Daily Management Review

'Russia's Google' Yandex Was Hacked By Western Intelligence For Spying: Reuters


06/28/2019




In late 2018, the server of the Russian internet search company Yandex was broken into by hackers employed by Western intelligence agencies with the aim of injecting a rare type of malware that was capable of spying on user accounts, reported news agency Reuters citing information from four sources who had knowledge of the incident.
 
The report claimed that the name of the malware is Regin and is known to  have been put to use by the intelligence-sharing alliance of the United States, Britain, Australia, New Zealand and Canada called the “Five Eyes”.
 
The report did not carry any comments from the intelligence agencies of the concerned countries.
 
It is however a known fact that any western induced cyberattacks against Russia is very rarely spoken about or disclosed in public. The report claimed that the sources could not confirm whether the five countries in question were aware of the attack on Yandex. The time period of the cyber attack was between October and November of 2018.
 
In a statement to Reuters, the incident was acknowledged by Yandex spokesman Ilya Grabovsky. No further details were however provided. “This particular attack was detected at a very early stage by the Yandex security team. It was fully neutralized before any damage was done,” he said.
 
“The Yandex security team’s response ensured that no user data was compromised by the attack,” the company also said.
 
The company claims to have over 108 million monthly users in Russia and offers a wide range of services from internet search to email and taxi reservations and is therefore known as “Russia’s Google”. The operations of the company also extend to Belarus, Kazakhstan and Turkey.
 
The pretext used by the hackers to get into the server of the company was to appear as if they were searching for how accounts are authenticated by Yandex, the sources reportedly told Reuters. Access to such information could enable a hacker from a spy agency to pose as a user of Yandex and get access to their private messages.
 
The report claimed that the sources said that the aim of the hackers breaching the research and development unit of Yandex was to conduct espionage and not disruption of the site or intellectual property theft. The report further said that access to Yandex was retained undetected by the hackers for several weeks. 
 
In 2014, after disclosure by a former United States National Security Agency (NSA) contractor Edward Snowden, it came to be known that the Regin malware was a tool of the Five Eyes.
 
A hack in 2013 into the system of Belgian telecom firm Belgacom was attributed to an earlier version of Regin according to reports published in ‘The Intercept’ in partnership with a Dutch and Belgian newspaper. The report put the onus of the hack on the British spy agency Government Communications Headquarters (GCHQ) and the NSA. At that time there were no comments made about the incident by GCHQ and the NSA.
 
(Source:www.reuters.com)