Date 1: 10/8/2013. (Estimated date)
Reconnaissance and scanning: Attackers acquired Fazio Mechanical Firm’s user code and password through a phishing email containing a Trojan called Citadel, a password sniffing bot program. The phished credentials provided access to Target’s payment system network. Extensive reconnaissance and scanning would have been needed in order to identify Fazio Mechanical as a Target vendor, and acquire the emails of employees that possessed the login credentials necessary to access Target’s systems.
Date 2: November 11th 2013 (Around 34 days after date 1)
Exploitation: Attackers first breach Target’s system. Accessed remotely by utilizing phished credentials to masquerade as a vendor.
Date …show more content…
Attack Timeline, Target’s Perspective
Date 1: November 15, 2013 – Cybercriminals conduct attack on HVAC systems. Criminals penetrated Target’s point of sale network and installed malware on terminals.
Date 2: November 27, 2013 (12 days after Date 1) – Cybercriminals begin stealing information from 40 million debit/credit cards from Target’s systems. *Last known attack from cyber criminals*
Date 3: November 30, 2013 (15 days after Date 1) – Target acknowledges publicly that FireEye had been giving more alerts but local teams deemed that no action had to be taken against the alerts so Target did nothing.
Date 4: December 13, 2013 (28 days after Date 1) – U.S. Department of Justice notifies Target executives about fraudulent debit/credit information connected to Target transactions. Target quickly removed the malware that was being utilized by the cybercriminals
Date 5: December 19, 2013 (34 days after Date 1) – Target officially announces attack and the theft of debit/credit information. Target also launched a major public relations operation to assure their customers that the technology used by the attackers had been found and