Keep up with the news by installing RT’s extension for . Never miss a story with this clean and simple app that delivers the latest headlines to you.


​Target part of a broader cyber-attack, Russian hackers allegedly involved

Published time: January 17, 2014 10:50
Reuters/Stelios Varias

Reuters/Stelios Varias

A US government classified memo has acknowledged that the Christmas cyber-attack on Target Corp was part of a much broader security breach of a number of US companies. The document alleges that traces of Russian language were detected in the malware.

The first results of the investigation into the holiday hacker attack against Target Corp have been summed up in a secret “Indicators for Network Defenders” memo distributed by the US government among American retailers and financial service companies.

People familiar with the document claim the situation is actually much worse than appraised earlier, the Wall Street Journal reports.

The investigators have confirmed fears that Target was not the only victim of the attack, but have refrained from identifying the other companies that suffered during the Christmas sales craze.

According to Reuters’ source, at least three other well-known national retailers have suffered an attack from the same virus.

On Thursday, luxury retailer Neiman Marcus Group said that it also suffered a theft of clients’ personal data during the holiday shopping period, without mentioning, though, whether its case was somehow related to Target's.

In an attempt to expose the plotters of the attack against Target Corp, America’s third-largest retail company, the US Department of Homeland Security’s National Cybersecurity and Communications Integration Center teamed up with Dallas-based iSight Partners, a cybersecurity company, which distributed its own version of the memo Thursday.

Russian connection?

It has been revealed that the virus used by the international hackers to breach Target’s firewall and compromise the personal data of 70 million people was dubbed by hackers KARTOKHA (“potato” in Russian) first appeared on the international hacker black market last spring.

In fact, it was just the latest virus among many to target point-of-sale (POS) terminals. The most notorious of these viruses are BlackPOS, Dexter and vSkimmer, Reuters reports.

Tiffany Jones, a senior vice president at iSight, described the method and scale of the attack as “unique.” She also noted that the malware was specifically designed to meticulously conceal its data manipulations, making the very detection of the virus in action a very hard task.

The identities of those who bought and accustomed this state-of -the-art, expensive malware program for the Target attack remain unknown. At the same time the investigators claim the source code of the virus contain certain words in Russian, most probably in the comments to the program. This might point to the fact that the source code of the virus was developed with the help of skilled Russian-speaking codeheads from the former Soviet Union.

“The intrusion operators displayed innovation and a high degree of skill,” the iSight report says.

KARTOKHA in action

The memo does not specify how the hackers managed to break into the Target’s networks, but the breach exposed the outdated security tools used in banking. The KARTOKHA virus (codenamed POSRAM Trojan by iSight programmers) could not be identified by any anti-virus software, the memo claims.

Also, it has been found that the actual hacking process was split into two stages. First, the Target Corp plastic card payment devices were infected with the virus, which made copies of personal data encrypted on magnetic stripes on payment cards and stored them on Target’s own servers. Then the hackers broke into the company’s system network to collect the stolen data.

One of the peculiarities of the virus was that it did not operate around the clock, limiting its activities to only prime business hours between 10 am and 5 pm, which also contributed to invisibility of the malware.

Comments (12)


Catherine Kylie 09.04.2014 07:11

In January Neiman Marcus announced that it had fallen prey to a massive cyber-attack during the holiday season, right on the heels of a widely-reported security breach at Target Corporation


Adel Ammar 22.01.2014 01:02

i love your hacker its baeuty


duane 18.01.2014 04:58

as severe as we have here. think of it, I love traveling to China because of the freedom, what has happened? They are conditioning us, New York people are starting to be used to idea they can be randomly searched, southern states are getting used to checkpoints all over, police acquiring military vehicles. traveling getting harder and harder. I'm not saying there is some sort of grand conspiracy but they are definetly conditioning us to get used to having fewer rights and freedoms. we have hit a situation where the government has more power over the people than people over the government. Were serfs but don't know it.

View all comments (12)
Add comment

Authorization required for adding comments

Register or



Show password


or Register

Request a new password


or Register

To complete a registration check
your Email:


or Register

A password has been sent to your email address

Edit profile



New password

Retype new password

Current password



Follow us

Follow us