Native English

A team at FireEye has been tracking the attacks for more than a year and believes they began in mid-2013. Targets included more than 100 publicly traded companies, law firms, outside consultants and investment bankers, the report said.

Of the targets, 68 percent were publicly traded health-care and pharmaceutical companies and 12 percent were public companies in other industries, according to the report. Advisers made up the remaining 20 percent.

The e-mails targeting executives, lawyers and others were written by native English speakers who knew investment terms and the inner workings of public companies, according to the report.

“FIN4 knows their targets,” the report said.

Instead of infecting target computers with malware, the hackers obtained e-mail passwords and logged in to monitor communications, the report said.

Past Cases

“In order to get useful inside information, FIN4 compromises the e-mail accounts of individuals who regularly communicate about market-moving, non-public matters,” the report said.

The SEC has in the past sanctioned people who traded on confidential information obtained through hacking. In 2005, the agency sued two Estonian traders for breaking into the systems of Business Wire, which distributes press releases about corporate earnings, mergers and regulatory actions. The traders, who agreed to pay more than $14 million to settle the claims, got an early peek at more than 360 press releases, according to the SEC.

In 2010, the SEC accused a Ukrainian trader, Oleksander Dorozhko, with fraud, claiming he hacked into the systems of an investor-relations firm to get early access to the earnings of a healthcare company.
 

First « 1 2 » Next