Posted on June 28, 2019 at 9:19 AM
Hackers Infect Russian Search Giant with Malware: Western Intelligence Agencies Possibly Involved
The online hack wars between the East and the West continue, but this time, it is the West that took action. According to recent reports, a hacking team with a close connection to one of the countries making up the Five Eyes surveillance alliance supposedly struck at the Russian search giant, Yandex.
It is unknown whether the hackers are tied to the US itself, or one of its allies. However, it was confirmed that they managed to infiltrate Yandex and plant malware. The reports of the incident claim that the malware in question, known as Regin, has the ability to gather information and send it back to the party that planted it. In other words, it appears that the goal of the attack was to spy on user accounts.
This particular malware is also known to be used by intelligence agencies of the Five Eyes alliance, which was revealed by the famous whistleblower, Edward Snowden. The Alliance itself is made up of five countries — the UK, Australia, New Zealand, Canada, and the US itself.
The hack comes as part of a cyber espionage campaign
As mentioned, researchers were not able to determine which of the five countries was responsible for the attack on Yandex. The attack itself happened some time ago, according to Reuters’ report, which puts it between October and November of last year. It is believed that the attackers managed to remain within the network for several weeks, which they spent gathering data from Yandex’s research and development unit.
Those familiar with the details of the incident believe that hackers were seeking out technical information. Allegedly, their goal was to find an explanation as to how the company authenticates different user accounts. If they managed to find it, the information could be leveraged by one of the spy agencies to impersonate one of Yandex’s users, which would, in theory, allow them access to said user’s private messages.
Whatever the case, the hack was clearly a cyber espionage operation, instead of simply being an attempt to hack a business and steal intellectual property. After the news of the incident had leaked, Yandex itself issued a statement, claiming that hackers did not manage to compromise any of the customer data. They also said that cyber attacks have grown to become a common occurrence around the globe.
The company appears to have been ready for such attacks, and they claim that the attack was detected by its security team while it was in the early stage. As a result, they managed to neutralize it before customers’ data was compromised. The company ended its statement by saying that they are unable to share further detail at this time. However, they took the opportunity to once again reassure their users that their data is safe.
Yandex takes security of user data very seriously, and they are currently taking steps to make sure that such attacks would not affect them in the future. Their online defenses were already quite powerful, and now, the firm appears to be upgrading them further.
The international tensions grow higher
The hack comes at the time when international tensions are quite high, particularly between the US and Russia. Last year, the US charged 13 Russian nationals with using social media for interfering with the US affairs, with the 2016 presidential election being the best-known one. In addition, in 2017, a group supposedly sponsored by the Russian government, Dragonfly/Energetic Bear, apparently gained access to the US electric utilities’ control room.
Even this month, the US Cyber Command supposedly became more aggressive against Russia. They managed to place a crippling malware in the country’s electrical grid control systems. This is only the latest incident in a long line, with cyber espionage being the obvious goal, as mentioned.
There are multiple details that point this out, such as the tool’s design, as well as features, such as stealth capabilities added to avoid detection. So far, the US intelligence agencies such as the CIA did not respond, and it is questionable whether they will, at all. However, the string of incidents between Russia and the US is only a part of the US’ international difficulties, as the country is in deeply involved with the trade war with China. Not to mention the recent incident where Iran shot down one of the US’ drones, which caused US President Donald Trump to put a trading ban on Iran and any country that allies itself with it, such as Syria.
