The US securities regulator is investigating a group of hackers who are alleged to penetrated the corporate email accounts of at least eight unnamed companies listed on the stock market.
The US Securities and Exchange Commission (SEC) has asked these as-yet-unnamed firms to provide information on these breaches.
The SEC’s involvement in the investigation comes as the hackers reportedly used stolen information to conduct insider trading deals, according to Reuters.
“The SEC is interested because failures in cybersecurity have prompted a dangerous, new method of unlawful insider trading,” Stark said. He is now a private cybersecurity consultant.
The US Secret Service is also conducting a parallel investigation, but it reportedly denied to comment on the Reuters report.
The probe was reportedly triggered by a warning in December from security company FireEye, which revealed details about a sophisticated hacking group it called “FIN4.”This group of hackers has been operating since mid-2013 and have targeted the corporate email accounts of over 100 companies.
Rather than conducting corporate espionage or stealing state secrets, this group of hackers was reportedly hunting for information about mergers and acquisitions, as well as other events that can affect the stock market.
So who were the targets? Well, no names have been released, but it seems that more than 60 listed companies in biotechnology and other healthcare-related fields were targeted by FIN4. These types of firms were targeted because apparently their stocks tend to be volatile, and thus potentially more profitable.
The hackers made use of “spear phishing” techniques to get staff members to provide their usernames and email passwords. The hackers apparently used fake Microsoft Outlook login pages to dupe unsuspecting employees. And it seems that the hackers were well versed in the financial markets and spoke “flawless English”.
It is rare for the SEC to investigate cyber crimes, as it tends to stick to its remit of only probing questionable trading activity in stocks and options.
The regulator can only file civil, not criminal charges, but it shows how serious US government agencies are now taking cyber attacks.
Earlier this year, in response to the ongoing attacks, President Obama created a US sanctions program to financially punish hackers outside the United States who are involved with malicious cyber attacks.
Are you a security pro? Try our quiz!
Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…
Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…
Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…
Welcome to Silicon In Focus Podcast: Tech in 2025! Join Steven Webb, UK Chief Technology…
European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…
San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…