Back to Recollections
Intermediate
2013
Target Data Breach
Target: Retail Giant POS
Impact: Massive Retail Compromise
Operational Briefing
How a simple HVAC vendor compromise led to the theft of 40 million credit card numbers during the holiday shopping season.
The Full Story
During the 2013 holiday season, Target suffered a massive data breach. Hackers stole 40 million credit and debit card records and 70 million customer records.
Technical Analysis
The Chain
- Entry: Stolen credentials from a third-party HVAC vendor (Fazio Mechanical).
- Pivot: Moved from vendor portal to billing system, then laterally to the POS network.
- Malware: Installed 'BlackPOS' RAM-scraping malware on point-of-sale terminals to capture card data before encryption.
Available Modes
Offensive
Replicate the attack vector
Defensive
Harden systems & patch
Analysis
Forensic investigation
Event Timeline
Nov 2013
Attackers compromise HVAC vendor credentials.
Nov 27, 2013
Malware installed on POS systems.
Dec 15, 2013
Target begins disabling malware.
Dec 19, 2013
Target publicly confirms breach.
#POS Malware#Lateral Movement#Vendor Risk