The cybersecurity company FireEye has unearthed a team of email intruders that snoop through the correspondence of company executives who may possess market-moving information.
FireEye said the team has carried out attacks against nearly 100 publicly traded companies or their advisory firms in possible attempts to play the stock market. Most of the targets are health care or pharmaceutical companies. It noted that the shares of those firms can move dramatically after the announcement of clinical trial results, regulatory decisions or other significant developments.
FireEye has labeled the group FIN4 and says it focuses on capturing usernames and passwords to email accounts, which gives the group access to private email correspondence. The group does not use malware, which helps it evade detection.
"FIN4 is the first time we are seeing a group of very sophisticated attackers actually systematically acquire information that only has true value to a criminal when used in relation to the stock market," FireEye Vice President Dan McWhorter said in a statement.
FireEye said the group sends convincing "phishing lures" to its targets, often from the email accounts of other victims. The lures entice their targets into opening a document and entering their email credentials.
The security firm believes the group is based in the United States or Western Europe and involves native English speakers.
FireEye Inc. said Monday that the group has been operating since at least the middle of last year. It did not identify FIN4's targets.
Shares of FireEye climbed 46 cents to $30.75 Monday morning while broader trading indexes fell slightly. Those shares had dropped about 30 percent so far this year, as of Friday.