The Securities and Exchange Commission has asked for information regarding such data breaches from at least eight companies, Reuters reports. The request is an unprecedented move for an insider trading probe which reflects growing concerns over cyber security.
"The SEC is interested because failures in cybersecurity have prompted a dangerous, new method of unlawful insider trading," John Reed Stark, former head of Internet enforcement at the SEC told Reuters, calling the Commission's outreach to the companies an "absolute first."
The hacking group was dubbed "FIN4" in a December report from cybersecurity firm FireEye Inc. The report has also spurred a separate investigation underway by the US Secret Service, which also tackles cyber crimes and financial fraud.
Though the SEC and the Secret Service have so far declined to comment on the pending investigations, Reuters cites sources familiar with the matter who say that FIN 4 is suspected of trying to hack into email accounts at more than 100 different companies in search of information.
The kind of information that would be valuable to the group includes news of mergers and other events that could affect stock prices and create an advantage for those who have the inside scoop.
The FireEye report said that more than 60 of the targeted companies were healthcare related fields like biotechnology, medical instruments and equipment, and pharmaceuticals. Stocks for companies in these fields tend to be volatile, therefore providing opportunities for quick gains.
While the SEC is investigating FIN4's exact methods for tricking employees into giving up passwords, the FireEye report speculated that the hackers were either American or European, because of their perfect English and thorough knowledge of the financial system.
"What was insidiously brilliant was that they could inject themselves into email threads and keep gleaning information," said Laura Galante, FireEye's manager of threat intelligence. "They really knew their audience."
The hackers used fake Microsoft Outlook login pages to trick employees into giving away their passwords, and in once case, used confidential information from a previously obtained document to spur an email conversation and lure people into revealing credentials.
In the past, the SEC would typically start their investigations into insider trading by looking for strange or questionable trading activity, so using cyber breaches as a starting point is a change in tactics.
The only outcome from an SEC investigation would be a civil case, criminal cases would have to be brought by a federal prosecutor.