Names | FIN4 (FireEye) Wolf Spider (CrowdStrike) | |
Country | Romania | |
Motivation | Financial crime | |
First seen | 2013 | |
Description | (FireEye) FireEye tracks a threat group that we call “FIN4,” whose intrusions seem to have a different objective: to obtain an edge in stock trading. FIN4 appears to conduct intrusions that are focused on a single objective: obtaining access to insider information capable of making or breaking the stock prices of public companies. The group specifically targets the emails of C-level executives, legal counsel, regulatory, risk, and compliance personnel, and other individuals who would regularly discuss confidential, market-moving information. FIN4 has targeted over 100 companies since at least mid-2013. All of the targeted organizations are either public companies or advisory firms that provide services to public companies (such as investor relations, legal, and investment banking firms). Over two-thirds of the targeted organizations are healthcare and pharmaceutical companies. FIN4 probably focuses on these types of organizations because their stocks can move dramatically in response to news of clinical trial results, regulatory decisions, or safety and legal issues. | |
Observed | Sectors: Financial, Healthcare, Pharmaceutical. | |
Tools used | UpDocX. | |
Information | <https://www.fireeye.com/blog/threat-research/2014/11/fin4_stealing_insid.html> <https://pwc.blogs.com/cyber_security_updates/2015/06/unfin4ished-business.html> | |
MITRE ATT&CK | <https://attack.mitre.org/groups/G0085/> |
Last change to this card: 22 April 2020
Download this actor card in PDF or JSON format
Previous: Ferocious Kitten
Next: FIN5
Digital Service Security Center Follow us on |
Report incidents |
|
+66 (0)2-123-1227 | ||
[email protected] |