Russian search engine Yandex was infected with Regin malware to spy on user accounts
- Regin is known to be used by the ‘Five-Eyes’ intelligence-sharing agencies of the United States, Britain, Australia, New Zealand, and Canada.
- The breach took place between October 2018 to November 2018.
Cybercriminals associated with Western Intelligence agencies had broken into the Russian internet search company Yandex by deploying a rare malware named Regin. The incident had occurred in late 2018 in an attempt to spy on user accounts.
What is the Regin malware?
According to Reuters, the malware Regin is known to be used by the ‘Five-Eyes’ intelligence-sharing agencies of the United States, Britain, Australia, New Zealand, and Canada.
The breach took place between October 2018 to November 2018.
Purpose of the attack
The sources who described the attack to Reuter said that the hackers were in search of technical information that could explain how Yandex authenticates user accounts. Such information could help a spy agency impersonate a Yandex user and access their private messages.
“The hack of Yandex’s research and development unit was intended for espionage purposes rather than to disrupt or steal intellectual property, the sources said. The hackers covertly maintained access to Yandex for at least several weeks without being detected, they said,” Reuters reported.
How did Yandex respond?
Yandex spokesperson has acknowledged the incident and said, “This particular attack was detected at a very early stage by the Yandex security team. It was fully neutralized before any damage was done.”
Adding further, the spokesperson said that the company had ensured that no user data was compromised during the attack.