Russian search giant Yandex hacked by Western intelligence agencies to spy on developers

Yandex hack occurred between October and November 2018 when Regin malware associated with the NSA was found

Hackers linked with Western intelligence agencies attacked Russian search giant Yandex last year in a bid to spy on user accounts.

Four people with knowledge of the matter told Reuters that the company found malware, called Regin, associated with the intelligence agencies of the US, UK, Australia, New Zealand and Canada.

The malware targeted Yandex's research and development unit and was present for a number of weeks.

Yandex is Russia's answer to Google, known for offering an array of online services to users predominantly based in Russia, Kazakhstan, Turkey and other countries. It claims to have more than 108 million monthly users in Russia.

AI & Machine Learning Live is returning to London on 3rd July 2019. Hear from the Met Office's Charles Ewen, AutoTrader lead data scientist Dr David Hoyle and the BBC's Noriko Matsuoka, among many others. Attendance is free to qualifying IT leaders and senior IT pros, but places are limited, so reserve yours now.

The incident occurred between October and November last year, according to Reuters' sources, when Yandex security teams suspected a malware outbreak on developer's PCs. Security specialists from Kaspersky were called in, who confirmed the attack, identified the type of malware and suggested that hackers were targeting a group of programmers inside Yandex.

The assessment by Kaspersky indicated that the attackers were most likely working for Western intelligence agencies, although the country responsible for the cyber attack couldn't be determined.

The purpose of the attack, according to Kaspersky, was cyber espionage rather than acquisition of intellectual property or destruction of systems or network.

Security experts also claimed that some code used in the malware discovered by Yandex was not used in any other previously known cyber attack.

According to the files leaked by former US National Security Agency (NSA) contractor Edward Snowden, Regin was developed by the NSA and GCHQ to spy on companies, individuals, and governments around the world.

"Regin is the crown jewel of attack frameworks used for espionage. Its architecture, complexity and capability sits in a ballpark of its own," Vikram Thakur, technical director at Symantec Security Response, told Reuters. "We have seen different components of Regin in the past few months," Thakur added.

Yandex spokesman Ilya Grabovsky acknowledged the attack, but didn't provide any further details. "This particular attack was detected at a very early stage by the Yandex security team," Grabovsky told Reuters.

"It was fully neutralised before any damage was done," he added.

Cloud & Infrastructure Live 2019 returns to London on 19th September 2019. Learn about the latest technologies in cloud, how to keep one step ahead of the regulators, and network with an audience of IT leaders and senior IT pros. The event will include keynotes, panel discussions, case studies, and strategic and technical streams. Best of all, the event is FREE to qualifying attendees. Secure your place now.

Attending Cloud & Infrastructure Live 2019 already? Why not enter the Computing Cloud Excellence Awards that will be celebrated in the evening, too?