Published on July 1st, 2019 📆 | 4281 Views ⚑
0Alleged Cyber Attack on Russia’s Yandex Used Malware Tied to Western Intelligence
Hackers believed to be working for Western intelligence agencies âbroke into Russian internet search company Yandex from October to November 2018,â deploying a malware variant called Regin that is âknown to be used by the âFive Eyesâ intelligence-sharing alliance of the United States, Britain, Australia, New Zealand and Canada,â Reuters reported on Friday, citing four people with knowledge of the incident.
Yandex, which has long since expanded beyond a search engine and now has footholds in industries from ridesharing to e-commerce, is Russiaâs largest tech company and claims to serve approximately 75 percent of the Russian population. According to Reuters, it is unclear where the attack originated. Yandex confirmed that such an incident had occurred to the news agency, but claimed that its security personnel were able to prevent the loss of any user data.
âThis particular attack was detected at a very early stage by the Yandex security team,â spokesman Ilya Grabovsky told Reuters. âIt was fully neutralized before any damage was done. Yandex security teamâs response ensured that no user data was compromised by the attack.â
Reuters wrote that the intent appears to have been to gather intelligence on user authentication on Yandex, which could be useful to anyone seeking to subsequently break into accounts:
The sources who described the attack to Reuters said the hackers appeared to be searching for technical information that could explain how Yandex authenticates user accounts. Such information could help a spy agency impersonate a Yandex user and access their private messages.
The hack of Yandexâs research and development unit was intended for espionage purposes rather than to disrupt or steal intellectual property, the sources said. The hackers covertly maintained access to Yandex for at least several weeks without being detected, they said.
Regin has previously been named by the Intercept as the malware involved in a long-term attack on Belgian telecom Belgacom in the early 2010s. Russian cybersecurity firm Kapersky Lab believes the Regin toolkit was developed by a nation state. As Reuters noted, the Intercept reported that the UKâs Government Communications Headquarters (GCHQ) and the U.S. National Security Agency were responsible for the Belgacom attack, though the GCHQ declined comment and the NSA denied responsibility.
Reuters further reported that sources said the Regin malware detected at Yandex contained new code. Symantec Security Response technical director Vikram Thakur confirmed to the news agency that the company had âseen different components of Regin in the past few monthsâ and that the malware âcame back on the radar in 2019.â
This isnât the only recent report of foreign intrusion of computer systems based in Russia, which has been at increased tensions with much of the West over issues ranging from the geopolitical balance of power to more specific gripes like alleged Russian election interference. Earlier this month, accounts of U.S. penetration of the Russian electrical grid popped up in the New York Times; sources told the paper that it was carried out under new authority granted by the White House and Congress to the Pentagon that allows the secretary of defense to escalate cyber operations without presidential pre-clearance.
The Russian government told Reuters it was not aware of this specific incident, with Kremlin spokesman Dmitry Peskov saying, âYandex and other Russian companies are attacked every day. Many attacks come from Western countries.â
[Reuters]
Gloss