IEEE Computer Society Newsfeed

Subscribe RSS

« Back

Security Experts Uncover Corporate Espionage Hacking Ring

US security firm FireEye has uncovered a cyberespionage ring targeting corporate intelligence that would give the hackers inside knowledge they could use illegally to invest well in various stock markets. Starting in mid-2013, said the company, the FIN4 hacker group attacked 100 firms, primarily pharmaceutical and healthcare businesses but also investment bankers, attorneys, and investor-relations firms serving companies in these fields.  However, data was stolen from just a few publicly held companies trading on the New York Stock Exchange and NASDAQ, according to FireEye, which didn’t identify the victims. It is unclear whether the hackers made trades based on the information stolen, which included draft US Securities and Exchange Commission filings, and documents on mergers and board meetings. FIN4 stole passwords to email accounts, accessed emails, and then launched phishing attacks tailored to individual victims. The hackers reportedly used Tor to anonymize their location, but FireEye said the content of their phishing emails and the way they operate indicated they’re based in the US or Western Europe. FireEye also suspects they were trained at Western investment banks, based on how they identified targets and worded their emails. In some cases, they used information they stole as a phishing lure to make their e-mail more convincing by using privileged information. FireEye says it notified the victims it identified and the US Federal Bureau of Investigation about the attacks. (Reuters)(The New York Times)

Trackback URL: