Home Depot and Target hacks the work of different groups

There's new information to suggest that the groups behind the Home Depot (NYSE:HD) and Target (NYSE:TGT) data breaches were not the same.

Different malware was used in the more recent attack on Home Depot than in Target's 2013 data breach. According to Bloomberg News, the program used to steal credit card information from the Atlanta-based home improvement retailer is being dubbed Framework POS and is not the same malware used against Target.

FrameworkPOS impersonates the McAfee antivirus agent and likely kept Home Depot's security team from being suspicious, Dan Guido, CEO of Trail of Bits, an information security company, told the news agency.

Home Depot confirmed last week that its payment data systems were breached in a wide-reaching operation that dates back to April. Target's breach compromised the credit card information of 40 million Target shoppers and the personal information of up to 70 million. The breach has cost Target $148 million to date.

Initially, it was suspected that the two were the work of the same group of cyber criminals, but new evidence strongly suggests otherwise. Big differences between the two pieces of code examined by experts include the malware's entry point, how it's installed, its interaction with the operating system and how the software hides credit card numbers on the retailer's network.

The memory-scraping malware used in the Target attack did not mimic anti-virus software as the malware in Home Depot's breach seems to have done.

Furthermore, lines of code from the FrameworkPOS malware used against Home Depot reveal hidden anti-U.S. military messages. According to a researcher sourced by Bloomberg who declined to be identified, one hidden message references the United States' support of the Ukraine against rebel groups. Although some stolen credit card numbers from both Home Depot and Target can be traced to the Ukraine, the anti-government messages were not reported to be found at Target.
"The development of a new piece of malware is not something you take lightly—this required some engineering," Guido said. "It's probably not the same group as hit Target."

Home Depot is still looking into the data breach and has not released any details of its internal investigation.

For more:
-See this Bloomberg News story

Related stories:
Home Depot investigating massive data breach
Backoff malware widespread, PCI Council issues call to action
How to prevent Target-like data breaches
Shoppers stop buying online after breaches
Supervalu reports data breach
Target and PF Chang's breaches 'the tip of the iceberg'