FireEye Inc (NASDAQ:FEYE), a network security company revealed that it is tracking a group of cyber criminals stealing insider information to obtain an advantage in stock trading.

FIN4’s primary targets

The network security company named the hacker group “FIN4,” which targets the e-mail accounts of persons (senior executives, legal counsels, researchers, scientists etc.) who have knowledge about the most confidential information of more than 100 companies.

FireEye FIN4 Targets

FIN4 is focused on obtaining non-public information about mergers & acquisition (M&A) transactions and market-moving announcements particularly in the healthcare and pharmaceutical industries.

“We believe FIN4 heavily targets healthcare and pharmaceutical companies as stocks in these industries can move dramatically in response to news of clinical trial results, regulatory decisions, or safety and legal issues,” according to FireEye Inc (NASDAQ:FEYE).

The network security company noted that the cyber criminals appear to have a deep understanding with business deals and corporate communications as well as their impact to the financial markets.

FireEye says FIN4 does infect targets with malware

According to FireEye Inc (NASDAQ:FEYE), the hacker group does not infect its targets with malware to gain access to insider information. The cyber criminals lure their targets with stolen documents from actual deal discussions.

The network security firm found that the cyber criminals organizes the target of their operation with more than 70 campaign codes, which serves as labels to identify the source of the stolen usernames and passwords.

FIN4 campaign code sample

Spearphising themes

The spearphising themes of the hacker group demonstrate familiarity in the financial markets and are written by native English speakers. The phishing e-mails normally presents shareholder and public disclosure concerns.

Aside from using stolen documents as a lure, FireEye also noted that FIN4 occasionally uses generic lures such as using an existing e-mail thread to a victim’s inbox to spread their weaponized document.

FIN4 spearphishing

“We’ve seen the actors seamlessly inject themselves into email threads. FIN4’s emails would be incredibly difficult to distinguish from a legitimate email sent from a previously compromised victim’s email account. The actors have also Bcc’d all recipients, making it even more difficult for recipients to decipher a malicious email from a legitimate one,” according to FireEye Inc (NASDAQ:FEYE).

The network security company said its visibility to hacker group’s network of operations is limited, and it is uncertain about the next move of the group after gaining access to insider information.

FireEye Inc (NYSE:FEYE) believed that the cyber criminals must be reaping enough benefits given the fact that they are supporting their operations for more than a year, and continues to target new victims.