'Petya' cyberattack news: Ukrainian software firm suspected in attack
Police have seized the servers of the popular accounting firm M.E.Doc, suspected of instigating the "Petya" cyberattack that originated in Ukraine and Russia, then spread across the globe.
According to Reuters, Ukrainian Intelligence are still investigating as to who was responsible for the attack. M.E.Doc's official dealer, Premium Service, claimed that "masked men were searching M.E.Doc's offices and that the software firm's servers and services were down." Cyber Police are still investigating this incident.
The head of Ukraine's Cyber Police, Serhiy Demedyuk, said that servers of M.E.Doc were seized as part of the investigation. Intelligence officials suspected that the machines were used to spread the malware virus that disabled computer systems of leading companies around the world.
They also claimed that cyber security investigators discovered a "backdoor" written into the M.E.Doc source code of its software updates. This was done by highly-skilled hackers who planned the attack ahead of time.
According to the Slovakian security software firm ESET, a piece of code was injected into the updates which would be sent out to M.E.Doc's clients to download and install. Clients would be instructed to download the update for their systems' upgrade, not knowing that there was malicious code embedded into it.
The Ukrainian cyber security firm ISSP noted that an update was issued by M.E.Doc in April to the company's clients. The virus hidden in the update exported 35 MB of data to the hackers. These included companies' email, user accounts, passwords, and everything else. The information gathered by the hackers was allegedly used to compromise companies' computer systems.
M.E.Doc is used by 80 percent of the companies in Ukraine and at least 400,000 of its clients use it to send and process financial documents, which are also filed with the Ukrainian tax service.
Companies affected by the cyberattack are still struggling to get back to normal. However, the shipping giant Maersk has said it has gotten all of its systems back online.
Expect more reports as the situation unfolds.
