Cisco experts say the NotPetya group used an employee’s credentials to embed a backdoor in the M.E.Doc software package. The company behind the software was left without updates since February 2013. Cisco experts believe the group used this backdoor to send the Not Petya ransomware to users and companies that installed these boobytrapped updates. This means the group could have the ability to collect a unique code for each business that each business entered their unique business ID for each company.
Source: https://www.bleepingcomputer.com/news/security/m-e-doc-software-was-backdoored-3-times-servers-left-without-updates-since-2013/