A new advanced phishing scheme going after a specific type of target has been discovered by security firm FireEye, which detailed the cyber attack in a new report. Specifically, a highly educated group going by the name of FIN4 has been discovered to target certain Wall Street companies, looking to obtain sensitive information about certain companies, transactions, and special deals, in order to later make use of it for financial gain.
The hackers employed the kind of phishing schemes that many Internet users have encountered so far, looking to convince unsuspecting users to click on malicious links that could then allow the hackers to steal sensitive login credentials and gain access to internal documents.
But unlike other phishing emails, that are sometimes easy to spot by recipients, the FIN4 emails were more complex, showing that the hackers have “strong command of the English language and knowledge of corporate finance and Fortune 500 culture,” as Ars Technica puts it.
After targeting a specific person in a company, and stealing his or her Microsoft Outlook account login details with help of malicious dialog boxes tricking the user to sign in back to his or her account (image above), the hackers would then send other phishing emails to other company insiders, injecting in some of these emails malicious code in Microsoft Office documents.
Thus, FIN4 members managed to infect the accounts of C-level executives, legal counsel, scientists and other employees of more than 100 companies, including 80 publicly traded companies and 20 Wall Street companies involved in mergers and acquisitions.
It is believed that FIN4 used the intelligence obtained from these spying attacks for financial benefits, though it’s not clear exactly what FIN4 did with the information it stole.
“Our visibility into FIN4’s activities is limited to their network operations,” FireEye wrote. “We can only surmise how they may be using and potentially benefiting from the valuable information they are able to obtain. However one fact remains clear: access to insider information that could make or break stock prices for dozens of publicly traded companies could surely put FIN4 at a considerable trading advantage.”
FIN4 activities, dating as far back as mid 2013, are still on-going, the security firm revealed. The full report is available at the source link.