"Beyond the Grave" Phishing Campaign Targets Hedge Funds

The International hedge funds have become a victim of a new phishing campaign called "Beyond the Grave" that alter data confidentiality of the funds.

A member named XanderBauer, of the attacking group has posted a statement on BleepingComputer with a title of "Beyond The Grave Virus infecting Hedge Funds". This post states that their phishing campaign is designed to alter data confidentiality in the targeted hedge funds, but not clear whether the attack was purposely done to take the financial advantage or to cause market instability for political reasons.

"A large number of U.S. and international hedge funds were targeted. We know that the following companies have already been infected by the virus: Elliot Advisors, Capital Fund Management, AQR, Citadel, Baupost Group, Marshall Wace," the statement said.

The attackers included a sample of the phishing campaign email as proof. It contains an open window that the hijackers wanted to show the executable command in the phishing kit. The phishing emails used in the attack looked perfectly legitimate coming from a financial research company named Aksia and it pretended to be for research purpose related to ESMA (European Securities and Markets Authority) halting short selling during Brexit.

The emails "contain links to the alleged research located at the www.aksia.co site, which attempts to impersonate the real Aksia.com site."

BleepingComputer has contacted all of the companies targeted by this phishing campaign, Aksia, Palantir, FireEye, and the attacker who posted the information, but only Marshall Wace responded to them.

A Marshall Wace spokesman stated: "We are aware that Marshall Wace, alongside other asset managers, was recently targeted by a phishing campaign, but the potential intrusion was picked up by our cybersecurity systems and we are confident there was no breach of our environment. We remain vigilant."