Hacker Group Targets Email Accounts of CFOs, Others

“There’s nothing else that this [hacker group] could have been going after other than to game the market.”
Matthew HellerDecember 1, 2014

A group of financially sophisticated cyber-criminals has been hacking into the email accounts of CFOs of publicly traded companies and others with access to market-moving information, according to the cyber-security firm FireEye.

HACKERMost of the group’s targets are health-care or pharmaceutical companies, FireEye said in a report released Monday, warning that the hackers focus on “compromising the [email] accounts of individuals who possess non-public information about merger and acquisition deals and major market-moving announcements.”

Drive Business Strategy and Growth

Drive Business Strategy and Growth

Learn how NetSuite Financial Management allows you to quickly and easily model what-if scenarios and generate reports.

In one case, the group, whom FireEye has named Fin4, targeted employees privy to changes in closely watched government-reimbursement rates at a publicly traded health-sector firm. In another, hackers posed as an adviser to one of two companies in a potential acquisition.

“There’s nothing else that this [group] could have been going after other than to game the market,” Jen Weedon, a manager at FireEye’s Mandiant unit, told the Wall Street Journal.

FireEye researchers couldn’t link any irregular trading to the group but noted that “access to insider information that could make or break stock prices for over 80 publicly traded companies could surely put Fin4 at a considerable trading advantage.”

The report on Fin4’s activities may fuel further cyber-security spending. According to PwC, hacker attacks against companies increased 48% last year but spending on information security actually fell 4% during the same period.

FireEye said it first began responding to Fin4 attacks in mid-2013 and the hackers appear to be well-versed in the Wall Street vernacular.

“Their email lures are precisely tailored toward each victim, written in flawless English and carefully worded to sound as if they were sent by someone with an extensive background in investment banking and with knowledge of the terms those in the industry employ,” the New York Times noted.

One of the hacker’s techniques, FireEye said, is to embed prompts for Microsoft Outlook usernames and passwords inside corporate documents they send to executives. Once a recipient enters a username and password, hackers can take over an email account, then send trick emails to other employees who may be working on a deal.

Image by Leonard Lin