On 7/4/17 2:53 PM, Mike Petrusha wrote:
Но зачем вся эта шпионская история с коллекционированием ЄДРПОУ?
Each organization that does business in Ukraine has a unique legal
entity identifier called the EDRPOU number. This is extremely
important for the attackers: having the EDRPOU number, they could
identify the exact organization that is now using the backdoored
M.E.Doc. Once such an organization is identified, attackers could
then use various tactics against the computer network of the
organization, depending on the attackers’ goal(s). [ ... ] And, of
course, the attackers added the ability to control the infected
machine.
--
Volodymyr Litovka
"Vision without Execution is Hallucination." -- Thomas Edison