A new report from U.S. security firm FireEye says that a cybercriminal group known as FIN4 has been stealing data from more than 100 organizations, mainly targeting publicly traded healthcare, pharmaceutical and biotechnology companies, to gain insider knowledge to manipulate the stock market.
FireEye reports that the cybercriminals have targeted the email accounts of individuals privy to the most confidential information of more than 100 companies. According to the report, "FIN4 appears to have a deep familiarity with business deals and corporate communications, and their effects on financial markets. Operating since at least mid-2013, FIN4 distinctly focuses on compromising the accounts of individuals who possess non-public information about merger and acquisition deals and major market-moving announcements, particularly in the healthcare and pharmaceutical industries."
What is unique about is FIN4 is that the group carries out its attacks in a manner that has never been seen before. According to FireEye, the crimincals do not utilize malware, instead relying heavily on highly-targeted social engineering tactics and deep subject-matter expertise to deliver weaponized versions of legitimate corporate files. Additionally, FIN4 includes links to fake Outlook Web App login pages designed to capture the user’s credentials. Once equipped with the credentials, FIN4 then has access to real-time email communication, which could lead to insight into potential market deals and timing.
FireEye didn’t name the targeted companies but said most of them are listed on the New York Stock Exchange.
Download the full FireEye report