By Tal Be'ery | August 28, 2014

Today we published our report on the untold story of the Target attack.  The full version is available here.

In December 2013, in the midst of the busiest shopping season of the year, Target announced that it had been breached by attackers who had gotten away with 70M customers’ Personal Identifiable Information (PII). A few days later, Target admitted that 40M credit cards were stolen. The financial damages to Target currently stand at $148M, and according to analyst forecasts are estimated to reach $1B.

This report builds out the entire Target attack story and sheds light on the previously unanswered questions:

  • How were the Target attackers able to leap from the machine of a sub-contractor to the heart of the payment systems?
  • How did the attacker get a hold on some 70M
    “Personal Identifiable Information” (PII)?


The report reveals the attackers’ Tactics, Techniques and Procedures (TTPs) and details the following key findings:

  • Attackers mostly used general IT tools, protocols and procedures. Seldom did they use hacker-specific tools and malware
  • Active Directory related activity was paramount to the attackers’ success
  • Attackers used “Pass-the-Hash” techniques to propagate through Target’s network
  • Attackers had gained access to 70M PIIs by exploiting a SQL server database
  • PCI compliance actually improved the security posture of Target. Target’s compliance with PCI not only minimized the scope of the breach, but also forced the attackers to slow down as they re-assessed and changed their course of attack.

For those interested in the short version, we’ve put together this infographic: