‘Five Eyes’ Hack into Russia’s Yandex Using Regin


Yandex, a Russian Internet browser similar to Google, was hacked by Western intelligence agencies. Yandex operates in Russia, Belarus, Kazakhstan, and Turkey and is used by more than 108 million user each month. The attack was launched in late 2018, using a rare type of malware, Reign.

This malware is highly sophisticated and has been used since at least 2008. It was developed by the National Security Agency (NSA) and Britain’s GCHQ. The malware was identified as a Fives Eyes Tool in 2014, when former NSA contractor, Edward Snowden, leaked information. Reign was created and has has been used to spy on VIPs across the world.

Technical director at Symantec Security Response, Vikram Thakur, stated regarding the attack:

“Regin is the crown jewel of attack frameworks used for espionage. Its architecture, complexity and capability sits in a ballpark of its own”

The Western intelligence agencies behind the attack are part of a group called, ‘Five Eyes’. This group is made up of the United States, Australia, Britain, New Zealand, and Canada. The ‘Five Eyes Nations’ share intelligence and intelligence gathering capabilities. According to Reuters, four sources informed them that three members of ‘Five Eyes’ had direct connection of the attack.

Further, Yandex representative, Ilya Grabovsky, told Reuters about the incident saying that an incident occurred involving Reign. Ilya did give further information, however, did say that the attack was ineffective. The Yandex team was able to defuse the attack before any damage was done. However, attackers were able to access their systems were several weeks before being discovered.

“This particular attack was detected at a very early stage by the Yandex security team. It was fully neutralized before any damage was done….Yandex security team’s response ensured that no user data was compromised by the attack.”

Yandex believes that that the agency was after technical information on user authentication processes. Obtaining this information can allow attackers to imitate users and access private messages.

Further, Yandex hired Kaspersky, a Russian cybersecurity firm, to investigate further into the hack. Kaspersky concluded that the hackers were most likely linked to the Western intelligence agencies.


Contact LIFARS if your organization was hit with malware.