SYMBOLCOMMON_NAMEaka. SYNONYMS

WOLF SPIDER  (Back to overview)

aka: FIN4, G0085

FIN4 is a financially-motivated threat group that has targeted confidential information related to the public financial market, particularly regarding healthcare and pharmaceutical companies, since at least 2013. FIN4 is unique in that they do not infect victims with typical persistent malware, but rather they focus on capturing credentials authorized to access email and other non-public correspondence.


Associated Families

There are currently no families associated with this actor.


References
2019MITREMITRE ATT&CK
@online{attck:2019:fin4:dd68444, author = {MITRE ATT&CK}, title = {{Group description: FIN4}}, date = {2019}, organization = {MITRE}, url = {https://attack.mitre.org/groups/G0085/}, language = {English}, urldate = {2019-12-20} } Group description: FIN4
WOLF SPIDER
2015-06-24PWCMichael Yip, Chris Doman
@online{yip:20150624:unfin4ished:08c489d, author = {Michael Yip and Chris Doman}, title = {{UnFIN4ished Business}}, date = {2015-06-24}, organization = {PWC}, url = {https://pwc.blogs.com/cyber_security_updates/2015/06/unfin4ished-business.html}, language = {English}, urldate = {2020-01-06} } UnFIN4ished Business
WOLF SPIDER
2015-06-23ReutersSarah N. Lynch, Joseph Menn
@online{lynch:20150623:exclusive:3fbed86, author = {Sarah N. Lynch and Joseph Menn}, title = {{Exclusive: SEC hunts hackers who stole corporate emails to trade stocks}}, date = {2015-06-23}, organization = {Reuters}, url = {https://www.reuters.com/article/2015/06/23/us-hackers-insidertrading-idUSKBN0P31M720150623}, language = {English}, urldate = {2020-01-08} } Exclusive: SEC hunts hackers who stole corporate emails to trade stocks
WOLF SPIDER
2015-05-02Barry Vengerik, Kristen Dennesen, Jordan Berry, Jonathan Wrolstad
@techreport{vengerik:20150502:hacking:d57f34d, author = {Barry Vengerik and Kristen Dennesen and Jordan Berry and Jonathan Wrolstad}, title = {{HACKING THE STREET? FIN4 LIKELY PLAYING THE MARKET}}, date = {2015-05-02}, institution = {}, url = {https://www2.fireeye.com/rs/fireye/images/rpt-fin4.pdf}, language = {English}, urldate = {2019-12-17} } HACKING THE STREET? FIN4 LIKELY PLAYING THE MARKET
WOLF SPIDER
2014-12-01FireEyeKristen Dennesen, Jordan Berry, Barry Vengerik, Jonathan Wrolstad
@online{dennesen:20141201:fin4:0760295, author = {Kristen Dennesen and Jordan Berry and Barry Vengerik and Jonathan Wrolstad}, title = {{FIN4: Stealing Insider Information for an Advantage in Stock Trading?}}, date = {2014-12-01}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2014/11/fin4_stealing_insid.html}, language = {English}, urldate = {2019-12-20} } FIN4: Stealing Insider Information for an Advantage in Stock Trading?
WOLF SPIDER

Credits: MISP Project