Russia's Google breached, users spied upon

Image credit: Yandex
(Image credit: Yandex)

A group of cybercriminals found their way into Yandex – the Russian version of Google, in an attempt to steal data for espionage purposes, an exclusive Reuters story claims.

It is being speculated that the group behind the attack is state-sponsored, by one (or multiple) members of the Five Eyes intelligence sharing alliance: The United States, The UK, Australia, New Zealand and Canada.

It took Yandex a few weeks and a little help from Russian cybersecurity firm Kaspersky to spot the breach. The company says no data was stolen and that the breach was stopped before it could do any serious harm.

“This particular attack was detected at a very early stage by the Yandex security team. It was fully neutralized before any damage was done,” Yandex spokesman Ilya Grabovsky said.

It was Kaspersky's investigation that led to the conclusion that the West was behind the attack. Allegedly, hackers breached Yandex using Regin malware – a rare type of malware that was first brought to the public's attention after Snowden's whistleblowing.

The report states that the hackers’ intention was never to steal information, but rather to observe and  spy on Yandex users. They were looking for how Yandex authenticates user accounts, as that would help them impersonate a Yandex user and access their private messages.

All sides of the story declined to comment. The breach took place between October and November of 2018.