Elements tied to Western spy agencies hacked into online search engine firm Yandex – the Russian equivalent to Google — late last year to embed a malware designed to snoop on its user accounts, a report has revealed.
The malware, identified as Regin, is known to be deployed by the so-called “Five Eyes” intelligence-sharing alliance of the US, Britain, Australia, New Zealand and Canada, Reuters reported Friday, citing four people with knowledge of the matter.
According to the report, Regin became known as a Five Eyes tool in 2014 after revelations by former US National Security Agency (NSA) contractor and whistleblower Edward Snowden, who defected to Russia after becoming the target of an international manhunt ordered by Washington.
The report noted that spy agencies of those countries refused to comment on the case.
The hacking attack, directed at Yandex’s research and development unit, was intended for espionage purposes rather than to disrupt or steal intellectual property, said the sources, adding: “The hackers covertly maintained access to Yandex for at least several weeks without being detected.”
Western cyber attacks against Russia are rarely confirmed or talked about publicly, and it could not be determined which of the five Western governments was behind the attack on Yandex, which took place between October and November 2018, added the sources, who the report said were from “Russia and elsewhere, three of whom had direct knowledge of the hack.”
Yandex spokesman Ilya Grabovsky confirmed the cyber attack but refused to elaborate further on the case.
Attack ‘fully neutralized’ before causing damage
Meanwhile, Yandex said that it had “fully neutralized” the attack before the hackers were able to cause any damage or access sensitive data.
“This particular attack was detected at a very early stage by the Yandex security team. It was fully neutralized before any damage was done,” Grabovsky said in a statement to Reuters. “Yandex security team’s response ensured that no user data was compromised by the attack.”
The company — widely recognized as “Russia’s Google” for its collection of online services from internet search to email and taxi reservations — states that it has more than 108 million monthly users in Russia. It also operates in Belarus, Kazakhstan and Turkey.
The development came just days after Moscow expressed major concerns about reports that the US had escalated its cyber attacks against Russia through incorporating malicious software into Russian power systems.