The investigation of the Target breach is still ongoing, and the company has understandably tight-lipped about the details of the attack, but they shared that the hackers have been able to enter the company's system by leveraging credentials stolen from a vendor.
Naturally, they haven't mentioned the name of the vendor in question, and they didn't say for which portal the credentials were for, but it's probably not a coincidence that Target limited access to the suppliers' database (Info Retriever) and their human resources website (eHR) last week.
In the meantime, Brian Krebs has been doing some sleuthing and has been patching together clues, and believes that the attackers probably discovered that Target used a particular piece of software that had an administrator-level user account with a default password know to them, and misused it to set up a control server within Target’s internal network so that the stolen card data could be collected in one place before getting exfiltrated.
He reports that the Dell SecureWorks' Counter Threat Unit has also discovered that one component of the malware installed itself as a service called “BladeLogic." The name was obviously chosen to mimic the name of an automation software created by BMC, the same company that sells the IT management software suite mentioned in the paragraph above.
While BMC has declined to say whether Target uses its software, a trusted source confirmed to Krebs that many US retailers do.
Reading our newsletter every Monday will keep you up-to-date with security news.
Receive a daily digest of the latest security news.