Hackers use Wall Street know-how to steal stock-moving biotech info

Biotech IT security teams were just presented with another headache. A team of Western, Wall Street insiders is believed to be breaking into biopharma company emails in pursuit of information on drug development results, takeovers and other events likely to affect share prices.

Cybersecurity firm FireEye outed the group--which it has dubbed Fin4--after tracking its activities for more than one year. FireEye is yet to identify the people behind the attacks, but has built an image of them based on the methods they employ. The hackers access confidential information by taking over one email account and using it to send phishing messages. Emails sent by the group typically contain a link to a fake login page that is used to cull passwords from executives.

The scheme relies on Fin4 being able to trick biotech executives into believing an email comes from a trusted associate. As such, the emails are free from the garbled English that characterizes consumer spam and are dotted with investment banking colloquialisms. The content of the emails has led FireEye to conclude Fin4 is run by Western, perhaps American, people who have worked at Wall Street investment banks.

Once Fin4 has access to the email account of a biotech executive or legal counsel, it just has to wait for a discussion about a juicy, potentially stock-moving topic. "Given the types of people they are targeting, they don't need to go into the [company's servers and IT infrastructure]; the senior roles they target have enough juicy information in their inbox," Jen Weedon, a FireEye threat intelligence manager, told the New York Times.

FireEye reports Fin4 has targeted more than 100 companies, two-thirds of which are in the pharma and healthcare sectors. Many of the other targets were legal and M&A advisors. In one case, Fin4 targeted two firms that were advising a company and accessed a Securities and Exchange Commission filing about an attempted takeover before it became public.

- read the report (PDF)
- here's the NYT article
- check out Bloomberg's take
- and Reuters' coverage