The Channel logo


By | Richard Chirgwin 23rd June 2015 23:56

SEC joins hunt for FIN4 attackers

Wants to net financial phishers

America's Securities and Exchange Commission (SEC) has joined the hunt for the FIN4 hacking group.

The bunch, revealed by FireEye in December 2014, used a phishing attack to get access to listed companies' computer systems. Their payoff was to get insider information to trade their targets' stocks.

According to Reuters, the SEC has contacted “at least eight listed companies” for information about their breaches.

The SEC investigation is running in parallel to another run by the US Secret Service, the usual authority for investigating cyber-crime.

In its original announcement, FireEye reckoned the spear-phishing attacks by FIN4 started in 2013 and had targeted “100 law, health care and pharmaceutical firms”, 98 of which were listed on NYSE or NASDAQ.

At that time, FireEye had been unable to establish di9rect evidence that the phishing attack had yielded information to run trades.

That makes the SEC's action intriguing: the regulator's been on the case for six months, and at least seems to believe it's worth looking for a smoking gun of some kind.

Former SEC Internet enforcement bod John Reed Stark told Reuters the action is a first for the agency, saying “failures in cybersecurity have prompted a dangerous, new method of unlawful insider trading”. ®

comment icon Read 2 comments on this article or post a comment alert Send corrections


Frank Jennings

What do you do? Use manual typwriters or live in a Scottish croft? Our man advises
A rusty petrol pump at an abandoned gas station. Pic by Silvia B. Jakiello via shutterstock

Trevor Pott

Among other things, Active Directory needs an overhaul
Baby looks taken aback/shocked/affronted. Photo by Shutterstock

Kat Hall

Plans for 2 million FTTP connections in next four years 'not enough'
Microsoft CEO Satya Nadella


League of gentlemen poster - Tubbs and Edward at the local shop. Copyright BBC
One reselling man tells his tale of woe