 |
สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์ Electronic Transactions Development Agency |
|
สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์ Electronic Transactions Development Agency |
APT group: FIN4, Wolf Spider| Names | FIN4 (FireEye) Wolf Spider (CrowdStrike) | |
| Country |  Romania | |
| Motivation | Financial crime | |
| First seen | 2013 | |
| Description | (FireEye) FireEye tracks a threat group that we call “FIN4,” whose intrusions seem to have a different objective: to obtain an edge in stock trading. FIN4 appears to conduct intrusions that are focused on a single objective: obtaining access to insider information capable of making or breaking the stock prices of public companies. The group specifically targets the emails of C-level executives, legal counsel, regulatory, risk, and compliance personnel, and other individuals who would regularly discuss confidential, market-moving information. FIN4 has targeted over 100 companies since at least mid-2013. All of the targeted organizations are either public companies or advisory firms that provide services to public companies (such as investor relations, legal, and investment banking firms). Over two-thirds of the targeted organizations are healthcare and pharmaceutical companies. FIN4 probably focuses on these types of organizations because their stocks can move dramatically in response to news of clinical trial results, regulatory decisions, or safety and legal issues. | |
| Observed | Sectors: Financial, Healthcare, Pharmaceutical. | |
| Tools used | UpDocX. | |
| Information | <https://www.fireeye.com/blog/threat-research/2014/11/fin4_stealing_insid.html> <https://pwc.blogs.com/cyber_security_updates/2015/06/unfin4ished-business.html> | |
| MITRE ATT&CK | <https://attack.mitre.org/groups/G0085/> | |
Last change to this card: 22 April 2020
|
Digital Service Security Center Follow us on
|
Report incidents |
|
 |
+66 (0)2-123-1227 | |
 |
[email protected] | |