Hackers seek to profit from insider information
Sophisticated cyber-thieves are attempting to cash in on stock markets' movements by stealing insider information, a security company says.
FireEye said the group had used a variety of tricks to access senior executives' email accounts.
And information and documents stolen via the compromised accounts had helped them predict stock movements.
The group had targeted more than 100 companies since it had begun operating in 2013, FireEye said.
The Fin4 group stood out from other cybercrime gangs in its preference for stealing insider information from senior executives, lawyers, regulatory staff and internal risk assessors, FireEye said.
Fin4 had gone after such employees, said FireEye in a blogpost, because of their close involvement in business activities, such as mergers and acquisitions, that could influence a stock price when they became public.
More than two-thirds of the firms targeted by Fin4 had been healthcare and pharmaceutical firms, said FireEye.
"Fin4 probably focuses on these types of organisations because their stocks can move dramatically in response to news of clinical trial results, regulatory decisions, or safety and legal issues," it said.
Information had been stolen using booby-trapped Word and Excel documents sent to executives and with messages designed to trick people into opening them, FireEye said.
The messages had looked plausible because they had employed jargon familiar to those employed in the investment and corporate worlds, it said.
In several cases, said FireEye in a longer report about Fin4, the group had targeted almost all of the organisations involved in a particular deal so it could keep an eye on how negotiations had progressed. It had also stolen information relating to drug trials, ongoing legal cases and insurance rates in a bid to profit, said the security firm.
FireEye said it was not clear yet how profitable Fin4's series of campaigns had been. However, it said, the group must be enjoying some success because it had already been operating for over a year.
To help others spot when they are being targeted by Fin4, the security firm has shared information about the computer code hidden inside the booby-trapped documents used to steal login names and passwords.