FireEye Discovers New Hacking Gang - ‘FIN4’

Security firm FireEye recently published a report analyzing a hacker group known as FIN4 which has targeted several leading companies since mid-2013.

FireEye figures that the hackers sent articulate phishing emails with tainted attachments demonstrating "deep" knowledge of corporate communications and financial markets.

In one case, attackers attacked five organizations which are involved in a then non-public merger months ahead of the deal were publicized. In another case, it employed information gathered from a hacked consultancy to target clients of that firm.

Malware researchers said that FIN4 group targeted 100 healthcare, law and pharmacy firms along with constancies including senior executives during last 18 months out of which 98 were listed on the NYSE or NY Stock Exchange or NASDAQ.

The researchers said in their report: "FIN4 knows their audience: Their spear phishing themes seem to be authored by native English speakers familiar with both the inner workings of public companies and investment terminology."

FireEye says that the actors of threat hide their tracks using Tor which is a service for finding the location of anonymous Internet users.

Scmagazineuk.com published news on 1st December, 2014 quoting Dan McWhorter, VP of Threat Intelligence of FireEye, as saying "It is a matter of worry that sophisticated threat actors are conducting attacks to play the stock market to their benefit but it actually has never been seen in action. We are seeing FIN4 for the first time as a group of very advanced sophisticated cybercriminals which actually methodically collect information which has only true value to a crook when employed in relation to the stock market."

Security researchers believe that the origin of hackers of FIN4 is either Western Europe or US as per their strong command of the language, compliance requirements, regulator and industry knowledge.

The firm is confident that FIN4 is not from China because of the content of their phishing emails and other techniques. Researchers often consider China as responsible while assessing blame for economically motivated cyber espionage.

Reuters.com published news on 1st December, 2014 stating that Jen Weedon, Intelligence Manager of FireEye Threat, suspects that the hackers were trained at Western investment banks giving them the knowledge of identifying their targets and draft convincing phishing emails.

Weedon added that they are applying their knowledge of working of banking community for investment.

» SPAMfighter News - 12/9/2014