Cyber crime tracking outfit FireEye has alerted the FBI to an undergound hacking collective called FIN4, whose intrusions appear to be primarily motivated at gaining an edge in stock market trading.
FireEye says FIN4 has targetted over 100 public companies since 2013 using e-mail takeover tactics and social engineering techniques in an attempt to gain access to insider information capable of making or breaking stock prices.
The group specifically targets the emails of C-level executives, legal counsel, regulatory, risk, and compliance personnel, and other individuals who would regularly discuss confidential, market-moving information.
In one case, the hackers even posed as an adviser to one of two companies in a potential acquisition.
The native-English speaking operators demonstrate extensive knowledge of the nuances in industries they target as well as financial practices, implying that the threat is emanating from a US-based or Western European hacker collective.
All of the targeted organisations are either public companies or advisory firms that provide services to public companies, such as investor relations, legal, and investment banking firms.
Over two-thirds of the targets are healthcare and pharmaceutical companies, whose stocks can move dramatically in response to news of clinical trial results, regulatory decisions, or safety and legal issues.
Dan McWhorter, VP of threat intelligence, FireEye, says: “FIN4 is the first time we are seeing a group of very sophisticated attackers actually systematially acquire information that only has true value to a criminal when used in relation to the stock market.”