FIN4, Wolf Spider
Description
(FireEye) FireEye tracks a threat group that we call “FIN4,” whose intrusions seem to have a different objective: to obtain an edge in stock trading. FIN4 appears to conduct intrusions that are focused on a single objective: obtaining access to insider information capable of making or breaking the stock prices of public companies. The group specifically targets the emails of C-level executives, legal counsel, regulatory, risk, and compliance personnel, and other individuals who would regularly discuss confidential, market-moving information.
FIN4 has targeted over 100 companies since at least mid-2013. All of the targeted organizations are either public companies or advisory firms that provide services to public companies (such as investor relations, legal, and investment banking firms). Over two-thirds of the targeted organizations are healthcare and pharmaceutical companies. FIN4 probably focuses on these types of organizations because their stocks can move dramatically in response to news of clinical trial results, regulatory decisions, or safety and legal issues.
Names
| Name | Name-Giver |
|---|---|
| FIN4 | FireEye |
| Wolf Spider | CrowdStrike |
Country
Motivation
- Financial crime
First Seen
2013
Observed Sectors
Tools
Information
- https://www.fireeye.com/blog/threat-research/2014/11/fin4_stealing_insid.html
- https://pwc.blogs.com/cyber_security_updates/2015/06/unfin4ished-business.html
Mitre Attack
Other Information
Uuid
1a7f67d2-c05e-48f6-b62e-76b2bea6d174
Last Card Change
2020-04-22