Skip to main content

Security firm traces Target malware to Russia

By Marie-Louise Gumuchian and David Goldman, CNN
January 21, 2014 -- Updated 1050 GMT (1850 HKT)
STORY HIGHLIGHTS
  • NEW: IntelCrawler updates report, says Russian teenager not solely responsible for attack
  • Target breach imperiled credit card numbers, personal info of millions
  • Teen reportedly shared malware with other hackers
  • Experts warn other breaches could happen

(CNN) -- A security firm that had pointed the finger at a 17-year-old Russian last week updated its report Monday to identify a different Russian resident as being responsible for writing the malware used in an attack compromised the credit card numbers and other personal information of up to 110 million Target customers.

In a statement published Friday, security firm IntelCrawler said the breach was the result of malware that infected Target's payment system and possibly compromised the systems of other retailers. Neiman Marcus reported a similar security breach this month.

The 17-year old does not appear to be solely responsible for the attack. Independent security researcher Brian Krebs earlier reported that other code in the Target hack pointed to a Ukraine resident.

Homeland security warns retailers

Target breach may be tied to Russian mob
Target 'grinched' for Christmas

Experts say the author may have shared it with others.

"Well, we should be worried. One of the things the hackers do is take the malware as it's called. Once it's identified, then the security community can rally around it and put controls in place. But the problem is, the hackers know that. And they manipulate or mutate this malware, and then reuse it," SecureState CEO Ken Stasiak said.

"We believe that he originated the code, or the malware everybody's calling it now. And was able to put it up on the Internet for download for other hackers to then take, and potentially use it for malicious harm. And that's what we believe happened to Target and Neiman Marcus."

The first sample of the malware was created in March and since then, more than 40 versions have been sold around the world, IntelCrawler said. It first infected retailers' systems in Australia, Canada and the United States.

Hack is a wake-up call on privacy

Andrew Komarov, IntelCrawler CEO, said most of the victims are department stores and said more BlackPOS infections as well as new breaches could appear soon. Retailers should be prepared.

"The numbers could be staggering, really, because what the retailers are looking at are potential class action lawsuits," CNN legal analyst Paul Callan said.

"Let's say hypothetically, a retailer has 40 million transactions by 40 million different customers. All 40 million may have been damaged in some way, and under law they can all be joined together in a class action lawsuit."

Millions getting new cards after hack

CNN's David Goldman and George Howell contributed to this report.

ADVERTISEMENT
Part of complete coverage on
December 24, 2014 -- Updated 0254 GMT (1054 HKT)
A decade on from devastating 2004 Indian Ocean tsunami, the Red Cross' Matthias Schmale says that the lessons learned have made us safer.
December 24, 2014 -- Updated 0024 GMT (0824 HKT)
As soon as word broke that "The Interview" will hit some theaters, celebrations erupted across social media -- including from the stars of the film.
December 23, 2014 -- Updated 1844 GMT (0244 HKT)
Did a rogue hacker -- or the U.S. government -- cut the cord for the regime's Internet?
December 24, 2014 -- Updated 0106 GMT (0906 HKT)
Monaco's newborn royals, Princess Gabriella and Crown Prince Jacques Honore Rainier, posed for their first official photos with their parents.
December 23, 2014 -- Updated 1706 GMT (0106 HKT)
Tim Berners-Lee, the man credited with inventing the world wide web, gives a speech on April 18, 2012 in Lyon, central France, during the World Wide Web 2012 international conference on April 18, 2012 in Lyon.
What's next for the Internet? Acclaimed scientist Sir Tim Berners-Lee shares his insights.
December 23, 2014 -- Updated 0822 GMT (1622 HKT)
The United States and North Korea have long been locked in a bitter cycle of escalating and deescalating tensions. But the current cyber conflict may be especially hard to predict.
December 22, 2014 -- Updated 2100 GMT (0500 HKT)
A chilling video shows Boko Haram executing dozens of non-Muslims.
December 22, 2014 -- Updated 1134 GMT (1934 HKT)
New planes, new flight tests ... but will we get cheaper airfares?
December 21, 2014 -- Updated 1746 GMT (0146 HKT)
The killing of two cops could not have happened at a worse time for a city embroiled in a public battle over police-community relations, Errol Louis says.
December 22, 2014 -- Updated 0251 GMT (1051 HKT)
The gateway to Japan's capital, Tokyo Station, is celebrating its centennial this month -- and it has never looked better.
December 20, 2014 -- Updated 1621 GMT (0021 HKT)
Unicef has warned that more than 1.7 million children in conflict-torn areas of eastern Ukraine face an "extremely serious" situation.
December 22, 2014 -- Updated 1701 GMT (0101 HKT)
Each day, CNN brings you an image capturing a moment to remember, defining the present in our changing world.
Browse through images from CNN teams around the world that you don't always see on news reports.
ADVERTISEMENT