The massive cyberattacks around the globe last week have been traced to an Ukrainian servers used by an accounting software firm and seized by police suspecting them of spreading a malware virus that crippled computer systems.
Ukraine’s Cyber Police head Serhiy Demedyuk told Reuters that the servers of M.E.Doc, an accounting software firm had been seized as the initial infections were spread via a malicious update issued by M.E.Doc. However, the company denied the allegations.
Premium Service, an official dealer of M.E.Doc’s software, posted on its Facebook that the searchers were still scrutinising the software firm’s servers and services. Police said the attack had been planned months in advance by highly-skilled hackers, which forced Ukraine to extedn tax filing deadline in view of cyber attacks.
Slovakian security software firm ESET said theere was a “backdoor” behind the mishap. “We identified a very stealthy and cunning backdoor that was injected by attackers into one of M.E.Doc’s legitimate modules,” ESET senior malware researcher Anton Cherepanov said in a technical note, reported Reuters. “This was a thoroughly well-planned and well-executed operation,” he said.
Oleg Derevianko, board chairman at Ukrainian cyber security firm ISSP, told Reuters that an update by M.E.Doc in April delivered a virus to the clients which instructed computers to download 350 megabytes of data from an unknown source on the internet.
Later, the virus exported 35 megabytes of company data to the hackers, he said explaining that the 35 megabytes data could exfiltrate anything beginning with emails from all of the banks to deciphering user accounts, their passwords and all other information.
M.E.Doc software is used by around 80 percent of companies in Ukraine. Earlier, the Ukrainian officials suspected that a Russian hand was behind the cyber attacks, which wass deneied by Kremlin spokesman as “unfounded blanket accusations”.