FireEye Inc (NASDAQ:FEYE), a network security company revealed that it is tracking a group of cyber criminals stealing insider information to obtain an advantage in stock trading.
FIN4’s primary targets
The network security company named the hacker group “FIN4,” which targets the e-mail accounts of persons (senior executives, legal counsels, researchers, scientists etc.) who have knowledge about the most confidential information of more than 100 companies.
Khrom Capital was up 32.5% gross and 24.5% net for the first quarter, outperforming the Russell 2000's 21.2% gain and the S&P 500's 6.2% increase. The fund has an annualized return of 21.6% gross and 16.5% net since inception. The total gross return since inception is 1,194%. Q1 2021 hedge fund letters, conferences and more Read More
“We believe FIN4 heavily targets healthcare and pharmaceutical companies as stocks in these industries can move dramatically in response to news of clinical trial results, regulatory decisions, or safety and legal issues,” according to FireEye Inc (NASDAQ:FEYE).
The network security company noted that the cyber criminals appear to have a deep understanding with business deals and corporate communications as well as their impact to the financial markets.
FireEye says FIN4 does infect targets with malware
According to FireEye Inc (NASDAQ:FEYE), the hacker group does not infect its targets with malware to gain access to insider information. The cyber criminals lure their targets with stolen documents from actual deal discussions.
The network security firm found that the cyber criminals organizes the target of their operation with more than 70 campaign codes, which serves as labels to identify the source of the stolen usernames and passwords.
The spearphising themes of the hacker group demonstrate familiarity in the financial markets and are written by native English speakers. The phishing e-mails normally presents shareholder and public disclosure concerns.
Aside from using stolen documents as a lure, FireEye also noted that FIN4 occasionally uses generic lures such as using an existing e-mail thread to a victim’s inbox to spread their weaponized document.
“We’ve seen the actors seamlessly inject themselves into email threads. FIN4’s emails would be incredibly difficult to distinguish from a legitimate email sent from a previously compromised victim’s email account. The actors have also Bcc’d all recipients, making it even more difficult for recipients to decipher a malicious email from a legitimate one,” according to FireEye Inc (NASDAQ:FEYE).
The network security company said its visibility to hacker group’s network of operations is limited, and it is uncertain about the next move of the group after gaining access to insider information.
FireEye Inc (NYSE:FEYE) believed that the cyber criminals must be reaping enough benefits given the fact that they are supporting their operations for more than a year, and continues to target new victims.