Ukrainian software firm suspected of spreading global virus, servers seized
As part of an investigation into one of the largest recent cyber attacks, the servers of Ukraine's most popular accounting software, M.E.Doc were seized by Ukrainian police Tuesday, Reuters reported, citing the head of Ukraine's Cyber Police, Sergey Demedyuk.
Cyber Police spokeswoman Yulia Kvitko confirmed an ongoing investigation into M.E.Doc's offices.
Ukrainian intelligence officials and security firms experts believe initial infections, which affected thousands of computers worldwide, might have been spread via the accounting firm’s updates, Reuters reports.
While it is still unclear who inserted a vulnerability into the M.E.Doc program, the Kiev-based firm whose software is used by around 80 percent of companies in Ukraine is under investigation itself and will face criminal charges, AP reported citing Demedyuk.
M.E.Doc's employees had dismissed repeated warnings about the security of their information technology infrastructure, Demedyuk said in an interview with the news agency.
Chernobyl nuclear power plant’s radiation checks knocked out by mass cyberattack https://t.co/ahk1IilkRT— RT (@RT_com) June 27, 2017
"They knew about it... They were told many times by various anti-virus firms," he told AP, adding, "for this neglect, the people in this case will face criminal responsibility."
The company whose software allows some 400,000 clients to manage financial documents between internal departments, as well as file them with the Ukrainian state tax service, had initially acknowledged having been hacked, but then deleted its statement, according to AP.
On Tuesday, the Ukrainian government said it would submit a draft law to parliament for the country's tax deadline to be extended this year, as many companies missed it because of the attack.
Last week, dozens of companies in various parts of the world were attacked by ransomware, believed to have originated from Ukraine. In Ukraine itself, the massive cyber attacks targeted the government, banks and airports, and even partly knocked out some radiation monitoring equipment at the Chernobyl nuclear power plant.
Elsewhere in the world, the US-based division of pharmaceutical company Merck, Russian state oil company Rosneft, Danish shipping and oil firm A.P. Moller-Maersk, UK-based advertising and public relations company WPP, and chocolate giant Cadbury in Australia were among those affected.
Kiev has blamed Russia for being behind the cyber attack but failed to present any evidence to support its accusations. The Kremlin dismissed the allegations, having dubbed them as ”unfounded."