Cyber group targets Wall Street… to play stock market: FireEye
Security company exposes FIN4; gang trawled public companies, advisory firms for insider info
An advanced cyber-attack group is targeting the US financial sector in a bid to play the stock market, security company FireEye claimed today.
FireEye released a report titled "Hacking the Street?" in which it detailed a campaign by "a team of native English-speaking operators" which it named "FIN4", against "nearly 100" publicly traded companies and advisory firms. All of those targeted had access to "insider information that give a clear trading advantage", according to FireEye.
"Advanced threat actors conducting attacks to play the stock market to their advantage has long been a worry but never truly seen in action," said Dan McWhorter, VP of threat intelligence, FireEye. "FIN4 is the first time we are seeing a group of very sophisticated attackers actually systematically acquire information that only has true value to a criminal when used in relation to the stock market."
FIN4 eschews the use of malware, favouring highly targeted social-engineering ploys and "deep subject-matter expertise" to deliver "weaponised versions of legitimate corporate files", FireEye said.
"Specifically, FireEye found that since at least mid-2013, FIN4 has made product development, M&A strategies, legal issues, and purchasing processes of companies its target data points," the company said in a statement.
"With a strong command of English colloquialisms, regulatory and compliance standards, and industry knowledge, FireEye researchers believe FIN4 to be US-based or, possibly, Western European."