Security researchers have discovered a hacker group that focuses on extracting corporate secrets so that they could proceed with gaming the stock market.

The operations have led to the compromise of sensitive information from dozens of public companies.

The hacking operations were revealed by cybersecurity company FireEye, which added that the hackers began stealing corporate secrets in the middle of 2013. Since then, the group has targeted email accounts of over 100 companies, most of which are in the healthcare and pharmaceutical industries.

The victims of the hacker group also include companies coming from other industries, along with corporate advisors such as attorneys, investment bankers and investor relations companies. Most of the victims are located within the United States and are trading on the New York Stock Exchange or NASDAQ.

FireEye refused to reveal the identities of the victimized companies, but said that it did not know if the extracted data led to any trades actually being made.

According to Jen Weedon, the threat intelligence manager at FireEye, the hackers targeted individuals that had access to exclusive insider information that could have been used to make substantial profits on trades before the information would have been publicly revealed.

Included in the information that the group looked for are SEC filings, merger documents, legal discussions, board planning documents and results on medical research.

"They are pursuing sensitive information that would give them privileged insight into stock market dynamics," said Weedon.

FireEye named the hacker group FIN4, as it is the fourth among the large and advanced hacker groups with financial motivations that are being tracked by the company.

The hacker groups do not use malware to infect the computers of their targets. Instead, they use official-looking emails that serve as phishing tools, which are sent to top executives. Once opened, the targets are then redirected to a log-in page, where the executives unwittingly reveal their log-in credentials.

The emails are written in perfect English and filled with financial jargon. In certain instances, the hackers extracted confidential documents from the servers of companies and attached them to the emails to make them look more authentic.

The hackers also use compromised email accounts to send more phishing emails to associates, expanding their networks of information sources.

FireEye has not yet determined the identities of the hackers, as they operate within the Tor service that keeps their locations anonymous. However, the security firm believes that they are likely located within the United States or Western Europe, based on the kind of language used in their phishing emails.

ⓒ 2021 All rights reserved. Do not reproduce without permission.