The guts of the malware code provided some intriguing leads. One of the passwords was Crysis1089. That happens to be the nickname of an Xbox gamer. (His rank on the Xbox Live global leaderboard as of March 10: 11,450,001.) It also appears to be a reference to the October 1989 date of mass protests that preceded Ukrainian independence and the dissolution of the Soviet Union.
There was another name embedded in the exfiltration code: Rescator. The alias, a reference to a pirate in the 1967 French film Indomptable Angélique, belongs to a prolific Ukrainian trafficker in stolen credit card numbers. Rescator operates several online card number sites—cheapdumps.org and Lampeduza.la, to name two—that use the country domains of Laos, Somalia, and the former Soviet Union, among others. Rescator isn’t the only reseller pushing the stolen Target data, but according to Krebs and several other security investigators, he’s the most active, apparently operating with impunity out of the Black Sea port of Odessa.
It's unclear whether the hacker Rescator was actually involved in the Target data breach.