![]() ![]() Through a PR firm, Fazio declined to answer direct questions for this story, and Target has declined to comment, citing an active investigation. Two of those sources said the malware in question was Citadel - a password-stealing bot program that is a derivative of the ZeuS banking trojan - but that information could not be confirmed. ![]() Multiple sources close to the investigation now tell this reporter that those credentials were stolen in an email malware attack at Fazio that began at least two months before thieves started stealing card data from thousands of Target cash registers. Last week, KrebsOnSecurity reported that investigators believe the source of the Target intrusion traces back to network credentials that Target had issued to Fazio Mechanical, a heating, air conditioning and refrigeration firm in Sharpsburg, Pa. that exposed credit card and personal data on more than 110 million consumers appears to have begun with a malware-laced email phishing attack sent to employees at an HVAC firm that did business with the nationwide retailer, according to sources close to the investigation.
0 Comments
Leave a Reply. |