Russian internet giant Yandex reportedly hacked by Western intelligence agency

The malware used in the attack is popular with the Five Eyes intelligence-sharing alliance, Reuters reports.

Steven Musil Night Editor / News
Steven Musil is the night news editor at CNET News. He's been hooked on tech since learning BASIC in the late '70s. When not cleaning up after his daughter and son, Steven can be found pedaling around the San Francisco Bay Area. Before joining CNET in 2000, Steven spent 10 years at various Bay Area newspapers.
Expertise I have more than 30 years' experience in journalism in the heart of the Silicon Valley.
Steven Musil
2 min read

Russian internet search giant Yandex was reportedly hit with a malware attack last year.

Alexander Nemenov/Getty Images

Hackers working for the US or one of its closest allies broke into Russian search giant Yandex to plant malware to spy on user accounts, Reuters reported Thursday. Called Regin, the malware is known to be used by the Five Eyes intelligence-sharing alliance of the US, Britain, Australia, Canada and New Zealand, sources told the news outlet.

It couldn't be determined which country was responsible for the Yandex cyberattack. Reuters said it occurred between October and November of 2018 and that the hackers had access to Yandex's research and development unit for several weeks.

The reported hack came amid heightened tensions between the US and Russia over cyberwarfare. In early 2018, the US charged 13 Russian nationals with using social networks to interfere with the 2016 presidential election.  In 2017, a Russian government-sponsored group ID'ed as Dragonfly or Energetic Bear was reportedly able to gain access to the control rooms of US electric utilities. And earlier this month, The New York Times reported that US Cyber Command has gotten more aggressive than ever against Russia in the past year, placing "potentially crippling malware" in systems that control the country's electrical grid.

Moscow-based tech giant Yandex, commonly referred to as "Russia's Google" for the array of online services it offers, confirmed the incident occurred.

"This particular attack was detected at a very early stage by the Yandex security team," company spokesman Ilya Grabovsky said in a statement. "It was fully neutralized before any damage was done." Yandex also said no user data was compromised by the attack.

The purpose of the hack was apparently cyberespionage rather than physical destruction or intellectual property theft, sources told Reuters. Regin, which antivirus software maker Symantec labeled a "top-tier espionage tool," had been in use since as early as 2008 to spy on governments, companies and individuals, Symantec reported in 2014.

Regin allows for a wide range of remote access Trojan capabilities, including password and data theft, hijacking the mouse's point-and-click functions and capturing screenshots from infected computers. The cyberespionage tool's design, including its use of several stealth features to avoid detection, makes it highly suited for long-term mass surveillance, according to Symantec.

The CIA didn't immediately respond to a request for comment.