FireEye said it has been tracking the activities of a group it has called 'FIN4' which it said "focuses on compromising the accounts of individuals who possess non-public information" about M&A deals and other "major market-moving announcements".
FireEye said that FIN4 might be looking to profit by obtaining and using confidential information about M&As to trade stocks and shares.
"Access to insider information that could make or break stock prices for dozens of publicly traded companies could surely put FIN4 at a considerable trading advantage," FireEye said in a new report (15-page / 5.82MB PDF).
It said FIN4 has been particularly active in looking to uncover confidential details about M&As in the healthcare and pharmaceutical industries and that senior business executives are among the individuals whose email accounts have been targeted by so-called 'phishing' emails, among other methods they use to obtain log in details.
"We believe FIN4 heavily targets healthcare and pharmaceutical companies as stocks in these industries can move dramatically in response to news of clinical trial results, regulatory decisions, or safety and legal issues," FireEye said. "In fact, many high-profile insider trading cases involve the pharmaceutical sector. We’ve observed FIN4 access information on a wide variety of issues – including drug development, insurance reimbursement rates, and pending legal cases – all of which can significantly influence the price of healthcare industry stocks."