ETDA ThaiCERT
Report
Search
Home > List all groups > FIN4, Wolf Spider

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link APT group: FIN4, Wolf Spider

NamesFIN4 (FireEye)
Wolf Spider (CrowdStrike)
CountryRomania Romania
MotivationFinancial crime
First seen2013
Description(FireEye) FireEye tracks a threat group that we call “FIN4,” whose intrusions seem to have a different objective: to obtain an edge in stock trading. FIN4 appears to conduct intrusions that are focused on a single objective: obtaining access to insider information capable of making or breaking the stock prices of public companies. The group specifically targets the emails of C-level executives, legal counsel, regulatory, risk, and compliance personnel, and other individuals who would regularly discuss confidential, market-moving information.

FIN4 has targeted over 100 companies since at least mid-2013. All of the targeted organizations are either public companies or advisory firms that provide services to public companies (such as investor relations, legal, and investment banking firms). Over two-thirds of the targeted organizations are healthcare and pharmaceutical companies. FIN4 probably focuses on these types of organizations because their stocks can move dramatically in response to news of clinical trial results, regulatory decisions, or safety and legal issues.
ObservedSectors: Financial, Healthcare, Pharmaceutical.
Tools usedUpDocX.
Information<https://www.fireeye.com/blog/threat-research/2014/11/fin4_stealing_insid.html>
<https://pwc.blogs.com/cyber_security_updates/2015/06/unfin4ished-business.html>
MITRE ATT&CK<https://attack.mitre.org/groups/G0085/>

Last change to this card: 22 April 2020

Download this actor card in PDF or JSON format

Previous: Evilnum
Next: FIN5

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
E-mail report@thaicert.or.th
PGP Download PGP key