[ISN] Email Attack on Vendor Set Up Breach at Target

http://krebsonsecurity.com/2014/02/email-attack-on-vendor-set-up-breach-at-target/ By Brian Krebs Krebs on Security February 12, 2014 The breach at Target Corp. that exposed credit card and personal data on more than 110 million consumers appears to have begun with a malware-laced email phishing attack sent to employees at an HVAC firm that did business with the nationwide retailer, according to sources close to the investigation. Last week, KrebsOnSecurity reported that investigators believe the source of the Target intrusion traces back to network credentials that Target had issued to Fazio Mechanical, a heating, air conditioning and refrigeration firm in Sharpsburg, Pa. Multiple sources close to the investigation now tell this reporter that those credentials were stolen in an email malware attack at Fazio that began at least two months before thieves started stealing card data from thousands of Target cash registers. Two of those sources said the malware in question was Citadel




Facebooktwittergoogle_plusredditpinterestlinkedinmail