Shrewd Hackers Are Pursuing Information on Mergers, Security Firm Says

A sophisticated group of hackers is taking advantage of the current mergers-and-acquisitions boom to target publicly traded companies and their executives involved in pending deals, a new study says.

More than 100 firms have been targeted since mid-2013 with the aim of gleaning confidential information that might be used to gain an edge in stock trading, according to cybersecurity firm FireEye Inc. in Milpitas, Calif.

The study says the hacker group, about which little is known, has gained access to the email accounts of executives, lawyers and others involved in public company deals, often using code from previously stolen documents to mimic normal Windows authentication prompts for usernames and passwords.

Other tactics involve using previously stolen merger documents or sending highly tailored phishing emails to lure targets into discussions about confidential topics.

The rise of M&A-specific hacking comes amid a boom time in the merger business. Global deals have topped $3.2 trillion so far this year, the most since the financial crisis of 2008, according to banking-research firm Dealogic.

The health-care sector leads the way, accounting for more than 13 percent of the value of all the deals. As it happens, more than two-thirds of attempted M&A hacks have come at health-related firms, FireEye said.

The hacks also have sought information about clinical drug trials, insurance reimbursement rates and pending legal cases.

The hacker group, which FireEye calls “Fin4” because of its concentration on financial targets, has shown it is well-acquainted with Wall Street idioms and the nuances of the arcane world of mergers and acquisitions.

In one case, it sent a Securities and Exchange Commission filing from the hacked account of one merger consultant to lure an executive at another consultancy into a discussion about the pending deal.

The rise of M&A hacks also comes at a time of increased government vigilance over insider trading.

The conviction in October of David Riley, former chief information officer at Foundry Networks Inc., marked the 87th insider-trading conviction by jury verdict or guilty plea in federal court in Manhattan over the past five years, according to U.S. Attorney Preet Bharara in Manhattan.

This article appeared in print in the December 2nd, 2014 edition of Hamodia.