Malware Used In Target Breach Found | St. Louis Public Radio

Malware Used In Target Breach Found

Originally published on January 17, 2014 3:54 pm

The malicious computer program used against Target was revealed in a government report released yesterday.

Officials are calling the cyber attack operation “Kaptoxa,” a Russian word that comes from a piece of code in the malware. Investigators say the malware used in the recent breach was partly written in Russian, though it’s unclear whether the attack originated in Russia.

Winnie O’Kelley, an editor for Bloomberg News, speaks with Here & Now’s Robin Young about this recent development in the Target breach.


Copyright 2018 NPR. To see more, visit



As if 110 million compromised customers isn't enough, a government report released yesterday says that the malware that infected Target may have also affected a large number of other retailers. The report says that malicious code, believed to be developed in Russia, was responsible for the data breach that took place at Target at the height of the holiday shopping season last year. Officials were calling the cyberattack operation - I'm sorry, the cyberattack operation Kaptoxa, a Russian word that comes from a piece of code in the malware.

Winnie O'Kelley is the financial crimes editor for Bloomberg, and she's with us now from New York. Hi there, Winnie.


CHAKRABARTI: So first of all, tell us what we know about this malware and how it was used to steal the information from Target customers.

O'KELLEY: Well, the new information really is that last June this malware somehow surfaced, and a group of hackers figured out how to tailor it specifically for certain retailers. Now, we know Target was targeted and we know Neiman Marcus has come out. We now believe that many other retailers probably were infected and didn't even know it because what was so malicious about this particular malware, it goes into what are called point-of-sale terminals. It strips the data out. It sends that out, and then it covers its tracks. So no one was really aware it was doing this.

CHAKRABARTI: Hmm. Now, parts of the code were written in Russian. But does that necessarily mean that the people, the hackers themselves came from Russia?

O'KELLEY: You know, certainly not. Hackers are very clever people. They love to leave clues. If you wanted someone to think it was from Russia, you might put that in there. So we can't really say.

CHAKRABARTI: Right. Well, I'm seeing here that the remarkable thing about this attack - some are saying that it's not so much the components of the operation but the sophistication and depth of the operation and the size of it.

O'KELLEY: Right. This idea that this malware was targeted specifically for retailers and it was able to gather so much information for apparently a very long period of time. My understanding from what we know now from the banks, for example, is that they're really the ones who spotted this fraud and these cards popping up in other places. And they sort of notified, hey, there's a problem here. And this is our first analysis of how big this problem is. We don't know yet. I think we're going to be hearing from retailers in days to come.

CHAKRABARTI: Right. iSIGHT, the group that helped contribute to this report, says the intrusion operators displayed innovation and a high degree of skill, orchestrating the various components of the activity. But I do wonder, since we now, you know, now everyone's wondering how many retailers were infected, is there anything further that individuals can do because - are we going to start hearing about all sorts of other businesses in the coming days with millions more pieces of data stolen?

O'KELLEY: Well, there's sort of a two-pronged answer here. One is, yes, they're very vulnerable, in particular these point-of-sale systems. And despite some efforts to make them more protected, they've failed. A couple of things can happen here. We've seen a couple of banks, JPMorgan and Citi for two, to replace debit cards because that goes right into your checking account, right? They're replacing those for all the people who they feel were affected. You could call your bank and ask if you want to replace a credit card or a debit card that's been used and start fresh. Of course, you'll have to keep doing that over time, but that's one thing you can do. Generally, you're much more protected with credit card fraud than you are with debit card fraud, so that's something for people to be very aware of.

The second thing is that if we put chips into our credit cards, which is the system that's commonly used in Europe and the rest of the world, you'll have more protection. In fact, there's the belief that the hackers are targeting the U.S. intentionally because we're the vulnerable system.

CHAKRABARTI: Wow. Winnie O'Kelley, Bloomberg News financial crimes editor, thank you so much.

O'KELLEY: Yeah. My pleasure. Transcript provided by NPR, Copyright NPR.