SAN FRANCISCO — Investigators say they believe they have identified the entry point through which hackers got into Target’s systems, zeroing in on the remote access granted through the retailer’s computerized heating and cooling software, according to two people briefed on the inquiry.

The latest revelation highlights the reality that a large company is actually a sprawling network of interconnected vendors, and that weak security at any one vendor can lead to a significant breach.

Target, Neiman Marcus and the Michaels chain of arts and crafts stores are among the major retailers whose systems have been hacked with what investigators suspect is similar malware that invades the computerized register system and snatches consumer data, according to people with knowledge of the investigations. But it has not been disclosed whether other companies were possibly invaded through outside vendors with remotely controlled access.

Target had already confirmed that hackers used a vendor’s stolen credentials to get inside its corporate network and crawl into a server containing 70 million customers’ names, mailing addresses and email addresses and into the company’s crown jewels: the in-store cash register systems that authorized 40 million customer’s credit and debit cards over the course of a few weeks during the holiday season.

Using the vendor’s access, hackers were able to burrow into Target’s systems so thoroughly that even three days after Target thought it had expelled them, the retailer found malware on 25 registers, John Mulligan, Target’s chief financial officer, testified at a Senate hearing on Tuesday.