Western intel hacked ‘Russia’s Google’ Yandex

Hackers working for Western intelligence agencies broke into Russian internet search company Yandex in late 2018, deploying a rare type of malware in an attempt to spy on user accounts, four people with knowledge of the matter told Reuters.

The malware, called Regin, is known to be used by the “Five Eyes” intelligence-sharing alliance of the United States, Britain, Australia, New Zealand and Canada, the sources said. Intelligence agencies in those countries declined to comment.

Western cyberattacks against Russia are seldom acknowledged or spoken about in public. It could not be determined which of the five countries was behind the attack on Yandex, said sources in Russia and elsewhere, three of whom had direct knowledge of the hack. The breach took place between October and November 2018.

Yandex, widely known as “Russia’s Google” for its array of online services from internet search to email and taxi reservations, says it has more than 108 million monthly users in Russia. It also operates in Belarus, Kazakhstan and Turkey.

The hack of Yandex’s research and development unit was intended for espionage purposes rather than to disrupt or steal intellectual property, the sources said. The hackers covertly maintained access to Yandex for at least several weeks without being detected, they said.

The Regin malware was identified as a Five Eyes tool in 2014 following revelations by former US National Security Agency (NSA) contractor Edward Snowden.