Today (Jan 22, 2014) Wall Street Journal reporters Charles Levinson and Danny Yadron had a good summary of the current status of the Target Hack.
They started out with: "The malicious software that infected Target popped up in January 2013 with a price tag of $2,000 and spent nearly a year evolving in the Internet's black markets before an unknown attacker slipped it into the retailer's computer systems." They then explain about the dark alleys of the criminal ecosystem at work.
They said about how the attackers came in: "It isn't clear how the hackers got Malware into Target's internal network. There is a good chance they lured an unsuspecting employee into clicking on an infected link through a bogus email disguised to look genuine, according to several security experts. The other likely scenario, according to experts, is that the attackers found a vulnerability in one of Target's public websites." What they talk about is spear-phishing of course, without using the term.
Here is the article, (but there may be a paywall to get in).
Related Pages: Spear Phishing