Compromised Company Spreading NotPetya Malware Faces Criminal Charges In Ukraine

KIEV, Ukraine -- Serhiy Demydiuk added that employees of ME Doc also had warned managers of the company regarding insecurities in company's infrastructure, but that was ignored.


Serhiy Demedyuk, Cyber Police Head of Ukraine.

Jonathan Nichols, a security analyst, identified vulnerabilities in FTP-based updating mechanism of the company, by using the search engine Shodan, which can reveal data on the devices connected to the internet.

Nichols posted a blog stating that compromising the ME Doc with the NotPetya was "so easy, anyone could do it".

The response from the company towards the attack was also criticized for the inconsistencies, first issues a response by accepting the responsibility, before retracting that and then describing reports by blaming company as "clearly erroneous".

Later on, they admitted that they were cooperating with authorities of Ukraine.

The company issued a statement saying that they had contacted the law enforcement in the Ukraine for helping to "search for the source of the attack, find out its mechanisms and determine the steps to be taken to eliminate the consequences".

V3.com posted on July 4th, 2017, quoting one senior police official as saying that on Tuesday, Ukrainian police seized the accounting software firm servers suspected for spreading the malware virus, i.e. crippling the computer systems of major companies all over the world, last week.

Serhiy Demedyuk, Cyber Police Head of Ukraine, said that servers of the M.E.Doc, the most famous accounting software of Ukraine, were seized to investigate about the attack.

Intelligence officials and security firms of Ukraine are still trying to identify who was behind the attack last week but said that some of the initial infections were spread through a malicious update issued by M.E.Doc.

However, the owners of the company deny these charges.

On Saturday, the intelligence officials of Ukraine accused the Russian security services for the attack, and researchers of cybersecurity linked the attack to one suspected group from Russia who attacked the power grid of Ukraine in Dec. 2016.

Derevianko said that the activity of the hackers in April, as well as, reported access to the source code of M.E.Doc revealed that computer networks of Ukraine were already compromised and attackers are still currently operating inside them.

He said: "It certainly tells us about the advanced capabilities of the adversaries and I don't think that any additional evidence is required to attribute this to a nation-state attack."

Source: IT Security News

Comments