Russian internet giant Yandex has denied being the victim of a cyberattack after some of its internal source code was posted online.
The leaker published files worth 44.7 GB, which they say are “Yandex git sources”, like Torrent on a notorious hacker forum, with a large part of the company’s source code.
The files are believed to be from February 2022, and while the leak does contain some API keys, it is believed that they were only used to test the deployment.
Fake support emails
BleepingComputer reports that initial file analysis (opens in a new tab) software engineer Arseniy Shestakov noted that the technical data and code of many of Yandex’s top products seemed to be included.
Mail, Disk and Yandex Pay – respectively the company’s email, cloud storage and payment processing services – were among the platforms affected. Oddly enough, his anti-spam policies weren’t.
Yandex denied that its systems were hacked, instead blaming a former employee for the source code repository leak.
“Yandex has not been hacked. Our security services found code snippets from an internal repository in the public domain, but the content is different from the current version of the repository used by Yandex services,” BleepingComputer said in a statement.
“We are conducting an internal investigation into the reasons for the release of source code snippets, but we do not see any threat to user data or platform performance.”
The news comes shortly after the UK’s National Cyber Security Center (NCSC) issued a warning about continued cyberattacks by Russian and Iranian hacking groups.
While the two groups do not appear to collude, they separately target organizations of the same type, which last year included government bodies, NGOs, and those in the defense and education sectors, as well as individuals such as politicians, journalists, and activists. .
Through: Beeping Computer (opens in a new tab)