New Threat Research: MalSync Teardown: From DLL Hijacking to PHP Malware for Windows  

Read Threat Research

Search

Western Intelligence Believed to be Targeting Russia

Russia: Russian technology firm Yandex has found a new infection in their network, which they believe to be tied to Western Intelligence. The malware, known as Regin, was found to be targeting Yandex, specifically looking at how user accounts are created and communicate, most likely in an attempt to find a way to trick Yandex into believing a fake account is a real one. The Yandex security team stated that they detected the attack at every stage and that no damage was done. Yandex is often referred to as the Google of Russia, although it is used in multiple countries and Regin malware is one of the top cyberespionage malware in use. Yandex, through the use of third-party investigators, believes that because Regin was used, that the attacker had to come from the United States, Britain, New Zealand, Canada or Australia. “Five Eyes,” an intelligence-sharing group made up of these five countries is known for using Regin and investigators also stated that they were able to find pieces of the malware that had not been seen before in any attack, making it less likely that someone is trying to frame the group. Attacks from western groups are not typically talked about, and all of the countries declined to comment on the situation at hand. However, this is the second time in one week that the United States has been called out for being part of a cyber-attack.

Analyst Notes

It is possible that pressing the United States about their hacking capabilities and campaigns may become more frequent due to other geopolitical situations that are occurring.