One American cyber-security firm has reportedly found an organised espionage ring focusing on stealing corporate secrets to game the stock market.
Using a rather straightforward approach, the hackers have not been infecting users’ PCs with any sophisticated malware but focused instead on stealing their email account passwords.
Once in possession of those passwords, they subsequently managed to access those accounts via the Internet and expand their networks sending out phishing emails to other persons of interest.
According to Jen Weedon, threat intelligence manager at FireEye, the company that discovered the operation, the hackers only target individuals with access to highly sensitive insider data that could be used to make profit on trades before the data was made public.
"They are pursuing sensitive information that would give them privileged insight into stock market dynamics," Weedon said.
The hackers were using the anonymisation web browser Tor, precluding FireEye experts from locating or identifying them.
The firm said, however, that the criminals were most likely based in the USA and knowledgeable about the stock market operations, which allowed them to effectively select their victims.
"They are applying their knowledge of how the investment banking community works," Weedon said, adding that in this case, it’s not China, the ultimate cyber-nemesis of the USA, that is to blame for the criminal operation.
In fact, Weedon said, the hackers could have been trained at Western investment banks, as their ability to find targets and draft convincing phishing emails was highly proficient.
According to the firm, the hackers have compromised data of dozens of public companies, focusing mostly on pharmaceutical and healthcare firms.
They sought information about drafts of US Securities and Exchange Commission filings, documents on merger activity, discussions of legal cases, board planning documents and medical research results.
Victims also include firms in other sectors, as well as corporate advisors including investment bankers, attorneys and investor relations firms, FireEye said.
The company couldn’t confirm whether any trading was actually carried out based on the compromised information.
The victims ranged from small to large corporations, mostly based in the United States and trading on the New York Stock Exchange or Nasdaq.
Weedon said FireEye has reported the breach to the FBI, which declined to comment.
The security firm designated it as FIN4 because it is number 4 among the large, advanced financially motivated groups tracked by FireEye.