Advertisment

Ukrainian Police suspects M.E.Doc of spreading malware virus

Ukrainian police seized the servers of M.E.Doc, suspected of spreading a malware virus which crippled computer systems at major companies around the world last week

author-image
DQC Bureau
Updated On
New Update
Cyber Risk

Ukrainian police seized the servers of an accounting software firm suspected of spreading a malware virus which crippled computer systems at major companies around the world last week, a senior police official said.

Advertisment

The head of Ukraine's Cyber Police, Serhiy Demedyuk, told Reuters the servers of M.E.Doc - Ukraine's most popular accounting software - had been seized as part of an investigation into the attack.

Though they are still trying to establish who was behind last week's attack, Ukrainian intelligence officials and security firms have said some of the initial infections were spread via a malicious update issued by M.E.Doc, charges the company's owners deny.

Cyber Police spokeswoman Yulia Kvitko said investigative actions were continuing at M.E.Doc's offices.

Advertisment

The police move came after cyber-security investigators unearthed further evidence on Tuesday that the attack had been planned months in advance by highly-skilled hackers, who they said had inserted a vulnerability into the M.E.Doc progamme.

"Very stealthy and cunning"
"We identified a very stealthy and cunning backdoor that was injected by attackers into one of M.E.Doc's legitimate modules," ESET senior malware researcher Anton Cherepanov said in a technical note. "It seems very unlikely that attackers could do this without access to M.E.Doc's source code."

ESET said at least three M.E.Doc updates had been issued with the "backdoor vulnerability", and the first one was sent to clients on April 14, more than two months before the attack.

Advertisment

Oleg Derevianko, board chairman at Ukrainian cyber-security firm ISSP, said an update issued by M.E.Doc in April delivered a virus to the company's clients which instructed computers to download 350 megabytes of data from an unknown source on the Internet.

The virus then exported 35 megabytes of company data to the hackers, he told Reuters in an interview at his office in Kiev.

On Saturday Ukrainian intelligence officials accused Russian security services of being behind the attack, and cyber-security researchers linked it to a suspected Russian group who attacked the Ukrainian power grid in December 2016.

Advertisment

A Kremlin spokesman dismissed charges of Russian involvement as "unfounded blanket accusations".

cyber-security ransomware-attacks cyber-attack software-firm ukrainian-police m-e-doc
Advertisment