The Russian search engine Yandex has reportedly been attacked by one or more Western intelligence agencies, possibly from the United States, Britain, Australia, New Zealand, and/or Canada, which make up the so-called ‘Five Eyes’. The attack, according to four people with insider information, said it took place in late 2018 and included rare malware called Regin which the hackers hoped to use in order to spy on user accounts hosted by Yandex.
Yandex has acknowledged the attack which took place between October and November 2018. Ilya Grabovsky, a spokesman at the firm, said:
“This particular attack was detected at a very early stage by the Yandex security team. It was fully neutralized before any damage was done. Yandex security team’s response ensured that no user data was compromised by the attack.”
When the attack was discovered, Yandex called in the Russian security company Kaspersky which learned that the attack was actually targeting several developers at Yandex. According to the sources, the infiltrators were trying to work out how Yandex authenticates user accounts so that they could impersonate users and gain access to private messages.
The Regin malware that was used was revealed to be a Five Eyes utility back in 2014 after The Intercept published information obtained from the former NSA contractor, Edward Snowden. The sources that spoke with Reuters claimed that the Regin code found on Yandex systems is newer than what has been used before which only increases the likelihood that Western nations are behind the attack.
If it is Western intelligence agencies or associated parties behind the attack, a conclusion deemed likely by Kaspersky's own private assessment, it’s doubtful that we’ll hear any more of the attack unless Yandex or Kaspersky are willing to share more details about what they’ve uncovered.