The Ukrainian Cyber Police have seized servers of a firm behind accounting firm ME Doc's software which was taken over by hackers to disrupt work at the central bank, government offices, and a majority of businesses in the country.
The software maker may face criminal charges for ignoring warnings from security experts about an impending cyber-attack.
Following the seizure, the Ukrainian cyber police have confirmed that hackers behind the Petya/NotPetya malware attacks in Ukraine carried out a supply chain attack to access the source code of accounting software created by Intellect Service and owned by accounting firm ME Doc.
Not just a ransomware attack: Petya cyber-attack was meant to destabilise Ukraine
"Once they have access to the source code, they installed a backdoor in one of the program updates, which installs unauthorised remote access [Trojan] on the computers of ME Doc users," the police added.
The accounting software created by Intellect Service is widely used in Ukraine for tax filing purposes by banks, media organisations, transport, telecommunications, and energy departments. It is also used by over 80 per cent of businesses in the country for tax filing.
Since the software has been quarantined, Ukrainian authorities have extended the deadline for end-of-year tax filing by a month to help businesses complete their paperwork using alternate software or other methods. Those still using ME Doc software have been advised to change their passwords and digital signatures at the earliest to avoid being targeted by hackers in the future.
At the moment, Ukraine's security service SBU is conducting a joint investigation on the NotPetya cyber-attacks along with the FBI, Europol, the UK's National Crime Agency and other international agencies.
The NotPetya cyber-attacks also affected operations at global firms like Danish shipping company Maersk, Russian oil giant Rosneft, aircraft manufacturer Antonov, US pharmaceutical giant Merck as well as its subsidiary Merck Sharp & Dohme (MSD) in the UK.
Petya ransomware attack hits firms globally
Ukrainian authorities have maintained that the cyber-attacks were sponsored by Russia to destabilise Ukraine, shut down the country's critical infrastructure along with other institutions like the central bank, cabinet offices, and postal services.
“War in cyberspace, seeding fear and horror among millions of personal computer users, and inflicting direct material damage from destabilizing the work of businesses and the state, is just one part of the hybrid war of the Russian empire against Ukraine,” said Ukrainian member of Parliament Anton Gerashenko.
"A cyber attack with the ultimate goal of an attempt to destabilize the situation in the economy and public consciousness of Ukraine was disguised as an attempt to extort money from computer owners," he added.