In late 2018, the Russian search engine Yandex discovered that a rare type of malware had been found on its network, following a hack.
The malware, called Regin, has now been identified as one used by the so-called “Five Eyes” intelligence agencies, which include the US, Britain, and Canada. With Yandex being Russia’s most-popular search engine, this is tantamount to a foreign country hacking Google to spy on Americans.
So, why would Five Eyes – or one of the group members – allegedly launch an attack against a Russian search engine? And what happens now the attack has been identified?
Yandex Hack Explained
According to a Yandex spokesman, the attack was “fully neutralized before any damage was done.” Yandex said it managed to neutralize the threat by calling in engineers from Kaspersky, the Russian antivirus company.
Kaspersky, of course, has its own history of geopolitical controversy — for example, it is currently the only legal VPN service in Russia, indicating that the Russian government has an agreed level of access to its data.
The sources did say that the attackers were looking for information that could help them access a user’s account and their private messages, and that the hackers maintained access to Yandex for “at least several weeks without being detected.”
Reuters’ sources also said that while Kaspersky’s engineers were able to identify that it was the Regin malware used in the attack, they weren’t able to ascertain exactly where it had come from. That's because there were aspects of the code that hadn't previously been used in a cyberattack.
Kaspersky declined to comment on Reuters’ story.
Why Did the Yandex Hack Happen?
Without comment from any security agency, it’s difficult to be certain why a security agency would target Yandex.
However, it’s pretty clear that with Yandex’s popularity in Russia, any major disruption would cause economic headaches for the country.
Just imagine, for example, that a foreign power was able to hack Google, and successfully access the data it holds on its users — the results would be unprecedented.
The Yandex hack comes at a time of heightened international tension between Russia and the West, including accusations of Russian meddling in the US elections.
What Happens Now?
At the moment, it doesn’t appear likely that anything will happen — in public, at least.
No international security agency has commented on the attack, from the Five Eyes group or Russia itself. Even a Kremlin spokesperson commented to Reuters that Russia was not aware of this attack. They did state, however, that “Yandex and other Russian companies are attacked every day. Many attacks come from Western countries.” Fighting talk, it seems.
In private, on the other hand, it’s probably safe to assume that there will be some manner of response. Cyberattacks are becoming increasingly common, both against the US and its Five Eyes allies, and allegedly by the US against countries it deems hostile.
In the past month, for example, there have been attacks against Russian and Iran, in a climate of heightened tension between the countries and the US. While the war of words between the US, Russia, Iran, North Korea, and China might never reach full scale military war, the cybersecurity cold war certainly seems to be hotting up.
Read more of the latest tech news on Tech.co