A December 1st article from Bloomberg News journalists Alan Levin and Michael Riley, reports that highly knowledgeable hackers have been stealing merger-and-acquisition-related (M&A) data from more than 80 companies for close to a year now. According to researchers at security consulting firm FireEye Inc (NASDAQ:FEYE), the very savvy hackers have been tricking business execs, lawyers and consultants into giving them access to confidential data, and almost certainly using the stolen M&A information for insider trading.
The FireEye report noted that the hackers were highly knowledgeable about U.S. business practices and were native English speakers given the convincing emails they sent to their targets.
Statement from FireEye
“We suspect they are Americans, given their Wall Street inside knowledge,” Jen Weedon, FireEye’s manager of threat intelligence commented. “They seem to have worked on Wall Street.”
Mainly targeted healthcare and pharma firms
Of note, most of the cases targeted health-care or pharmaceutical firms, companies whose stock prices can be whipsawed by merger news, clinical-trial results and regulatory decisions, according to FireEye. The California-based security firm didn’t identify any targets of the hacking.
“Access to insider information that could make or break stock prices for over 80 publicly traded companies could surely put FIN4 at a considerable trading advantage,” FireEye pointed out in its report.
Law enforcement investigating stolen M&A information
All of the m&a information gathered in its investigation has been turned over to the FBI, Weedon said. The agency is reviewing the information and can’t comment, Joshua Campbell, an FBI spokesman, said in an e-mail.
In one example, the unknown hackers obtained a confidential document written for the Securities and Exchange Commission about a public company’s planned acquisition.
The culprits then used the document in a spearphishing e-mail, an attempt to persuade someone to reveal a password. The fact that the document was genuine gave the deception credibility, Weedon said.
The attacks in this case targeted two companies advising the public company, per the report, which noted the company’s share price “varied significantly” when news of a potential acquisition became public.
“It is likely that FIN4 used the inside information they had to capitalize on these stock fluctuations,” the report highlighed.