"The feeling is that this is either one group or some closely coordinated handful of groups," Budd said. "There are too many similarities for it to be completely random, uncoordinated groups."
Besides the similarities in malware, KrebsOnSecurity, which is run by former Washington Post reporter Brian Krebs, reported that payment card data stolen from Home Depot was for sale on Rescator[dot]cc, which is the same underground marketplace where Target card data was sold.
The string of attacks on major retailers should be a wake up call for the industry, researchers said. To tighten security, retailers have to start sharing information on breaches to help the industry plug holes in payment systems.
Trend Micro has called on retailers to set up their own information sharing and coordination center (ISAC) to counter the collaboration among hackers.
"So long as the retail industry is responding singly and in a fractured way, then the attackers are going to continue to have an advantage," Budd said.
Sign up for CIO Asia eNewsletters.