Skip to main content

Are you a legal professional? Visit our professional site

Search for legal issues
For help near (city, ZIP code or county)
Please enter a legal issue and/or a location

Russian Hacker Targets Top Am Law 100 Law Firms

Article Placeholder Image
By Jonathan R. Tung, Esq. on April 06, 2016 6:58 AM

No one is safe from hackers today, at least not in BigLaw. Crain's Chicago Business reports that 48 top Chicago law firms -- many of which are part of the Am Law 100 rankings -- were targeted by a mysterious Russian cybercriminal who operates out of Ukraine. His goal? Top law firms' mergers and acquisitions info. With that sort of inside information, a cybercriminal could do very well for himself.

Another new week, another spate of cyber-criminal activity for firms to prepare against.

Wolf in Sheep's Clothing

The hacker's modus operandi was, in at least one case, a sophisticated phishing attack. The traditional phishing attack strategy relies on a hacker or group of hackers sending out thousands of emails and hooking one or two careless email users. But email scams have become more innocuous looking with time; and some are practically indistinguishable from legitimate emails.

Phishing With Finesse: Fin4

Some of the basics of phishing were set out in FireEye's 2014 phishing report. (It may seem so old now, but it deserves mentioning.) It detailed the methods and means of one of the world's most successful cyberhacking groups known as Fin4. In the report, FireEye outlines Fin4's use of phishing to gain trust in order to obtain M&A information. The group would then play the market with non-public insider information.

To make things worse, Fin4's phishing had the gloss of legitimacy: it's written in "perfect English" uses the proper sounding investment terminology and even warns recipients of shareholder and public disclosure concerns. Ironic.

Could the hackers now targeting law firms have been inspired by Fin4's success?

"Oleras" Is Hiring

The Ukraine-based Russian hacker who is after company mergers and acquisitions information is known as "Oleras" -- and he's hiring. On March 3rd, the FBI released a notification about Oleras and his attempts to recruit other cyber-criminal talent. Law firms are squarely in his crosshairs. The FBI notification did all that they could do: warn us about opening emails carelessly. Oh, and stay insured.

Related Resources:

Find a Lawyer

More Options