Western intel agencies hacked Russian online search firm to plant spying virus
Elements tied to Western spy agencies hacked into online search engine firm Yandex – the Russian equivalent to Google — late last year to embed a malware designed to snoop on its user accounts, a report has revealed.
The malware, identified as Regin, is known to be deployed by the so-called “Five Eyes” intelligence-sharing alliance of the US, Britain, Australia, New Zealand and Canada, Reuters reported Friday, citing four people with knowledge of the matter.
According to the report, Regin became known as a Five Eyes tool in 2014 after revelations by former US National Security Agency (NSA) contractor and whistleblower Edward Snowden, who defected to Russia after becoming the target of an international manhunt ordered by Washington.
The report noted that spy agencies of those countries refused to comment on the case.
The hacking attack, directed at Yandex’s research and development unit, was intended for espionage purposes rather than to disrupt or steal intellectual property, said the sources, adding: “The hackers covertly maintained access to Yandex for at least several weeks without being detected.”
Western cyber attacks against Russia are rarely confirmed or talked about publicly, and it could not be determined which of the five Western governments was behind the attack on Yandex, which took place between October and November 2018, added the sources, who the report said were from “Russia and elsewhere, three of whom had direct knowledge of the hack.”
Yandex spokesman Ilya Grabovsky confirmed the cyber attack but refused to elaborate further on the case.
Attack ‘fully neutralized’ before causing damage
Meanwhile, Yandex said that it had “fully neutralized” the attack before the hackers were able to cause any damage or access sensitive data.
“This particular attack was detected at a very early stage by the Yandex security team. It was fully neutralized before any damage was done,” Grabovsky said in a statement to Reuters. “Yandex security team’s response ensured that no user data was compromised by the attack.”
The company — widely recognized as “Russia’s Google” for its collection of online services from internet search to email and taxi reservations — states that it has more than 108 million monthly users in Russia. It also operates in Belarus, Kazakhstan and Turkey.
The development came just days after Moscow expressed major concerns about reports that the US had escalated its cyber attacks against Russia through incorporating malicious software into Russian power systems.
Citing unnamed current and former US government officials, major American daily The New York Times reported on June 15 that the US intelligence officials have been investigating the Russian power grid since at least 2012 and that they have recently started targeting power grid control systems in offensive operations.
The sources further emphasized that the hackers appeared to be searching for technical information that could explain how Yandex authenticates user accounts. Such information, they added, could help a spy agency impersonate a Yandex user and access their private messages.
According to the report, Yandex called in Russian cyber security company Kaspersky, which established the hackers were targeting a group of developers inside Yandex. A private assessment by Kaspersky further concluded that the attackers – described as “likely tied to Western intelligence” breached Yandex using Regin.
Chief US spies, White House refuse comment
This is while US Office of the Director of National Intelligence refused to comment on the incident. Neither did the White House National Security Council respond to a request for comment.
Moreover, Kremlin spokesman Dmitry Peskov also said the Russian government was not aware of this particular attack on Yandex but noted: “Yandex and other Russian companies are attacked every day. Many attacks come from Western countries.”
Other reports by online news outlet The Intercept as well as a Dutch and Belgian newspaper, tied an earlier version of Regin to a hack at Belgian telecom firm Belgacom in 2013 and underlined that the British spy agency Government Communications Headquarters (GCHQ) and the NSA were responsible. At the time GCHQ refused to comment on the case and the NSA denied any involvement.