Hacking Group Targets Regulatory Professionals, Seeking Insider Information
Regulatory professionals, watch out: A group of hackers is targeting pharmaceutical and medical device companies, and eyeing regulatory professionals as a way past corporate firewalls.
The New York Times is reporting that a group of investment-oriented hackers has been targeting more than 100 companies—"the vast majority publicly traded healthcare or pharmaceutical companies"—in a bid to gain a "market edge."
The attacks are remarkable, The Times noted, in that the hackers seem to correspond in perfect English and have a deep understanding of the regulatory language of the healthcare sectors they are targeting.
"Different groups of victims — frequently including top-level executives; legal counsel; regulatory, risk and compliance officers; researchers; and scientists — are sent different emails," Times reporter Nicole Perlroth wrote, citing the research of the security company FireEye, which first uncovered the hacking network now called "Fin4."
The hackers appear to be after as-yet undisclosed regulatory information, including product safety reports, investigation results and audits.
The Times report the hacking group accesses this information by prompting its victims to login to a fake email system "designed to steal the victim's credentials." The group then quietly pores through the user's email account, looking for valuable information.