Ukraine police seize servers, prevent second cyber attack

KIEV • Ukrainian police have seized the servers of an accounting software firm suspected of spreading a malware virus that crippled computer systems at major companies around the world last week, a senior police official said.

And according to Ukrainian Interior Minister Arsen Avakov, cyber police blocked a second attack on Tuesday that he blamed on Russia.

Ukraine also took steps on Tuesday to extend its state tax deadline by one month to help businesses hit by the malware assault.

Police said the servers of M.E.Doc - Ukraine's most popular accounting software - had been seized as part of an investigation into the attack. Though they are still trying to establish who was behind last week's attack, Ukrainian intelligence officials and security firms have said some of the initial infections were spread via a malicious update issued by M.E.Doc, charges the company's owners deny.

Mr Avakov said on Facebook yesterday that the latest attack was launched at 1.40pm Kiev time (6.40pm Singapore time) and was scheduled to peak at 4pm . He said that, until 3pm, cyber police blocked the mailing and activation of the virus from the servers of the information system M.E.Doc.

"The attack was stopped. The servers were removed along with cyber criminals impact's traces obviously rooted from Russian Federation," Mr Avakov said.

Premium Service, which says it is an official dealer of M.E.Doc's software, wrote a post on M.E.Doc's Facebook page saying masked men were searching M.E.Doc's offices and that the software firm's servers and services were down.

The police move came after cyber security investigators unearthed more evidence on Tuesday that the attack had been planned months in advance by highly skilled hackers, who they said had inserted a vulnerability into the M.E.Doc program.

Researchers at Slovakian security software firm ESET said they had found a "backdoor" written into some of M.E.Doc's software updates, likely with access to the firm's source code, which allowed hackers to enter companies' systems undetected.

"It seems very unlikely that attackers could do this without access to M.E.Doc's source code," ESET senior malware researcher Anton Cherepanov said in a technical note. "This was a thoroughly well-planned and well-executed operation," he added.

ESET said at least three M.E.Doc updates had been issued with the "backdoor vulnerability"; the first was sent to clients on April 14, more than two months before the attack.

A Kremlin spokesman dismissed charges of Russian involvement as "unfounded blanket accusations".


A version of this article appeared in the print edition of The Straits Times on July 06, 2017, with the headline 'Ukraine police seize servers, prevent second cyber attack'. Print Edition | Subscribe