Email Attack on Vendor Set Up Breach at Target

[InfoSec News <alerts () infosecnews org>]

http://krebsonsecurity.com/2014/02/email-attack-on-vendor-set-up-breach-at-target/

By Brian Krebs
Krebs on Security
February 12, 2014

The breach at Target Corp. that exposed credit card and personal data on 
more than 110 million consumers appears to have begun with a malware-laced 
email phishing attack sent to employees at an HVAC firm that did business 
with the nationwide retailer, according to sources close to the 
investigation.

Last week, KrebsOnSecurity reported that investigators believe the source 
of the Target intrusion traces back to network credentials that Target had 
issued to Fazio Mechanical, a heating, air conditioning and refrigeration 
firm in Sharpsburg, Pa.  Multiple sources close to the investigation now 
tell this reporter that those credentials were stolen in an email malware 
attack at Fazio that began at least two months before thieves started 
stealing card data from thousands of Target cash registers.

Two of those sources said the malware in question was Citadel -- a 
password-stealing bot program that is a derivative of the ZeuS banking 
trojan -- but that information could not be confirmed. Through a PR firm, 
Fazio declined to answer direct questions for this story, and Target has 
declined to comment, citing an active investigation.

In a statement (PDF) issued last week, Fazio said it was "the victim of a 
sophisticated cyber attack operation," and further that "our IT system and 
security measures are in full compliance with industry practices."

[...]



--
Subscribe to InfoSec News
http://www.infosecnews.org/subscribe-to-infosec-news/