Cybersecurity firm FireEye Inc, which disclosed the operation on
Monday, said that since the middle of last year, the group has
attacked email accounts at more than 100 firms, most of them
pharmaceutical and healthcare companies.
Victims also include firms in other sectors, as well as corporate
advisors including investment bankers, attorneys and investor
relations firms, according to FireEye.
The cybersecurity firm declined to identify the victims. It said it
did not know whether any trades were actually made based on the
Still, FireEye Threat Intelligence Manager Jen Weedon said the
hackers only targeted people with access to highly insider data that
could be used to profit on trades before that data was made public.
They sought data that included drafts of U.S. Securities and
Exchange Commission filings, documents on merger activity,
discussions of legal cases, board planning documents and medical
research results, she said.
"They are pursuing sensitive information that would give them
privileged insight into stock market dynamics," Weedon said.
The victims ranged from small to large cap corporations. Most are in
the United States and trade on the New York Stock Exchange or Nasdaq,
An FBI spokesman declined comment on the group, which FireEye said
it reported to the bureau.
The security firm designated it as FIN4 because it is number 4 among
the large, advanced financially motivated groups tracked by FireEye.
The hackers don't infect the PCs of their victims. Instead they
steal passwords to email accounts, then use them to access those
accounts via the Internet, according to FireEye.
They expand their networks by posing as users of compromised
accounts, sending phishing emails to associates, Weedon said.
[to top of second column]
FireEye has not identified the hackers or located them because they
hide their tracks using Tor, a service for making the location of
Internet users anonymous.
FireEye said it believes they are most likely based in the United
States, or maybe Western Europe, based on the language they use in
their phishing emails, Weedon said.
She said the firm is confident that FIN4 is not from China, based on
the content of their phishing emails and their other techniques.
Researchers often look to China when assessing blame for
economically motivated cyber espionage. The United States has
accused the Chinese government of encouraging hackers to steal
corporate secrets, allegations that Beijing has denied, causing
tension between the two countries.
Weedon suspects the hackers were trained at Western investment
banks, giving them the know-how to identify their targets and draft
convincing phishing emails.
"They are applying their knowledge of how the investment banking
community works," Weedon said.
(Editing by Eric Walsh)
[© 2014 Thomson Reuters. All rights
Copyright 2014 Reuters. All rights reserved. This material may not be published,
broadcast, rewritten or redistributed.