SEC investigates FIN4 hackers who target publicly traded firms

The U.S. Securities and Exchange Commission (SEC) is investigating on the activities related to a FIN4 APT targeting executives at publicly traded firms.

The U.S. Securities and Exchange Commission (SEC) has launched an investigation on the activities related to a hacking crew targeting executives at publicly traded firms.

According to the Reuters, the SEC has contacted at least 8 public companies to gather information about the recent breaches that affected their organizations.

“The Securities and Exchange Commission has asked at least eight listed companies to provide details of their data breaches, one of the people said. The unusual move by the agency reflects increasing concerns about cyber attacks on U.S. companies and government agencies.” states the Reuters.

The investigation of the SEC follows an alarming report published by experts at FireEye on a hacking group dubbed FIN4.

 “The SEC has ventured into cybersecurity in different ways,” Stark says. “If somebody is out there saying that hackers are using their wares to commit corporate espionage and steal non-public, material information, the SEC is best equipped to understand” what might be going on, explained John Stark, an independent consultant and former SEC enforcement attorney on cyber-related projects.

In December, researchers at FireEye issued a report (titled “Hacking The Street“) on a hacking crew dubbed FIN4 which has been operating since at least 2013. The FIN4 group is specialized in hacking of publicly traded companies with the intent to steal sensitive data, including mergers and acquisitions intelligence.

” FIN4 has pursued targets at more than 100 organizations, over two-thirds of which are public healthcare and pharmaceutical companies. The remaining targets include advisory firms that represent public companies and a handful of public companies in other sectors closely followed by market watchers. ” states the report.

FireEye reported the attacks to the targeted companies and law enforcement, the experts revealed that the FIN4 group is still active and the experts have discovered new command and control server.

The FIN4 group targets the email accounts of top executives, including C-level executives, to gather confidential information on the victims, which included legal counsel and outside consultants from organizations in the pharmaceutical and healthcare industries.

In the past, the SEC has issued guidelines on data protection and always stressed companies to share information on cyber threats and data breach.

FIN4 hackers target companies with high-quality spear phishing emails to compromise victim’s systems. The malicious emails are written by native English speakers with a deep knowledge of investment terminology.

It’s important to note that hackers of FIN4 don’t use malware to steal data from victims, instead they try to gather user credentials of their targets in order to access their private.

Pierluigi Paganini

(Security Affairs – FIN4,  SEC)