Hackers working for Western intelligence agencies reportedly broke into Yandex, a Google competitor based in Russia, to search for technical information that shows how Yandex authenticates user accounts.
The hack occurred in 2018, according to Reuters, which sources the information from four people with knowledge of the event. The hackers used a malware called Regin, the same malware used for intelligence sharing
Regin is known to be used by the "Five Eyes," an intelligence alliance made up of the United States, Britain, Australia, New Zealand and Canada. The countries are bound by an agreement to cooperate on intelligence.
Yandex spokesman Ilya Grabovsky acknowledged the hack in a statement to Reuters, but declined to provide further details.
Grabovsky told Reuters the attack was detected early on by Yandex's security team, which stopped it before any damage was done. No user data was compromised by the attack, according to the report.
The information the hackers searched for could help a spy agency impersonate a Yandex user and access their private messages, according to the report. From information received by the sources, the hack of the search engine research and development business was “intended for espionage purposes rather than to disrupt or steal intellectual property.”
The hackers maintained access to Yandex for at least several weeks without being detected.
Russian cybersecurity company Kaspersky was called by Yandex to provide an assessment of the attack. More recently Symantec said it had also discovered a new version of Regin, but declined to comment, according to the report.