The FIN4 hacking group is likely to be made up of native English-speaking persons with experience of the financial and banking markets, and a knowledge of their inner workings, according to the security firm that has tracked it for two years.
The US Securities and Exchange Commission (SEC) has reportedly joined the hunt for the hackers who break into firms through emails and steal information for the purposes of possibly profitable insider trading.
Jen Weedon, manager for threat intelligence and strategic analysis at FireEye, told V3 that the hackers are likely to be native English speakers with existing links to the financial industry.
"Based on [the] language in their social engineering techniques, and their keen understanding the specific roles of the firms and individuals they targeted, we suspect the hackers are native English speakers who have worked on, or very closely with, Wall Street and the investment banking community," she said.
"We do not know their location or specific identities, but we track a lot of actors across the globe and certain characteristics of FIN4's operations and targeting suggest American or European actors."
A report on Reuters said that the SEC has joined the hunt for the hackers, and is asking companies to inform the regulator about attempted breaches and other assaults.
Reuters' source, John Reed Stark, a former head of internet enforcement at the SEC, said that this method of investigation is an "absolute first" for the agency and is the result of "failures in cyber security".
"The SEC is interested because failures in cyber security have prompted a dangerous, new method of unlawful insider trading," Stark explained.
This kind of sharing has been encouraged for years, but there are industries where it is rare. Companies are worried that being hacked is a sign of weakness, and a further invitation to launch attacks.
Weedon said that this operation, the companies attacked, and the sums that are expected to be involved may persuade more companies to discuss and reveal their own breaches.
"As breaches become more widely disclosed and publicly discussed, and disclosure laws evolve, we anticipate more companies may talk openly about the situations they've faced. In today's security environment, nobody is immune from being targeted," she added.
"However, talking about these issues more openly helps de-stigmatise incidents and continues to put security at the forefront of critical public, government, and business dialogues, and this can be a positive step towards improving security overall."
Phil Barnett, vice president and general manager for EMEA at Good Technology, said that this is another example of how email accounts are a weak point for enterprises.
"Once again, insecure email accounts are a yellow brick road for hackers seeking exploitable information. Unless businesses take responsibility for the security of their data, across all devices, they are leaving themselves exposed and vulnerable to attack," he said.
"Such cyber threats must be tackled head on with a combination of containerisation of information and employee education. Highly regulated industries require stringent security policies, but threats such as these bring into question their effectiveness.
"An indestructible perimeter must be built around valuable corporate information unless businesses want hackers to find ‘Oz' and steal invaluable information."
Apple, Samsung, Google and others rush to go ever-higher upmarket is putting off potential customers
Laser tech can charge mobile phones from across a room
AMD's Zen chip roll-out continues with the focus on high-power embedded applications
And becomes the team's executive chairman to boot