former US National Security Agency contractor – made his revelations.
US cybersecurity firm Symantec has also claimed that it recently found a new version of Regin. Vikram Thakur, technical director at Symantec Security Response, said, ‘Regin is the crown jewel of attack frameworks used for espionage. Its architecture, complexity and capability sit in a ballpark of its own. We have seen different components of Regin in the past few months. Based on the victimology, coupled with the investment required to create, maintain, and operate Regin, we believe there are at best a handful of countries that could be behind its existence. Regin came back on the radar in 2019.’