The cybersecurity company FireEye has unearthed a team of e-mail intruders that snoop through the correspondence of company executives who may possess market-moving information.
FireEye said the team has carried out attacks against nearly 100 publicly traded companies or their advisory firms in possible attempts to play the stock market. Most of the targets are health-care or pharmaceutical companies. It noted that the shares of those firms can move dramatically after the announcement of clinical trial results, regulatory decisions, or other significant developments.
FireEye has labeled the group "FIN 4" and says it focuses on capturing user names and passwords to e-mail accounts, which gives the group access to private correspondence. The group does not use malware, which helps it evade detection.
"FIN 4 is the first time we are seeing a group of very sophisticated attackers actually systematically acquire information that only has true value to a criminal when used in relation to the stock market," FireEye vice president Dan McWhorter said in a statement.
FireEye said the group sends convincing "phishing lures" to its targets, often from the e-mail accounts of other victims. The lures entice their targets into opening a document and entering their e-mail credentials.
The security firm believes the group is based in the United States or Western Europe and involves native English speakers.
FireEye Inc. said Monday that the group has been operating since at least the middle of last year. It did not identify FIN 4's targets.