Five Eyes group hacks Yandex, the Russian search engine

IT system audit specialists report that intelligence agencies in Five Eyes alliance member countries (US, UK, Australia, New Zealand and Canada) have been accused of hacking Yandex systems, a search engine most commonly known as the “Russian Google”.

The Reuters news agency released a report in which four anonymous sources claim that Western spies operated a malware infection campaign against Yandex developers over several weeks in 2018.

The Windows malware used by the alleged hackers, known as Regin, was jointly developed by the UK’s GCHQ and the US’s NSA for espionage purposes, according to WikiLeaks information. “This is a modular malware designed for extensively intrusive surveillance operations”, mentioned IT system audit specialists.

The hackers would have used the malware against Yandex to track a specific group of programmers within the company’s research and development area, possibly for the purpose of extracting private conversations and so on confidential information. “Cyberattacks have become very common. Our teams were able to detect this intrusion at an early stage”, a company spokesman said.

Yandex security teams isolated the malware from their networks and completely neutralized it before hackers managed to compromise the company’s information; further details of the incident are still unknown. “Our users’ information security is a fundamental issue for us. After detecting this attack attempt, we implemented the relevant measures to prevent this from happening again,” the company said. 

Yandex is collaborating with Russian information security firm Kaspersky, which conducted extensive research on Regin malware a few years ago. Experts in IT system audit claim that it is the security firm’s investigators who have pointed out the Five Eyes group as guilty of this hacking campaign. 

Specialists from the International Institute of Cyber Security (IICS) mention that this is not the first time the Kremlin and the White House accuse each other of cyber intrusions, primarily for espionage purposes.