A group looking to gain an edge in stock trading is targeting email accounts for insider information from C-level executives, legal counsel, outside consultants, and others in the know.
Cybersecurity firm FireEye, who says it is tracking the group it dubbed FIN4, said it has targeted more than 100 companies “to make or break stock prices” since at least mid-2013. More than two thirds of these companies are healthcare and pharmaceutical companies.
According to a special report from FireEye meant to inform Wall Street, “FIN4 distinctly focuses on compromising the accounts of individuals who possess non-public information about merger and acquisition deals and major market-moving announcements.”
FireEye’s warning includes a confession that it can only see FIN4’s network operations but has noticed a pattern of activity from its clients’ incidents, detection data and other research. “We can only surmise how they may be using and potentially benefiting from the valuable information they are able to obtain,” the firm said.
The group looks to steal usernames and passwords to email accounts and sends phishing emails sent from other victims’ accounts. These emails entice other victims with information in order to get them to enter their email credentials.
In one scenario, FireEye said FIN4 leveraged its access to emails accounts at an advisory firm to collect data during a potential acquisition by one of the advisory firm’s clients. The group sent spearphishing emails, using a SEC document as a lure, from the advisory firm to another advisory firm also representing the client. When news of the acquisition went public, the stock price of the companies involved varied significantly.
“It is likely that FIN4 used the inside information they had to capitalize on these stock fluctuations,” FireEye said. The firm said it can’t know with certainty what FIN4 does after the group gains access to information but the work is fruitful enough to keep at it. “FIN4 continues to compromise new victims as we finish this report,” FireEye added.