The retailer reported that the initial intrusion into its network was traced back to credentials stolen from Fazio Mechanical Services, a refrigeration, heating, and air conditioning company hired by Target. Hackers used the stolen credentials between November 15th and November 28th to upload card-stealing malware to many of Targets cash registers, and within a month, completely infiltrate the system. Krebs on Security explains that Fazio Mechanical could have had access to Targets network for maintenance purposes. Those teams need to have remote access to the companys network, so that is one way the HVAC company could have had long-term access to Targets system.
Comments are closed.
