Hackers working for the US or one of its closest allies broke into Russian search giant Yandex to plant malware to spy on user accounts, Reuters reported Thursday. Called Regin, the malware is known to be used by the Five Eyes intelligence-sharing alliance of the US, Britain, Australia, Canada and New Zealand, sources told the news outlet.
It couldn’t be determined which country was responsible for the Yandex cyberattack. Reuters said it occurred between October and November of 2018 and that the hackers had access to Yandex’s research and development unit for several weeks.
The alleged hack came amid heightened tensions between the US and Russia over cyberwarfare. In early 2018, thewith allegedly using social networks to interfere with the 2016 presidential election. A Russian government-sponsored group ID’ed as Dragonfly or Energetic Bear was reportedly able to gain access to the control rooms of US electric utilities in 2017.
The Moscow-based tech giant, commonly referred to as “Russia’s Google” for the array of online services it offers, didn’t immediately respond to a request for comment but confirmed the incident occurred in a statement to Reuters.
“This particular attack was detected at a very early stage by the Yandex security team,” Yandex spokesman Ilya Grabovsky said in a statement. “It was fully neutralized before any damage was done.”
The purpose of the hack was apparently cyberespionage rather than physical destruction or intellectual property theft, sources told Reuters. Regin, which Symantec labeled a “,” had been in use since as early as 2008 to spy on governments, companies and individuals, Symantec reported in 2014.
Regin allows for a wide range of remote access Trojan capabilities, including password and data theft, hijacking the mouse’s point-and-click functions, and capturing screenshots from infected computers. The cyberespionage tool’s design, including its use of several stealth features to avoid detection, makes it highly suited for long-term mass surveillance, according to the maker of antivirus software.
The CIA didn’t immediately respond to a request for comment.