The company confirmed the attempt to attack.
At the end of 2018, hackers who worked for Western intelligence agencies tried to hack Yandex to collect data about users. For this they used a rare type of virus, but the company claims that it stopped the hacking at a very early stage. This was reported by Reuters with reference to four interlocutors who are familiar with the situation and were confirmed in Yandex.
According to agency sources, hackers used the Regin virus, which uses the intelligence alliance of the US, UK, Australia, New Zealand and Canada. The interlocutors explained that it was impossible to determine which country had attacked Yandex, and the hacking attempt took place between October and November 2018.
The representative of “Yandex” Ilya Grabovsky in a conversation with Reuters confirmed the incident. He refused to disclose the details, but noted that the company’s security service recorded the attack at a “very early stage”, and neutralized the virus before causing any damage. In “Yandex” noted that no user data “could not be compromised.”
According to agency sources, hackers also searched for technical information explaining how Yandex identifies users. She could help the security services impersonate the user in order to gain access to his correspondence.
The interlocutors noted that the hacking of the research and development department was aimed at spying, and not at stealing intellectual property. Sources clarified that the hackers had secret access to “Yandex” for several weeks before they were spotted.
The existence of Regin as a tool of Western intelligence services became first known in 2014 thanks to Edward Snowden. According to the report of The Intercept, British and American intelligence used the earlier version of the program to hack the Belgian telecom company Belgacom in 2013.
Reuters sources said that the Regin code was also found in the Yandex systems, but had not previously been encountered in any of the previous attacks. Thus, hackers confuse traces of involvement of Western intelligence agencies.
According to the interlocutors, after the discovery of the attack, “Yandex” contacted Kaspersky Lab, which found out that the purpose of the hackers was a group of developers within the company. The specialists of the Laboratory also concluded that Western special services were behind the attack.
Symantec Security Response Cybersecurity Technical Director Vikram Thakur (Vikram Thakur) noted that Regin is the gem of attacking espionage tools. According to him, based on the list of goals and investments necessary to create such viruses, several countries are engaged in its support.