A new brand of cyber criminals has started stealing email communications in order to gain an upper hand on the market, Silicon Valley security company FireEye said on Monday. The firm has uncovered a cyber espionage ring aimed at gaming the stock market.

FireEye identified the team on Monday as a collective of native English-speaking operators focused on utilizing their hacking skills for the market edge – predominantly in the pharmaceutical and healthcare sectors, where any details of regulatory decisions, clinical trials, or legal issues could potentially influence market prices.



The group has launched attacks on the email accounts of at least 100 firms. FireEye Threat Intelligence Manager Jen Weedon told Reuters that the group – which it dubbed FIN4 – specifically targeted individuals who likely had access to highly insider data. Among these were executives, legal counsel, outside consultants, and researchers.



“They are pursuing sensitive information that would give them privileged insight into stock market dynamics,” Weedon stated.



Investment bankers and attorneys were also targeted. However, the company would not release specific details of the victims, only stating that three of the affected organizations are publicly listed on the New York Stock Exchange. However, they did offer some speculation as to the identity of the attackers.

“We suspect they are Americans, given their Wall Street inside knowledge,” Weedon said, recognizing that they knew the 'language' and likely knew their targets. “They seem to have worked on Wall Street.”



“In order to get useful inside information, FIN4 compromises the e-mail accounts of individuals who regularly communicate about market-moving, non-public matters,” the report said.



However, beyond recognizing the hackers as native English speakers, likely of North American or Western European background, the group was unable to locate their identities on account of their Tor (Onion Router) network usage.



“They are native English speakers who can inject themselves seamlessly into email threads,” Weedon said, adding that “if it’s not an American, it is someone who has been involved in the investment banking community and knows its colloquialisms really well.”



However, the hackers did not try to employ the use of malware to attempt further incursions into organizations’ networks. It was a simple case of reading emails, while deleting any notifications to the owners that their accounts had been infiltrated.



“Given the types of people they are targeting, they don’t need to go into the environment; the senior roles they target have enough juicy information in their inbox,” said Weedon.