Skip to main content

Security firm traces Target malware to Russia

By Marie-Louise Gumuchian and David Goldman, CNN
updated 5:50 AM EST, Tue January 21, 2014
STORY HIGHLIGHTS
  • NEW: IntelCrawler updates report, says Russian teenager not solely responsible for attack
  • Target breach imperiled credit card numbers, personal info of millions
  • Teen reportedly shared malware with other hackers
  • Experts warn other breaches could happen

(CNN) -- A security firm that had pointed the finger at a 17-year-old Russian last week updated its report Monday to identify a different Russian resident as being responsible for writing the malware used in an attack compromised the credit card numbers and other personal information of up to 110 million Target customers.

In a statement published Friday, security firm IntelCrawler said the breach was the result of malware that infected Target's payment system and possibly compromised the systems of other retailers. Neiman Marcus reported a similar security breach this month.

The 17-year old does not appear to be solely responsible for the attack. Independent security researcher Brian Krebs earlier reported that other code in the Target hack pointed to a Ukraine resident.

Homeland security warns retailers

Target breach may be tied to Russian mob
Target 'grinched' for Christmas

Experts say the author may have shared it with others.

"Well, we should be worried. One of the things the hackers do is take the malware as it's called. Once it's identified, then the security community can rally around it and put controls in place. But the problem is, the hackers know that. And they manipulate or mutate this malware, and then reuse it," SecureState CEO Ken Stasiak said.

"We believe that he originated the code, or the malware everybody's calling it now. And was able to put it up on the Internet for download for other hackers to then take, and potentially use it for malicious harm. And that's what we believe happened to Target and Neiman Marcus."

The first sample of the malware was created in March and since then, more than 40 versions have been sold around the world, IntelCrawler said. It first infected retailers' systems in Australia, Canada and the United States.

Hack is a wake-up call on privacy

Andrew Komarov, IntelCrawler CEO, said most of the victims are department stores and said more BlackPOS infections as well as new breaches could appear soon. Retailers should be prepared.

"The numbers could be staggering, really, because what the retailers are looking at are potential class action lawsuits," CNN legal analyst Paul Callan said.

"Let's say hypothetically, a retailer has 40 million transactions by 40 million different customers. All 40 million may have been damaged in some way, and under law they can all be joined together in a class action lawsuit."

Millions getting new cards after hack

CNN's David Goldman and George Howell contributed to this report.

ADVERTISEMENT
Part of complete coverage on
updated 2:51 PM EDT, Tue April 15, 2014
Sky gazers caught a glimpse of the "blood moon" crossing the Earth's shadow Tuesday in all its splendor.
updated 12:24 PM EDT, Tue April 15, 2014
Oscar Pistorius didn't consciously pull the trigger the night he shot and killed his girlfriend, the sprinter testified at his murder trial.
updated 5:16 PM EDT, Mon April 14, 2014
Officials are launching their next option: an underwater vehicle to scan the ocean floor.
updated 8:54 AM EDT, Tue April 15, 2014
A mysterious new artwork has appeared in Cheltenham, where Britain's version of the NSA is located.
updated 11:23 AM EDT, Tue April 15, 2014
Like many parents across Liverpool, the McManamans waited. 25 years ago, it was all they could do.
updated 9:24 AM EDT, Tue April 15, 2014
The Maltese Falcon makes a swift turn while at sea.
How do you design a superyacht fit for the billionaire who has everything money can buy?
updated 11:48 AM EDT, Tue April 15, 2014
Pop art condoms in Kenya
Packaging can change how people see things. And when it comes to sex, it could maybe help save lives too.
updated 11:42 AM EDT, Tue April 15, 2014
mediterranean monk seal
Africa is home to much unique wildlife, but many of its iconic species are threatened.
updated 11:09 AM EDT, Tue April 15, 2014
A staff stands next to the propellers of Sun-powered plane Solar Impulse 2 HB-SIB seen in silhouette during its first exit for test on April 14, 2014 in Payerne, a year ahead of their planned round-the-world flight. Solar Impulse 2 is the successor of the original plane of the same name, which last year completed a trip across the United States without using a drop of fuel. AFP PHOTO / FABRICE COFFRINI (Photo credit should read FABRICE COFFRINI/AFP/Getty Images)
This solar-powered aircraft will attempt to circle the globe next year.
updated 7:56 AM EDT, Mon April 14, 2014
Most adults make the mistakes of hitting the snooze button and of checking emails first thing in the morning, writes Mel Robbins.
updated 1:14 PM EDT, Tue April 15, 2014
... not in Italy. In fact, it's thousands of miles away.
updated 8:43 PM EDT, Tue April 15, 2014
Ebola victims usually come from remote areas -- but now the lethal virus is in a city of two million.
updated 9:40 AM EDT, Tue April 15, 2014
Browse through images you don't always see on news reports from CNN teams around the world.
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT