Oh no, you're thinking, yet another cookie pop-up. Well, sorry, it's the law. We measure how many people read us, and ensure you see relevant ads, by storing cookies on your device. If you're cool with that, hit “Accept all Cookies”. For more info and to customize your settings, hit “Customize Settings”.

Review and manage your consent

Here's an overview of our use of cookies, similar technologies and how to manage them. You can also change your choices at any time, by hitting the “Your Consent Options” link on the site's footer.

Manage Cookie Preferences
  • These cookies are strictly necessary so that you can navigate the site as normal and use all features. Without these cookies we cannot provide you with the service that you expect.

  • These cookies are used to make advertising messages more relevant to you. They perform functions like preventing the same ad from continuously reappearing, ensuring that ads are properly displayed for advertisers, and in some cases selecting advertisements that are based on your interests.

  • These cookies collect information in aggregate form to help us understand how our websites are being used. They allow us to count visits and traffic sources so that we can measure and improve the performance of our sites. If people say no to these cookies, we do not know how many people have visited and we cannot monitor performance.

See also our Cookie policy and Privacy policy.

This article is more than 1 year old

SEC joins hunt for FIN4 attackers

Wants to net financial phishers

America's Securities and Exchange Commission (SEC) has joined the hunt for the FIN4 hacking group.

The bunch, revealed by FireEye in December 2014, used a phishing attack to get access to listed companies' computer systems. Their payoff was to get insider information to trade their targets' stocks.

According to Reuters, the SEC has contacted “at least eight listed companies” for information about their breaches.

The SEC investigation is running in parallel to another run by the US Secret Service, the usual authority for investigating cyber-crime.

In its original announcement, FireEye reckoned the spear-phishing attacks by FIN4 started in 2013 and had targeted “100 law, health care and pharmaceutical firms”, 98 of which were listed on NYSE or NASDAQ.

At that time, FireEye had been unable to establish di9rect evidence that the phishing attack had yielded information to run trades.

That makes the SEC's action intriguing: the regulator's been on the case for six months, and at least seems to believe it's worth looking for a smoking gun of some kind.

Former SEC Internet enforcement bod John Reed Stark told Reuters the action is a first for the agency, saying “failures in cybersecurity have prompted a dangerous, new method of unlawful insider trading”. ®

Similar topics

TIP US OFF

Send us news


Other stories you might like