Researchers are continuing to analyze the recent cyberattack against American systems companyς Target. Experts from Seculert published news data which contain some very interesting details about the attack.
The security company Seculert found that the attack took place in two stages. At first, it infected point-of-sale (POS) to record all the information moving from the sales made on the server.
The second phase began before 6 days, on December 2, when malware began sending server data to another FTP server. The other server was also through the Target network used to transfer the information.
On December 2, attackers began sending data from one server to a virtual private server (VPS), located in Russia. During a two-week period, 11 Gb was totally transferred sensitive information.
The hackers did not get all the data at once. Data transfers took place several times a day for about two weeks.
Earlier this week, the investigator Brian Krebs revealed that malware used in the attack was most likely the BlackPOS, one malware developed by a group of Russians and Ukrainians.