Russia: Russian technology firm Yandex has found a new infection in their network, which they believe to be tied to Western Intelligence. The malware, known as Regin, was found to be targeting Yandex, specifically looking at how user accounts are created and communicate, most likely in an attempt to find a way to trick Yandex into believing a fake account is a real one. The Yandex security team stated that they detected the attack at every stage and that no damage was done. Yandex is often referred to as the Google of Russia, although it is used in multiple countries and Regin malware is one of the top cyberespionage malware in use. Yandex, through the use of third-party investigators, believes that because Regin was used, that the attacker had to come from the United States, Britain, New Zealand, Canada or Australia. “Five Eyes,” an intelligence-sharing group made up of these five countries is known for using Regin and investigators also stated that they were able to find pieces of the malware that had not been seen before in any attack, making it less likely that someone is trying to frame the group. Attacks from western groups are not typically talked about, and all of the countries declined to comment on the situation at hand. However, this is the second time in one week that the United States has been called out for being part of a cyber-attack.
By Anthony Zampino Introduction Leading up to the most recent Russian invasion of Ukraine in