WIKIMEDIA, CHIEF PHOTOGRAPHER/MODA group of cyber attackers, dubbed FIN4, has hacked into the e-mail networks of more than 100 companies in the last year and a half, according to a new report from the security firm FireEye. The majority of the targets are executives, scientists, legal counsel, and others with sensitive information at health-care and pharmaceutical companies.
“FireEye believes FIN4 intentionally targets individuals who have inside information about impending market catalysts—events that will cause the price of stocks to rise or fall substantially in a short period of time,” the firm wrote in its report.
The attackers use clever decoys to lure their victims into clicking on link, which then asks for login information that FIN4 then steals to read their e-mails. The New York Times reported, for instance, that “[s]ome senior executives have been duped into clicking on links sent from the accounts of longtime clients, in which the supposed client reveals that they found an employee’s negative comments about the executive in an investment forum. In other cases, attackers have used confidential company documents, which they had previously stolen, as aids in their deception.”
“We suspect they are Americans, given their Wall Street inside knowledge,” Jen Weedon, FireEye’s manager of threat intelligence told Bloomberg. “They seem to have worked on Wall Street.”
The US Federal Bureau of Investigation told Bloomberg it is reviewing the report.