Russian Tech Firm Yandex Allegedly Attacked by Five Eyes

CNET reports that a malware attacked Russian internet company Yandex. The malware is strongly associated with Five Eyes.

Reportedly, the assaulters used malware to extract information about the company’s research and development activities. The breach took place from October to November 2018.

Experts refer to the malware used for the attack as Regin. Antivirus developer Symantec categorized it as a highly rated tool for espionage. Interestingly, Regin is the tool preferred by Five Eyes.

Five Eyes is known as the intelligence group of the United States, Australia, Britain, New Zealand and Canada. According to Lawfare, this alliance came about after the involved nations made “spying arrangements” during the Second World War. This agreement enables a “sharing of signals intelligence” (SIGINT) among the concerned countries.


There are theories about the origin of the attack, but no specific country is named responsible.

Russian Tech Firm Yandex Allegedly Attacked by Five Eyes

Meanwhile, the cyber attack on Yandex (dubbed as “Russia’s Google”) occurred at a time when the US-Russian relations are highly tensed. The issues surrounding this tension is related to cyber warfare.

The US indicted 13 Russian individuals with allegations of election-related interference in 2018. Reportedly, the Russian nationals utilized social media platforms to intervene in the 2016 presidential polls. Moreover, a group sponsored by the Russian administration breached US electric control rooms.

There are also reports of the US’s cyber attacks against Russia. At the beginning of June 2019, The New York Times revealed that the US Cyber Command attacked Russia’s electric grid. According to the news outlet, the assault involved a highly dangerous malware which could potentially cripple the country’s electric supply.


Yandex’s Ilya Gabovsky said that the company caught the attack before it escalated. Gabovsky highlighted that their security team addressed the issue and it did not disclose user information.

While the attack did not compromise consumer info, sources say that its primary purpose was espionage. In fact, Symantec says that Five Eyes used Regin to “spy on governments, companies and individuals.”

Symantec revealed that malware enables Trojan access and credential theft. It is also known to commandeer cursor movement and functions, as well as take screen captures. It utilizes various covert functions to avert discovery.

The security software company consider Regin as a fitting malware for spying on a huge number of targets. With the stealth capabilities of the program, its espionage abilities can go undetected for a long time.