iTnews

Hackers breach banker, healthcare email systems to game shares

By Staff Writers on Dec 2, 2014 8:28AM
Hackers breach banker, healthcare email systems to game shares

'FIN4' group gaining access through phishing.

A hacking ring has spent the last 18 months stealing corporate secrets for the purpose of gaming the US stock market, according to security researchers, in an operation that has compromised sensitive data about dozens of publicly held companies.

Cybersecurity firm FireEye, which today disclosed the operation, said since the middle of last year, the group has attacked email accounts at more than 100 US firms, most of them pharmaceutical and healthcare companies.

Victims also include firms in other sectors, as well as corporate advisors including investment bankers, attorneys and investor relations firms, according to FireEye.

The cybersecurity firm declined to identify the victims. It said it did not know whether any trades were actually made based on the stolen data.

FireEye threat intelligence manager Jen Weedon said the hackers only targeted people with access to insider data that could be used to profit on trades before that data was made public.

They sought data that included drafts of US Securities and Exchange Commission filings, documents on merger activity, discussions of legal cases, board planning documents and medical research results, she said.

"They are pursuing sensitive information that would give them privileged insight into stock market dynamics," Weedon said.

The victims ranged from small to large cap corporations. Most are in the United States and trade on the New York Stock Exchange or Nasdaq, she said.

An FBI spokesman declined comment on the group, which FireEye said it reported to the bureau.

The security firm designated the group as FIN4 because it is number 4 among the large, advanced financially motivated groups tracked by FireEye.

The hackers don't infect the PCs of their victims. Instead they steal passwords to email accounts, then use them to access those accounts, according to FireEye.

They expand their networks by posing as users of compromised accounts, sending phishing emails to associates, Weedon said.

FireEye has not identified the hackers or located them because they hide their tracks using the Tor anonymity network.

FireEye said it believed the group was most likely based in the United States, or maybe Western Europe, based on the language used in their phishing emails, Weedon said.

She said the firm was confident that FIN4 is not from China, based on the content of their phishing emails and their other techniques.

Researchers often look to China when assessing blame for economically motivated cyber espionage. The United States has accused the Chinese government of encouraging hackers to steal corporate secrets, allegations that Beijing has denied, causing tension between the two countries.

Weedon suspects the hackers were trained at Western investment banks, giving them the know-how to identify their targets and draft convincing phishing emails.

"They are applying their knowledge of how the investment banking community works," Weedon said.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright Reuters
© 2019 Thomson Reuters. Click for Restrictions.
Tags:
breach data fireye sec security shares stock market

Partner Content

Tackling cybersecurity in 2021
Partner Content Tackling cybersecurity in 2021
COVID puts agile IT under the microscope
Promoted Content COVID puts agile IT under the microscope
Setting a path to self-funded mainframe-to-cloud modernisation with Micro Focus
Promoted Content Setting a path to self-funded mainframe-to-cloud modernisation with Micro Focus
Putting cyber security basics in place
Partner Content Putting cyber security basics in place

Sponsored Whitepapers

The top 5 tech trends to deliver business outcomes
The top 5 tech trends to deliver business outcomes
10 reasons why businesses need to invest in cloud security training
10 reasons why businesses need to invest in cloud security training
Your guide to application security solutions
Your guide to application security solutions
State of Software Security: Open Source Edition
State of Software Security: Open Source Edition
Five questions to ask before you upgrade to a SIEM solution
Five questions to ask before you upgrade to a SIEM solution

Events

  • On-Demand Webinar: How Poly and Microsoft are Embracing Future Work Environments
  • [iTnews and Micro Focus] Navigating the cloud modernisation minefield
By Staff Writers
Dec 2 2014
8:28AM
0 Comments

Related Articles

  • Flight Centre hackathon behind 2017 breach, exposed 6918 customers' data
  • Dominello says Service NSW data breach victims getting 'hypercare'
  • WA Health traces data leak to third-party pager service
  • 86 400 looks to strengthen customer sign-up process
Share on Twitter Share on Facebook Share on LinkedIn Share on Whatsapp Email A Friend

Most Read Articles

TPG Telecom to start enticing NBN customers to move

TPG Telecom to start enticing NBN customers to move

Infosys scores another $40m for Centrelink payments engine build

Infosys scores another $40m for Centrelink payments engine build

Telstra InfraCo opens up telco's own fibre network

Telstra InfraCo opens up telco's own fibre network

Transport for NSW data stolen in Accellion breach

Transport for NSW data stolen in Accellion breach

You must be a registered member of iTnews to post a comment.
Log In | Register
All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.
Your use of this website constitutes acceptance of nextmedia's Privacy Policy and Terms & Conditions.