Skip to main content

Security firm traces Target malware to Russia

By Marie-Louise Gumuchian and David Goldman, CNN
January 21, 2014 -- Updated 1050 GMT (1850 HKT)
STORY HIGHLIGHTS
  • NEW: IntelCrawler updates report, says Russian teenager not solely responsible for attack
  • Target breach imperiled credit card numbers, personal info of millions
  • Teen reportedly shared malware with other hackers
  • Experts warn other breaches could happen

(CNN) -- A security firm that had pointed the finger at a 17-year-old Russian last week updated its report Monday to identify a different Russian resident as being responsible for writing the malware used in an attack compromised the credit card numbers and other personal information of up to 110 million Target customers.

In a statement published Friday, security firm IntelCrawler said the breach was the result of malware that infected Target's payment system and possibly compromised the systems of other retailers. Neiman Marcus reported a similar security breach this month.

The 17-year old does not appear to be solely responsible for the attack. Independent security researcher Brian Krebs earlier reported that other code in the Target hack pointed to a Ukraine resident.

Homeland security warns retailers

Target breach may be tied to Russian mob
Target 'grinched' for Christmas

Experts say the author may have shared it with others.

"Well, we should be worried. One of the things the hackers do is take the malware as it's called. Once it's identified, then the security community can rally around it and put controls in place. But the problem is, the hackers know that. And they manipulate or mutate this malware, and then reuse it," SecureState CEO Ken Stasiak said.

"We believe that he originated the code, or the malware everybody's calling it now. And was able to put it up on the Internet for download for other hackers to then take, and potentially use it for malicious harm. And that's what we believe happened to Target and Neiman Marcus."

The first sample of the malware was created in March and since then, more than 40 versions have been sold around the world, IntelCrawler said. It first infected retailers' systems in Australia, Canada and the United States.

Hack is a wake-up call on privacy

Andrew Komarov, IntelCrawler CEO, said most of the victims are department stores and said more BlackPOS infections as well as new breaches could appear soon. Retailers should be prepared.

"The numbers could be staggering, really, because what the retailers are looking at are potential class action lawsuits," CNN legal analyst Paul Callan said.

"Let's say hypothetically, a retailer has 40 million transactions by 40 million different customers. All 40 million may have been damaged in some way, and under law they can all be joined together in a class action lawsuit."

Millions getting new cards after hack

CNN's David Goldman and George Howell contributed to this report.

ADVERTISEMENT
Part of complete coverage on
September 10, 2014 -- Updated 1253 GMT (2053 HKT)
ISIS has captured the minds of a new generation of global jihadists. What does it mean for al Qaeda?
September 12, 2014 -- Updated 0326 GMT (1126 HKT)
Think that U.S. President Barack Obama has done a back flip on Iraq and Syria? Think again.
September 12, 2014 -- Updated 0338 GMT (1138 HKT)
Treated with all due respect, volcanoes can offer some stunning vistas. Just don't fall in.
September 12, 2014 -- Updated 0522 GMT (1322 HKT)
The blogger, the hacker, the PM... and Kim Dotcom? New Zealand's election campaign erupts in scandal.
September 11, 2014 -- Updated 0236 GMT (1036 HKT)
In the aftermath of that deadly day, the enemy quickly became clear. But now a plurality of extremist threats tests global resolve.
September 10, 2014 -- Updated 1321 GMT (2121 HKT)
Soviets put stray dogs into orbit. Then, next thing you know...
September 12, 2014 -- Updated 0928 GMT (1728 HKT)
Her name is Thokozile Matilda Masipa, and she is the woman who will rule whether Oscar Pistorius is a murderer.
September 9, 2014 -- Updated 1448 GMT (2248 HKT)
As a 10-year-old, this boy first hit the headlines in 1982 when he saved his cat from a fire. This year, he was reported to be a suicide bomber.
September 10, 2014 -- Updated 1517 GMT (2317 HKT)
After months -- if not years -- of speculation, the tech giant's first foray into wearables has arrived. Here are our first impressions.
September 10, 2014 -- Updated 1241 GMT (2041 HKT)
Steven Sotloff's family believes ISIS paid rebels to alert the group about his location in Syria.
September 10, 2014 -- Updated 0805 GMT (1605 HKT)
Bali might be a popular tourist destination but there are crowd-free corners worth exploring.
September 10, 2014 -- Updated 1120 GMT (1920 HKT)
Scots are preparing to vote on the future of their country. Will they decide to leave the UK?
Browse through images from CNN teams around the world that you don't always see on news reports.
ADVERTISEMENT