Hackers have been targeting the emails of publicly traded health care or pharmaceutical company employees for more than a year, trying to obtain information, such as clinical trial news, that could affect global markets, the New York Times reports.
The security firm reporting the breach, FireEye, didn't disclose the affected firms, but said half of them are in the biotechnology sector. Additionally, FireEye said these hackers appeared to represent "a new breed," according to the Times.
"Their email lures are precisely tailored toward each victim, written in flawless English and carefully worded to sound as if they were sent by someone with an extensive background in investment banking and with knowledge of the terms those in the industry employ," the Times says.
Some executives, it adds, have been drawn in and clicked on links or opened attachments to those emails, and were redirected to a fake email login site designed to steal their information. This way, the attackers could read their victim's email.
"Given the types of people they are targeting, they don't need to go into the environment; the senior roles they target have enough juicy information in their inbox," Jen Weedon, a FireEye threat intelligence manager, tells the Times. "They are after information protected by attorney-client privilege, safety reports, internal documents about investigations, and audits."