http://krebsonsecurity.com/2014/02/email-attack-on-vendor-set-up-breach-at-target/
By Brian Krebs
Krebs on Security
February 12, 2014
The breach at Target Corp. that exposed credit card and personal data on
more than 110 million consumers appears to have begun with a malware-laced
email phishing attack sent to employees at an HVAC firm that did business
with the nationwide retailer, according to sources close to the
investigation.
Last week, KrebsOnSecurity reported that investigators believe the source
of the Target intrusion traces back to network credentials that Target had
issued to Fazio Mechanical, a heating, air conditioning and refrigeration
firm in Sharpsburg, Pa. Multiple sources close to the investigation now
tell this reporter that those credentials were stolen in an email malware
attack at Fazio that began at least two months before thieves started
stealing card data from thousands of Target cash registers.
Two of those sources said the malware in question was Citadel -- a
password-stealing bot program that is a derivative of the ZeuS banking
trojan -- but that information could not be confirmed. Through a PR firm,
Fazio declined to answer direct questions for this story, and Target has
declined to comment, citing an active investigation.
In a statement (PDF) issued last week, Fazio said it was "the victim of a
sophisticated cyber attack operation," and further that "our IT system and
security measures are in full compliance with industry practices."
[...]
--
Subscribe to InfoSec News
http://www.infosecnews.org/subscribe-to-infosec-news/
