SAN FRANCISCO -- The malware at the center of Target's recent data breach affecting millions of customers was partly written in Russian, according to a report issued Thursday by U.S. government authorities and cyber security researchers.
The report, which was only distributed to organizations that are involved or may have been attacked, describes a sophisticated cyber attack operation authorities are calling Kaptoxa, a Russian word that comes from a piece of code in the malware.
Some parts of the malware code were written in Russian and BlackPOS, the malware from which this latest malware derived, was originally developed by a Russian cyber crime master, according to Tiffany Jones, an executive at iSIGHT Partners.
iSIGHT, an online security firm, helped research and produce the report, along with the Department of Homeland Security, the U.S. Secret Service and the Financial Services Information Sharing and Analysis Center. iSIGHT posted a summary of the report on its website Thursday.
Target said last week that cyber thieves compromised the credit card data and personal information of as many as 110 million customers through point of sale, or POS, systems the company uses. The stolen data includes phone numbers, e-mail and home addresses, credit and debit card numbers, PINs, expiration dates.
Luxury department store operator Neiman Marcus disclosed a similar breach recently and cyber security experts see more attacks on the retail industry this year.
"The use of malware to compromise payment information storage systems is not new. However, it is the first time we have seen this attack at this scale and sophistication," iSIGHT said in its summary of the report.
"This software contains a new kind of attack method that is able to covertly subvert network controls and common forensic tactics, concealing all data transfers and executions that may have been run, rendering it harder to detect," the firm added. "Many retail organizations may not know that they have been infected, or that they have already lost data."
The Department of Homeland Security and its government and private-sector partners are investigating the Target hack and issued the report Thursday so that companies and other industry organizations can get technical information to try to defend against such attacks.
"Information sharing is a key part of the Department of Homeland Security's important mission to create shared situational awareness of malicious cyber activity," DHS spokesman S.Y. Lee said. "This product is part of that important effort."
The fact that some of the malware code from Operation Kaptoxa was written in Russian does not necessarily mean the attacks came from Russia, iSIGHT's Jones noted.
Since early 2013, different variations of this malware were available for sale online, so, in theory, anyone could have purchased it and then launched an attack, she explained.
The malware was on offer for about $1,000 and in the case of Target it has produced hundreds of millions of pieces of information that will be valuable to online fraudsters, meaning the up-front investment has likely yielded a huge return for the hackers involved, she said.