WASHINGTON/LONDON/SAN FRANCISCO (Reuters) – Hackers working for Western intelligence services, was divided into a Russian internet search company Yandex (YNDX.D) by the end of 2018 to implement, from a very rare type of malware in an attempt to spy on the user, four people with knowledge of the matter told Reuters.
FILE PHOTO: The logo of the Russian internet group Yandex, is pictured at the headquarters of the company in Moscow, Russia, October 4, 2018. REUTERS/Shamil Zhumatov/File Photo
The malware, called Regin, has been known to be used by the “Five Eyes” intelligence-sharing alliance between the United States of america, the united Kingdom, Australia, New Zealand and Canada, the sources said. The intelligence services in those countries, which refused to comment.
Western cyber-attacks against Russia, are rarely acknowledged or discussed in public. It cannot be determined which one of the five states was behind the attack at Yandex, said by sources in Russia and around the world, three of whom had direct knowledge of the hack. The battle took place between the months of October and November in 2018.
Yandex spokesman Ilya Grabovsky acknowledged the incident in a statement to Reuters, but declined to provide further details. “This particular attack was detected at a very early stage, due to Google’s security team. It was completely neutralized before the damage was done,” he said.
The company also said that, “the Google security team for its response to be sure that there will be no user data was compromised in the fire.”
The company, which is known as “Russia’s Google,” to get a wide range of online services provided by the internet search, e-mail, and the taxi says it has more than 108 million monthly users in Russia. It also operates in belarus, Kazakhstan, and Turkey.
The sources described the attack to Reuters, saying that the hackers appeared to be searching for technical information, which might help to explain how Yandex checks the user account. Such information may be able to help you in a spy agency, are likely to occur when a Yandex user, and have access to their private messages.
The name of Yandex’s research and development unit has been designed for espionage purposes, to interfere with, or the theft of intellectual property, the sources said. The hackers surreptitiously to maintain access to Yandex for at least a few weeks without being discovered, ” she said.
The Regin malware, has been identified as one of Five Eye-tool-in 2014, the following revelations from former U.S. National Security Agency (NSA) contractor Edward Snowden.
The reports of The Interception of, and in co-operation with Dutch and Belgian newspapers, even if a previous version of the Regin to be a hack of Belgian telecommunications company Belgacom, in 2013, ” said the British spy agency Government Communications Headquarters (GCHQ) and the NSA was responsible. At the time, GCHQ declined to comment, and the NSA denied involvement.
‘JEWEL in the crown’
Security experts say that it is the concern of cyber-attacks can be difficult because of the obfuscation methods that can be used by hackers.
However, some of Regin’s code is found in Yandex, and the systems had not been implemented at all of the well-known previous cyber intrusions, the sources said, reducing the risk that the attackers were intent on the basis of the well-known Western-hacking tools, in order to cover their tracks.
Yandex referred to as the Russian cyber security firm Kaspersky, the attackers were targeting a group of developers in Yandex, three of the sources said. Their own review of Kaspersky, which is described to Reuters, closed, hackers are likely to be bound by a Western intelligence violated, Yandex is using Regin.
An administration spokesman declined to comment.
The U.S. Office of the Director of National Intelligence, declined to comment. The White House, the National Security Council, did not respond to a request for comment.
The Kremlin does not immediately respond to a Reuters request for comment.
Moscow-based Yandex, which is listed on the NASDAQ stock exchange in the United States of america, and of the Moscow Exchange, subject to more stringent regulatory control by the Russian government, after the passage of the new internet laws and regulations. A former Russian economics and trade minister Herman Gref was a Yandex board member in 2014.
The AMERICAN cyber security firm Symantec said it had also recently found out that there is a new version of Regin. Symantec has declined to identify where the monster was discovered, citing an obligation of confidentiality.
“Regin is the jewel in the crown of the attack frames are used for intelligence purposes. The architecture, the complexity, and the ability to sit in a ballpark of its own,” Vikram Thakur, technical director of Symantec Security Response, told Reuters. “We have seen the different components of Regin in the last couple of months.”
“On the basis of victimology in conjunction with the investment, which is necessary for the creation, maintenance, and operation of Regin, as we believe that there is, at best, a handful of countries that could be behind their existence,” said Thakur. “Regin was back on the radar by 2019.”
Report by Christopher Bing, in Washington, d.c., Jack Stubbs in London and Joseph Menn in San Francisco; editing by Jonathan Weber and Grant McCool