U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

APT

Regin spyware involved in attack against the Russian tech giant Yandex

Allegedly Western nation-state actors breached the systems of Russian tech giant Yandex in 2018, the attack involved a new variant of the Regin malware. According to the Reuters, Western state-sponsored hackers breached the systems of the Russian tech giant Yandex in 2018, the attack involved a new variant of the Regin malware. The Regin malware has been […]

Regin malware

Allegedly Western nation-state actors breached the systems of Russian tech giant Yandex in 2018, the attack involved a new variant of the Regin malware.

According to the Reuters, Western state-sponsored hackers breached the systems of the Russian tech giant Yandex in 2018, the attack involved a new variant of the Regin malware.

The Regin malware has been around since at least 2008, most Regin infections were observed in Russia (28%) and Saudi Arabia (24%), but other attacks were spotted in Iran, Ireland, India, Afghanistan, Austria, Belgium,  Mexico, and Pakistan.

In August 2015, Symantec revealed the existence of 49 new modules of the Regin espionage platform, a circumstance that suggests that its operators are still active.

Many experts linked the Regin malware to the Five Eyes alliance, they found alleged references to the super spyware in a number of presentations leaked by Edward Snowden and according to malware researchers, it has been used in targeted attacks against government agencies in the EU and the Belgian telecoms company Belgacom.

Regin malware

In 2015, the Der Spiegel, citing cyber security experts, confirmed there “is no doubt” that Regin can be linked to the Five Eyes alliance.

The Regin Trojan was discovered on the laptop last year and it has been used by threat actors to exfiltrate sensitive data from the targeted computer.

Now the Reuters revealed that it was aware of a security breach suffered by Yandex and that occurred between October and November 2018.

Hackers targeted research and development department at Yandex, attackers were interested in compromising the company’s user authentication system.

“Hackers working for Western intelligence agencies broke into Russian internet search company Yandex in late 2018 deploying a rare type of malware in an attempt to spy on user accounts, four people with knowledge of the matter told Reuters.” reported the Reuters.

Attackers aimed at impersonating users and access to their private messages. Yandex acknowledged the security breach but did not provide further details on the attack.

“This particular attack was detected at a very early stage by the Yandex security team. It was fully neutralized before any damage was done,” said Yandex spokesman Ilya Grabovsky.

The Yandex security team’s response declared that no user data was compromised by the attack because it was “detected at a very early stage” and it was “fully neutralized before any damage was done.”

The attack involved a new version of Regin spyware and experts speculate that the attack against Yandex was launched by Five Eyes intelligence agencies.

According to Reuters, Yandex hired Kaspersky experts to investigate the incident, initial findings suggest that attackers targeted a group of developers within the company.

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – Regin, espionage)

[adrotate banner=”5″]

[adrotate banner=”13″]