Regin Virus Infection In Yandex. Accident Or Deliberate?
The Five Eyes alliance (New Zealand, Australia, Canada, UK and the United States) allegedly launched a takedown-level cyber attack and large-scale industrial espionage against Russia’s biggest search engine and web services company, Yandex. The incident occurred between October 2018 to November 2018, the data breach includes information about Yandex’s research and development efforts at that time. No one from the five eyes nations claimed credit for the attack, but it is generally understood that the month-long infiltration incident came as a form of retaliation, since the United States had a series of press releases against Russia’s alleged interference in the 2016 presidential elections.
Yandex is Russia’s equivalent of Google, an IT services conglomerate that offers Russians almost all equivalent services that Google offers like email, video sharing, search engine and etc. Yandex believe that a state-level western intelligence agency is behind the infiltration, as the malware used for the spy campaign can monitor user’s activity in all infected machines of Yandex attacked during the incident period. Compared to cyberattacks against western countries and companies, cyber attacks and deliberate industrial espionage news against Russia, the five eyes involvement was hypothesized due to the initial analysis which showed Regin was the malware used against Yandex.
Regin is a malware known for allegedly being funded by the Five Eyes, and it had a history of being an instrument for cyber espionage.“This particular attack was detected at a very early stage by the Yandex security team. It was fully neutralized before any damage was done. Yandex security team’s response ensured that no user data was compromised by the attack,” explained Ilya Grabovsky, Yandex’s spokesperson.
Though known in the west as the Google replacement for Russians, Yandex is a competent and profitable company in its own right. Just like Google, it continues to expand its business portfolio, with taxi reservation being the latest service it offers to its 108 million active users per month. Yandex also is a global company, anyone can sign-up for their email service, use its search engine and look-up images to name a few. A sizable number of Turkey, Belarus and Kazakhstan citizens also embrace it, in replacement to Google services, which many believe are instrument of espionage by the NSA and the rest of the U.S. spy community.
As an influential tech giant in Russia, the research and development data stolen due to the Regin malware attack is detrimental for the company’s growth. At the time of this writing, the White House spokesperson refused to issue a statement about the incident. Russian Government spokesperson, Dmitry Peskov, when asked to comment denied that Kremlin has knowledge about the cyber attack against the Russian conglomerate, but he confirmed that becoming a target is pretty normal these days. “Yandex and other Russian companies are attacked every day. Many attacks come from Western countries,” Peskov emphasized.
Symantec, a US-based antimalware vendor confirmed that it was a new variant of Regin responsible for the espionage attack against Yandex, which its technical director called Crown Jewel of (western) attack framework. “Regin is the crown jewel of attack frameworks used for espionage. Its architecture, complexity and capability sits in a ballpark of its own. We have seen different components of Regin in the past few months. Based on the victimology coupled with the investment required to create, maintain, and operate Regin, we believe there are at best a handful of countries that could be behind its existence. Regin came back on the radar in 2019,” concluded Vikram Thakur, Symantec’s Technical Director for Security response.