← threatfilter.dev / all groups / FIN4
FIN4
Overview
FIN4 is a financially-motivated threat group that has targeted confidential information related to the public financial market, particularly regarding healthcare and pharmaceutical companies, since at least 2013. FIN4 is unique in that they do not infect victims with typical persistent malware, but rather they focus on capturing credentials authorized to access email and other non-public correspondence.
Targets
Finance · Healthcare · Pharmacy
TTPs — 12 techniques across 5 tactics
Initial Access
-
T1566.001Spearphishing Attachment -
T1566.002Spearphishing Link
Execution
-
T1059.005Visual Basic -
T1204.001Malicious Link -
T1204.002Malicious File
Stealth
-
T1078Valid Accounts -
T1564.008Email Hiding Rules
Collection
-
T1056.001Keylogging -
T1056.002GUI Input Capture -
T1114.002Remote Email Collection
Command and Control
-
T1071.001Web Protocols -
T1090.003Multi-hop Proxy
Reporting (3)
- Hacking the Street? FIN4 Likely Playing the Market — Vengerik, B. & Dennesen, K.
- Hacking the Street? FIN4 Likely Playing the Market — Vengerik, B. et al.
- FIN4: Stealing Insider Information for an Advantage in Stock Trading? — Dennesen, K. et al.