By Meagan Clark - At least six U.S. retailers were under a massive cyber attack Friday employing the same software used late last year to steal credit card data from some 40 million Target Inc. (NYSE:TGT) customers and personal data from another 70 million Target customers, said cyber security firm IntelCrawler.
Andrew Komarov, IntelCrawler’s chief executive, said his firm knows the identity of two of the companies but has not yet publicly disclosed their names. He has been working with law enforcement, Visa Inc (NYSE:V) and intelligence teams from several banks to combat the cyber attack and identify the stores, as their names are not available through only the public IP addresses.
IntelCrawler’s discovery is the most recent evidence suggesting the cyber attacks of Target Inc and Neiman Marcus may only be part of a larger attack.
In an email to the IBTimes, Komarov said a Canadian store was compromised in 2012 by the same type of malware, which means that the first variant of it was approbated there by the author, Sergey Taraspov, now about 17 years old. Taraspov has roots in St. Petersburg and is a well known, underground programmer of malicious code.
IntelCrawler is not aware of any non-U.S. retailers being attacked, Komarov said.
Retailers in California and New York were among those hacked with kARTOXA/BlackPOS, the software used in the attack on Target.
Security researchers at the Los Angeles-based IntelCrawler said the teen malware author created the first sample of the software in March 2013. Komarov issued the first report on this malware in the beginning of the spring when he worked for another forensics company.
Komarov also said in an email to the IBTimes that there is evidence of more than six ongoing attacks, but that he cannot yet release more information.
"We will report with the first feedback and approval from [law enforcement authories]," Komarov said.
IntelCrawler describes itself as a "a multi-tier intelligence aggregator, which gathers information and cyber prints from a starting big data pool of over 3, 000, 000, 000 IPv4 and over 200, 000, 000 domain names, which are scanned for analytics and dissemination to drill down to a desired result."