14 DAY TRIAL // IT security firm IntelCrawler has been analyzing the recent cyberattacks against Target, Neiman Marcus, and other US retailers. The company believes that the creator of the malware used in the Target attack, and possibly the one against the high-end retailer, is a 17-year-old teenager from Russia.
The developer is said to be one Sergey Taraspov, known on the cybercriminal scene as “ree[4].”
Evidence suggests that he first created the malware, initially named Kaptoxa and later rebranded to BlackPOS, in March 2013. Initially, the threat was used to infect point-of-sale (POS) systems in Canada, Australia, and the US.
The malware author is believed to have sold over 40 builds of his creation to cybercriminals in Eastern Europe and other countries for around $2,000 (€1,500), or for half of the profit made from selling stolen payment card data.
BlackPOS was also sold to the owners of various underground websites that specialize in payment cards, including Privateservices.biz, .rescator, and Track2.name.
ree[4] is also the creator of brute force attack and other malicious tools. He has also made some money by providing DDOS attack training and from social media account hacking.
“He is still visible for us, but the real bad actors responsible for the past attacks on retailers such as Target and Neiman Marcus were just his customers,” noted Dan Clements, IntelCrawler president.
It’s possible that the BlackPOS malware is also involved in the Neiman Marcus attack. However, researchers from Seculert, who have also analyzed the Target data breach, say they haven’t found any direct connection between the two cybercriminal operations.
Just before the attacks on Target and Neiman Marcus, starting with the beginning of 2013, IntelCrawler researchers identified a series of Remote Desktop Protocol (RDP) brute force attacks against POS terminals in the US, Canada, and Australia.
The security firm says it has identified six additional retailers who had suffered data breaches. However, the companies haven’t been named.
Update. IntelCrawler says Sergey Taraspov is actually only a member of the technical support staff and that ree[4] is actually one Rinat Shibaev.