Police in Ukraine have seized servers operated by the Kiev-based Intellect Service to disrupt what they said was an imminent malware attack. Intellect Service develops M.E. Doc accounting and bookkeeping software used by 80 percent of businesses in Ukraine.
Researchers at Slovakian security firm ESET, tracing the May 27 outbreak of NotPetya – aka ExPetr and Diskcoder.C, among other names – found that “a very stealthy and cunning backdoor” had been added to the source code of at least three versions of M.E. Doc that were then automatically distributed via Intellect Service’s update server to its 400,000 customers. Malware researcher Anton Cherepanov at ESET said attackers were able to access the backdoor and push malware to PCs, including NotPetya (see NotPetya Patient Zero: Ukrainian Accounting Software Vendor).
Intellect Service has denied any wrongdoing. In a message to customers posted on its Facebook page, it promised to restore updating services within 24 hours, following the seizure of its servers.
Ukraine Interior Minister Arsen Avakov said in a Facebook post that national cybercrime police seized the servers Tuesday after “new activity” was detected beginning at 1:40 p.m. Kiev time (10:40 GMT), which police blocked. “The attack was stopped,” said Avakov, who like other Ukrainian officials has blamed the attack on Russia. Officials in Russia, however, have denied those allegations.