Managed IT Services, IT Security Services, Vulnerability Management and Remediation, Help Desk Support, IT Maintenance Services, Network Administration, Business Continuity Planning, Disaster Recovery Planning, Onsite and Offsite Data Backup, and Information Security Assessment
By DANNY YADRON
The cyberattacks on Target Corp. , Neiman Marcus and other retailers don’t appear to be part of a “coordinated campaign” to “adversely affect the U.S. economy as a whole,” according to an assessment by the Federal Bureau of Investigation prepared for retailers and cybersecurity experts.
The two-page document, reviewed by The Wall Street Journal, suggests that the recent string of attacks on retailers may not be the work of the same hacker or hackers.
The document, marked unclassified, says variations of the malicious software used in the attacks are “frequently modified and recompiled” by hackers seeking to profit from credit- and debit-card details. The users “are often unrelated and the only connection between them may be the sale and purchase of the malware.” People familiar with the investigation have previously told The Wall Street Journal that the hacks appeared to be carried out by different groups.
The FBI released the report within the past week, according to a person familiar with the matter. The unclassified document was prepared by the National Cyber Investigative Joint Task Force, a group led by the FBI that works with U.S. law enforcement and intelligence agencies to share information about cyberthreats with outsiders.
The document doesn’t mention any retailers by name. But it says the hackers exploited holes in “remote management software,” which companies use to monitor and manage their networks. Connecting that software to payment-card readers at checkout counters “may represent a vulnerability and coupled with the use of poor passwords allows attackers” to infiltrate the network.
The Journal previously reported that hackers reached Target’s network through a refrigeration contractor in Pennsylvania.