SEC joins hunt for FIN4 attackers America's Securities and Exchange Commission (SEC) has joined the hunt for the FIN4 hacking group. The bunch, revealed by FireEye in December 2014, used a phishing attack to get access to listed companies' computer systems. Their payoff was to get insider information to trade their targets' stocks. According to Reuters, the …
I can imagine the successful attack:
Dear Sir or madams
I am deceased recently relative of PRESident aid Mhongo of THE People Democratic Republic congo. He left for charitee an considerable sum USD450000M and wished me to move it to a trusted person in you to disbursal and invest in market. Please send bank name and password and I will give 20% percent for trouble. Also need computer name and passowrd to help transfer.
your love
Miss Mhongo
144544 Street (not really) in London (with a stupidly long number)
London
"At that time, FireEye had been unable to establish di9rect [sic] evidence that the phishing attack had yielded information to run trades."
Perhaps more direct methods were used. When large amounts of money are available the baddies might not rely on emailed .pdfs and instead do boring old espionage or perhaps both together. People do daft things sometimes like open attachments. They are probably more likely to do that if the attractive operative that has got the mark pissed up claims it has their phone number and address details in it. The remote connection is established ...
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
