Reuters has the story this morning about a new report out from the folks at FireEye about a cyber espionage ring that targets financial services firms.
The campaign, dubbed FIN4 by FireEye, stole corporate secrets for the purpose of gaming the stock market. FireEye believes that the extensive cyber operation compromised sensitive data about dozens of publicly held companies.
According to FireEye the victims include financial services firms and those in related sectors, including investment bankers, attorneys and investor relations firms.
Rather than attempting to break into networks overtly, the attackers targeted employees within each organization. Phishing e-mail messages led victims to bogus web sites controlled by the hackers, who harvested login credentials to e-mail and social media accounts. Those accounts were then used to expand the hackers reach within the target organization: sending phishing email messages to other employees.
The criminals behind FIN4 sought data that could be useful to stock traders, including Securities and Exchange Commission filings, confidential documents on mergers and acquisitions, discussions of legal cases, board planning documents and medical research results, according to FireEye Threat Intelligence Manager Jen Weedon.
The victims ranged from small to large cap corporations. Most are in the United States and trade on the New York Stock Exchange or Nasdaq, Reuters reported.