Researchers are continuing to analyze the recent cyberattack against American systems companyς Target. Experts from Seculert have released new items containing some very interesting details of the attack.
The security company Seculert found that the attack took place in two stages. At first, it infected point-of-sale (POS) to record all the information moving from the sales made on the server.
The second phase began before 6 days, on December 2, when malware began sending server data to another FTP server. The Other server ήταν και αυτός μέσα από το δίκτυο της Target χρησιμοποιήθηκε για την μεταφορά των πληροφοριών.
On December 2, attackers began sending data from one server to a virtual private server (VPS), located in Russia. During a two-week period, 11 Gb was totally transferred sensitive information.
Hackers did not get all the data at the same time. Data transfers took place several times a day and for approximately two weeks.
Earlier this week, researcher Brian Krebs revealed that the malicious software used in the attack was most likely the BlackPOS, one malware developed by a group of Russians and Ukrainians.