Skip to main content

Security firm traces Target malware to Russia

By Marie-Louise Gumuchian and David Goldman, CNN
January 21, 2014 -- Updated 1050 GMT (1850 HKT)
STORY HIGHLIGHTS
  • NEW: IntelCrawler updates report, says Russian teenager not solely responsible for attack
  • Target breach imperiled credit card numbers, personal info of millions
  • Teen reportedly shared malware with other hackers
  • Experts warn other breaches could happen

(CNN) -- A security firm that had pointed the finger at a 17-year-old Russian last week updated its report Monday to identify a different Russian resident as being responsible for writing the malware used in an attack compromised the credit card numbers and other personal information of up to 110 million Target customers.

In a statement published Friday, security firm IntelCrawler said the breach was the result of malware that infected Target's payment system and possibly compromised the systems of other retailers. Neiman Marcus reported a similar security breach this month.

The 17-year old does not appear to be solely responsible for the attack. Independent security researcher Brian Krebs earlier reported that other code in the Target hack pointed to a Ukraine resident.

Homeland security warns retailers

Target breach may be tied to Russian mob
Target 'grinched' for Christmas

Experts say the author may have shared it with others.

"Well, we should be worried. One of the things the hackers do is take the malware as it's called. Once it's identified, then the security community can rally around it and put controls in place. But the problem is, the hackers know that. And they manipulate or mutate this malware, and then reuse it," SecureState CEO Ken Stasiak said.

"We believe that he originated the code, or the malware everybody's calling it now. And was able to put it up on the Internet for download for other hackers to then take, and potentially use it for malicious harm. And that's what we believe happened to Target and Neiman Marcus."

The first sample of the malware was created in March and since then, more than 40 versions have been sold around the world, IntelCrawler said. It first infected retailers' systems in Australia, Canada and the United States.

Hack is a wake-up call on privacy

Andrew Komarov, IntelCrawler CEO, said most of the victims are department stores and said more BlackPOS infections as well as new breaches could appear soon. Retailers should be prepared.

"The numbers could be staggering, really, because what the retailers are looking at are potential class action lawsuits," CNN legal analyst Paul Callan said.

"Let's say hypothetically, a retailer has 40 million transactions by 40 million different customers. All 40 million may have been damaged in some way, and under law they can all be joined together in a class action lawsuit."

Millions getting new cards after hack

CNN's David Goldman and George Howell contributed to this report.

ADVERTISEMENT
Part of complete coverage on
November 27, 2014 -- Updated 1521 GMT (2321 HKT)
The first human trial of an experimental Ebola vaccine has produced promising results, U.S. scientists said.
November 27, 2014 -- Updated 1415 GMT (2215 HKT)
Darren Wilson, the police officer who fatally shot unarmed black teen in August abandoned home after address made public.
November 25, 2014 -- Updated 2236 GMT (0636 HKT)
HBO -- backing a documentary based on "Going Clear," a book about Scientology and Hollywood -- isn't taking any chances with legal side.
November 26, 2014 -- Updated 1935 GMT (0335 HKT)
Grandmaster Nguyen Van Chieu has devoted his adult life to spreading the word about Vietnames martial art, Vovinam.
November 27, 2014 -- Updated 1136 GMT (1936 HKT)
England cricketer Nick Compton shares insight into "drive and courage" it takes to face fears as top batsman.
November 27, 2014 -- Updated 0059 GMT (0859 HKT)
Ferguson police officer Darren Wilson says he was just doing his "job right" when he shot and killed black teenager Michael Brown.
November 24, 2014 -- Updated 0118 GMT (0918 HKT)
The interior of the Formosa Boulevard Mass Rapid Transit Station in Kaohsiung, in southern Taiwan.
Stunning stations where your first priority won't be finding the nearest exit.
November 25, 2014 -- Updated 2318 GMT (0718 HKT)
Turkish President Recep Tayyip Erdogan says women's "nature is different," sparking fury.
November 24, 2014 -- Updated 1043 GMT (1843 HKT)
A 30-year-old woman has been charged with attempting to kill a baby police say spent five days down a drain before being discovered by cyclists.
November 21, 2014 -- Updated 0121 GMT (0921 HKT)
If it wasn't for a comic's skit, Bill Cosby would still be America's favorite father, says expert.
November 24, 2014 -- Updated 0051 GMT (0851 HKT)
Where do hip young things hang out in Taiwan?
November 21, 2014 -- Updated 1550 GMT (2350 HKT)
Obama orders the most sweeping overhaul of U.S. immigration in decades, prioritizing the deportation of "felons, not families."
November 18, 2014 -- Updated 2106 GMT (0506 HKT)
Fighters loyal to ISIS are now in control of Derna, a city on Libya's Mediterranean coast.
November 21, 2014 -- Updated 2319 GMT (0719 HKT)
China and likely other countries have the capacity to shut down the U.S. power grid, says the NSA.
November 19, 2014 -- Updated 1945 GMT (0345 HKT)
The founder of a U.S. nonprofit that works with returning soldiers is named CNN's Hero of the Year.
November 27, 2014 -- Updated 1703 GMT (0103 HKT)
Each day, CNN brings you an image capturing a moment to remember, defining the present in our changing world.
Browse through images from CNN teams around the world that you don't always see on news reports.
ADVERTISEMENT