Hackers working for Western intelligence agencies reportedly broke into Yandex, a Google competitor based in Russia, to search for technical information that shows how Yandex authenticates user
accounts.
The hack occurred in 2018, according to Reuters, which sources the information from four people with knowledge of the event. The hackers used a malware called Regin, the same malware
used for intelligence sharing
Regin is known to be used by the "Five Eyes," an intelligence alliance made up of the United States, Britain, Australia, New Zealand and Canada. The countries are
bound by an agreement to cooperate on intelligence.
Yandex spokesman Ilya Grabovsky acknowledged the hack in a statement to Reuters, but declined to provide further details.
Grabovsky
told Reuters the attack was detected early on by Yandex's security team, which stopped it before any damage was done. No user data was compromised by the attack, according to the report.
The information the hackers searched for could help a spy agency impersonate a Yandex user and
access their private messages, according to the report. From information received by the sources, the hack of the search engine research and development business was “intended for espionage
purposes rather than to disrupt or steal intellectual property.”
The hackers maintained access to Yandex for at least several weeks without being detected.
Russian cybersecurity
company Kaspersky was called by Yandex to provide an assessment of the attack. More recently Symantec said it had also discovered a new version of Regin, but declined to comment, according to the
report.