SEC Targeted Spear Phishing Campaign

By:  |  Category: Blog, Security Tuesday, March 14th, 2017  |  No Comments

A highly developed phishing attack is attempting to gain classified corporate data. Cyber criminals are dispatching spoofed emails alleging to be from the Security and Exchange Commission, and targeting lawyers, compliance managers, and the company officials who are in charge of filing documents with the SEC.

Identified by FireEye as FIN7, this attack selectively targets victims and uses spear phishing to distribute its malware—then demands cash in return for the uncorrupted data. FireEye has observed FIN7 attempts to compromise diverse organizations for malicious operations – usually involving deployment of point-of-sale malware – primarily against the retail and hospitality industries.

Spear Phishing Campaign

All of victims of this targeted spear phishing campaign appear to be involved with SEC filings for their respective organizations. Many of the recipients were even listed in public record for their company’s SEC filings.

The sender email address is spoofed as EDGAR <filings@sec.gov>, the attachment is named “Important_Changes_to_Form10_K.doc”.

The Targets

According to FireEye they have identified 11 targeted organizations in the following sectors:

  • Financial services, with different victims having insurance, investment, card services, and loan focuses
  • Transportation
  • Retail
  • Education
  • IT services
  • Electronics

All these businesses are US based but many also have an international presence. As the SEC is a U.S. regulatory organization, it’s obvious the recipients of these spear phishing attempts work for a U.S.-based organizations or for a U.S.-based representative of organizations located elsewhere. However, it is possible that the attackers could modify the malware to perform similar activity mimicking other regulatory organizations in other countries.

The International Cyber Mafia

John Miller, the director of threat intelligence at FireEye, depicted the cyber criminals as among “the most sophisticated financial actors” and said their methods were similar to hackers who targeted ATM machines and other parts of the banking system. He also warned the hacking tools they sought to install were particularly insidious.

“It’s the Swiss army knife of malware. It lets you do whatever you want to with the compromised system,” Miller said. Fin7 is the first international cyber mafia, a group of cybercriminals from Russia, Ukraine and other parts of Europe and China.

Please notify your key financial employees handling regulatory filings to beware of clicking on ANY links, familiar or unfamiliar. Make sure your staff is trained on cyber security best practices and know how to spot a phishing email.

For more information: Join us at our free Cyber Security in the Workplace Event and Cooking Class Event on April 27th from 12:00 to 2:30pm at BBQ Galore in the Irvine Marketplace. Contact sales@enhancedtech.com to register.

Samantha Keller

Samantha Keller

Director of Marketing and PR at EnhancedTECH
Samantha Keller (AKA Sam) is a published author, tech-blogger, event-planner and mother of three fabulous humans. Samantha has worked in the IT field for the last fifteen years, intertwining a freelance writing career along with technology sales, events and marketing. She began working for EnhancedTECH ten years ago after earning her Bachelor’s degree from UCLA and attending Fuller Seminary. She is a lover of kickboxing, extra-strong coffee, and Wolfpack football.Her regular blog columns feature upcoming tech trends, cybersecurity tips, and practical solutions geared towards enhancing your business through technology.
Samantha Keller

Latest posts by Samantha Keller (see all)

Leave a Comment
Read previous post:
Ransomware Targeting Users Through Fake Netflix App

A fake Netflix App?  NOOOOO.... Kaspersky put up the red flag on their blog this last week: "People are downloading...

Close