Western governments issued a “Regin” malware attack on Russia’s Yandex service, Reuters reports

Spokesperson for Yandex, Ilya Grabovsky, confirmed the incident.

Yandex, a Russian and regional internet powerhouse, was the target of a Western cyber attack last year, Reuters said it learned from sources.

The agency cites four people and says that a spokesperson for Yandex, Ilya Grabovsky, confirmed the incident.

Grabovsky also said that the event – that reportedly took place between October and November 2018, had been quickly discovered before malware did any damage – i.e., that user data was protected.

One of the sources cited by Reuters said the attack went on “at least several weeks” before being detected – and the hackers weren't out to steal any intellectual property. Reportedly “merely” engaging in a spot of espionage.

The agency said the goal of these allegedly Western perpetrators was to spy on Yandex users by gaining access to their data on the platform.

The reason for pointing the finger at the West is the malware used in the attack: Regin, which is said to be “known to be used” by the US, UK, Australia, New Zealand, and Canada, as part of their “Five Eyes” intelligence alliance.

Reuters further cited its sources to report that the goal of the attackers was to pose as Yandex users and breach their private messages.

The attack seems to have been discovered as the hackers were attempting to learn, by infiltrating the company's R&D segment, how Yandex authenticates accounts.

As ever, discovering who actually commits a cyber attack is virtually impossible, and the attribution often relies on little more than circumstantial evidence – such as the source of the original version of a piece of malware.

But Reuters said a source from the security firm Kaspersky, who handled the problem on behalf of Yandex, “privately assessed” that the attack “likely” came from the West.

Meantime in the Kremlin, spokesman Dmitry Peskov suggested that while the authorities didn't know of this particular incident, if true, it would not be entirely newsworthy.

That's because cyber attacks against Russian assets are an everyday occurrence – and many do come from the West, said Peskov.

Reuters also recalled that Yandex, that has 108 million users, is now more stringently regulated, as per Russia's new internet legislation.

Didi Rankovic

Didi Rankovic is an experienced online journalist, editor, and translator, with a career spanning over ten years writing for major a English-language website in Serbia, and previously working as translator for international organizations and peacekeepers in the Balkans. Rankovic is passionate about free and open source tech and is a head contributor for Reclaim The Net, focusing on lead stories. [email protected]