Yandex, popularly known as Russia’s ‘Google’, was reportedly attacked by hackers working for Western intelligence agencies, reports Reuters. The attack is linked to an intelligence alliance – Five Eyes – comprised of (as the name suggests) five countries, namely, US, UK, Australia, Canada and New Zealand. But which of these members have carried out this attack is still unclear.
Five Eyes has been in a spotlight since it issued a statement of principles stressing for “lawful access” to encrypted data which basically means a backdoor to encryption methods for surveillance purposes.
The group of hackers broke into Yandex in the fall of 2018, and deployed the Regin malware (also known as Prax). Regin was first detected by Kaspersky Lab, Symantec and The Intercept during late 2014 but was identified due to the former NSA researcher Edward Snowden. It is a flexible malware which means it can be customized for different targets and usually deployed through computers running on Microsoft.
“This particular attack was detected at a very early stage by the Yandex security team. It was fully neutralized before any damage was done,” Yandex spokesperson told Reuters. “Yandex security team’s response ensured that no user data was compromised by the attack,” he said.
The attackers reportedly wanted to know how Yandex authenticates its user. This is why they were searching for information related to user authentication and this information can be potentially used to impersonate a Yandex user and even access that user’s data. They were said to have access to Yandex for several weeks but were never detected.
According to the report, Yandex’s research and development unit was intended for espionage purposes rather than to disrupt or steal intellectual property.
It should be noted that Yandex is 108 million monthly users in Russia which is 75% of the country’s population. It also bought Uber Technologies Inc’s business in Russia. Apart from Russia, it also has presence in Belarus, Kazakhstan and Turkey. And this attack is among many other cyber attack that have been carried out on Russia by Western intelligence services in past few years. Most recent of these was US’s retaliation on Russia’s cyber attack threat which involved plating a malware on a Russian power grid.