Target breach: From Russia, with malware

Tools

The massive data breach that exposed the credit card accounts and other data of 110 million Target customers, was the result of "off-the-shelf" malware called BlackPOS that was developed by Russian hackers, according to security firm IntelCrawler.

The BlackPOS malware was created by Russians Rinat Shibaeva, who goes by the internet name "ree[4]", and Sergey Tarasov, a Russian teenager, in March of last year, according to the IntelCrawler blog. The malware developers then sold the malware to cybercriminals in Eastern Europe,

"The person behind the nickname 'ree[4]' is Rinat Shibaev, working closely with Sergey Taraspov, who was acting as his technical support together with several other members, having roots in St.Petersburg (Russian Federation), very well known programmer of malicious code in underground," the blog notes.

IntelCrawler had originally blamed only Tarasov for the malware, but changed its story a day later, according to security research Brian Krebs. "So Intelcrawler apparently just changed its mind about the guy responsible for the Target POS [point-of-sale] malware. Now they have the right guy," Krebs tweeted on Monday.

In a follow up tweet on Tuesday, Krebs wrote, "Rinat Shabayev, dude accused of authoring Target POS malware, doesn't deny it," citing a Russian article.

Andrew Komarov, IntelCrawler CEO, cautions that customers of other retailers should expect additional breach reports. "Most of the victims are department stores. More BlackPOS infections, as well as new breaches can appear very soon, retailers and security community should be prepared for them," Komarov warns.

For more:
- read the IntelCrawler blog
- check out Krebs' tweets

Related Articles:
Korean credit card CEOs resign over breach
Neiman Marcus joins Target in 'Data Breach Hall of Shame'
Several types of POS malware targeting retailers, warns DHS