More than 60 healthcare and pharma companies are among 100 targeted by hackers during the last year and a half, a cybersecurity firm reports. The hackers' goal—steal insider business information to profit in the stock market.
The targeted hacking attacks, known as spear phishing, “appear to be written by native English speakers familiar with both investment terminology and the inner workings of publicly traded pharmaceutical and other healthcare companies,” according to the 15-page report by FireEye (PDF), a publicly traded security firm based in Milpitas, Calif.
The goal appears not to be to insert malware into these companies' computers, but rather to access employees' e-mail accounts to view their private e-mails. The hackers have, on occasion, “targeted several parties involved in a single business deal, to include law firms, consultants, and the public companies involved in negotiations.”
The focus is on acquiring information about ongoing mergers and acquisitions and identifying the individuals who are most likely involved, the report said.
The report did not specify any transactions exploited by the hackers, only that their efforts “must reap enough benefit to make these operations worth supporting for over a year,” and that the group's activities are ongoing.
Follow Joseph Conn on Twitter: @MHJConn