Over 100 companies, investment advisers and law companies have been reportedly targeted by cyber hackers, in a bid to seek market-moving information about deals, a new study from FireEye reveals.
The hacking group dubbed ‘FIN 4’ managed to get passwords for board level executives and corporate development teams through targeted emails with malicious links and downloads, as they are involved in negotiations for mergers and acquisitions (M&A).
FireEye threat intelligence VP Dan McWhorter said: "Advanced threat actors conducting attacks to play the stock market to their advantage has long been a worry but never truly seen in action.
"FIN4 is the first time we are seeing a group of very sophisticated attackers actually systematically acquire information that only has true value to a criminal when used in relation to the stock market."
According to the security firm, about five organisations for every deal have been hacked to develop a picture of the probability of a deal’s success.
Researchers at the security firm noted that the hacking group relies on highly-targeted social engineering tactics and deep subject-matter skills and delivers weaponised versions of legitimate corporate files.
Specifically, FireEye found that since at least mid-2013, FIN4 has made product development, M&A strategies, legal issues, and purchasing processes of companies its target data points.
The report said: "While FIN4’s unique methodology of not using malware allows them to evade traditional detection and attribution, the report provides analysis of the social engineering and document weaponization that the group employs as identified through FireEye investigations and detections.
"With a strong command of English colloquialisms, regulatory and compliance standards, and industry knowledge, FireEye researchers believe FIN4 to be US-based or, possibly, Western European."
