Researcher disputes report BlackPOS used in Home Depot, Target attacks
Hackers typically stay within the same family of malware in launching attacks. However, it is also possible for the same group to use different malware.
Therefore, malware similarities, or dissimilarities, are not conclusive evidence that attackers are from the same group or multiple groups.
Krebs also reported that payment card data stolen from Home Depot was for sale on the same underground marketplace where Target data was sold.
Grunzweig's analysis focused only on the malware and did not draw any conclusions on whether the attackers behind the breaches were the same. But like other researchers, his instincts told him the attacks were somehow related.
"I think the groups probably are the same, but I'm just talking about the malware," he said. "I can only speculate on the groups behind them."