Breach, Data Security

Phishing emails containing malware may have enabled Target breach

Attackers in the Target breach used phishing emails containing malware to steal system credentials from Fazio Mechanical Services, according to a report by technology journalist Brian Krebs.

The emails containing malware were sent out to Fazio Mechanical employees at least two months prior to the first cards being stolen from Target, Krebs wrote, adding that the malware in question may have been Citadel, which can steal passwords.

Fazio Mechanical announced on Feb. 6 that it was the victim of a sophisticated attack, but added that the company was in full compliance with industry practices. Krebs' unnamed sources took issue with this claim, citing the company's sole use of the free Malwarebytes Anti-Malware software as questionable.

Target could not comment, citing the ongoing investigation, and a Fazio Mechanical representative did not respond to a request for comment.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.