Reuters reported on Tuesday night that the US Securities and Exchange Commission (SEC) has asked at least eight companies for details on some recent data breaches in a probe to find hackers who stole corporate e-mails so they could engage in insider trading. The SEC has not confirmed the report to Ars, but Reuters suggests that this is an unusual move for the commission, which has taken the lead on only a handful of hacking cases.
Reuters also reported that this probe was started after security firm FireEye released a report in December about a hacking group called FIN4 that focused on attacking companies on Wall Street. Ars reported on the FIN4 hacks, noting that the group relied on clever phishing attacks that collected credentials for Microsoft Outlook accounts.
At the time, FireEye speculated that the hackers were American or European, given their strong command of English and their apparent deep knowledge of the culture in Fortune 500 companies. E-mails were often sent from an account the target knew and discussed mergers, acquisitions, and other financial activities that the target was interested in. FireEye researchers said that these attacks penetrated over 100 companies, compromising the accounts of C-level executives, legal counsel, regulatory and compliance personnel, scientists, and advisors.
No comments:
Post a Comment