Skip to main content

Homeland Security warns retailers about malware that hit Target

  • Author:
  • Updated:

The U.S. Department of Homeland Security has gotten involved in investigating the massive data breach at Target.

CNN reports information about the malware used to hijack customer information was detailed in a government report and distributed to the nation's major retailers. The government alerted retailers the aggressive software that led to the compromise of data at Target has likely infected other companies.

The Star Tribune reports that federal authorities issued the technical bulletin that contains descriptions of the malware that hackers used to attack Target. The report says the Secret Service and the cybersecurity arm of the Department of Homeland Security began working together on the issue as early as Dec. 18, the first day that news surfaced about the data breach.

The report said multiple retailers are still being attacked and calls this malware variant "the most dangerous ever used." The malicious file infects point-of-sale devices – cash registers – and extracts customer data processed on them. Then the data is transmitted, according to Tiffany Jones, senior vice president at iSIGHT Partners, the private firm working on the investigation. In its report, iSIGHT Partners said the hackers "displayed innovation and a high degree of skill in orchestrating the various components of the activity." Here's a summary of that report.

Last week Target updated the number of customers who had their personal information compromised to 70 million. The number was later updated to as many as 110 million. Payment data was compromised for customers who shopped between Nov. 27 and Dec. 1.

The malware variant has been dubbed Trojan.POSRAM and was derived from another type of malware known as BlackPOS, the report said. Authorities have dubbed the point-of-sale operation KAPTOXA.

Brian Krebs, the computer security blogger who first revealed the Target breach, told the Star Tribune on Thursday he thinks a hacker he profiled in December is at the center of the Target heist. The man is a Ukrainian nicknamed Rescator.

FOX 9 reported that Krebs suspects the cyber crooks broke into Target through a Web server, then planted the malicious software server to snag stolen card data. The information was collected directly from magnetic strips before it could be encrypted, but, as the station notes, "...the wildest part is that it was sent to a server inside Target just six days later. That internal server uploaded 11 gigabytes of data over two weeks."

No antivirus product available on the market is able to detect the malware used in the attack, according to Krebs.

Target officials will discuss the problems at a U.S. House hearing in the first week of February before a subcommittee of the House Committee on Energy and Commerce.

Next Up

Bar beer

Study: Excessive drinking cost Minnesotans almost $8 billion in 2019

The study was published by the Minnesota Department of Health Thursday.


Price of Disney+ is going up, unless you want ads

The ad-free version of Disney+ will increase from $7.99 per month to $10.99 per month, effective Dec. 8.


Mall of America shooting suspects arrested in Chicago

The two suspects were spotted leaving a barber shop.

Flickr - minneapolis police officer close-up belt camera - Tony Webster

Walz: Increased state law enforcement presence to stay in Twin Cities

A multi-agency effort to curb crime will go on until further notice.


Bloomington PD to provide update on Mall of America shooting investigation

There's unconfirmed reports the suspected gunman and an accomplice have been arrested.

Screen Shot 2022-08-11 at 3.14.27 PM

Motorcyclist found dead behind guardrail 6 hours after crash

The crash happened before sunset Wednesday, but no one called 911.

Screen Shot 2022-08-11 at 2.49.44 PM

Strike vote set for 15,000 Minnesota nurses

If the nurses walk off the job, Minnesota would be home to one of the largest nurses strikes in U.S. history.


Iowa Gov. asks court to lift injunction on 'heartbeat' abortion ban

A court challenge seeks to revive Iowa's abortion ban.

zipper merge, construction

6 transportation projects in Minnesota get $100M federal funding

The projects extend to areas all across the state.


Minnesota's COVID-19 update for the week ending Tuesday, August 9

The number of cases in the latest reporting period dropped compared to the previous week's update.