This article is more than 1 year old

While we were raging about Putin's meddling and Kremlin hackers, Five Eyes were pwning Yandex, Russia's Google

... Are ... are we the baddies?

Hackers from the Five Eyes intelligence agencies have been accused of breaking into systems at Yandex, dubbed Russia's Google.

A report by Reuters today cites four sources claiming Western spies are believed to be behind a malware infection spotted spreading among developer machines at the Russian search, webmail, and ecommerce giant Yandex over several weeks in October and November last year.

The Windows malware, dubbed Regin, was developed and wielded by Britain's GCHQ and America's NSA to spy on VIPs around the planet, according to top-secret files leaked by Edward Snowden. The modular and adaptable software nasty is primarily designed to be used for extended surveillance operations.

In the case of Moscow-based Yandex, the malware was apparently used to follow a specific group of programmers within the organization's research and development division. It is thought the West's hackers wanted to figure out a way to covertly break into specific user accounts and harvest private messages and other sensitive data.

"Cyber attacks are a common occurrence throughout the world. This particular attack was detected at an early stage by the Yandex security team," a Yandex spokesperson told The Register in the past hour.

Regin super-malware has Five Eyes fingerprints all over it says Kaspersky


"It was fully neutralized before any damage to Yandex customers' data was done. At this point in time we are not disclosing any further details about the attack. The Yandex security team’s response ensured that no user data was compromised by the attack.

"Ensuring the security of user data is of critical importance to us. Following the attempted attack, we took the necessary measures to ensure that we would not be susceptible to such an attack in the future. We continue to employ all relevant cyber defense tools and also cooperate with leading third-party experts and providers to protect our users' privacy."

Russian infosec giant Kaspersky, which published an investigation into Regin back in 2014, was called in by Yandex to help clean up the infection and help attribute the attack to Five Eyes intel agencies. When contacted by The Register, Kaspersky declined to comment.

It's tempting to chalk this up to "spies do spying." It is no secret that the NSA and other Five Eyes member agencies have sought to infiltrate critical government and private sector organizations in Russia and other nations to extract intelligence.

However, at a time when the US government has been publicly criticizing other countries for hacking American public and private sector networks as part of their own spycraft, it comes off as more than a little hypocritical that Uncle Sam's own white/grey/black hats were hard at work infiltrating one of Russia's largest online businesses. ®

More about


Send us news

Other stories you might like