Cyberattacks Target Financial Institutions to Make Quick Bucks

• In May 2020, the Norwegian sovereign wealth fund, Norfund, lost more than $10 million (£8.2 million) in a cyber scam incident. The hackers posed as a finance company based in Cambodia, falsified information exchanges, and then tricked the company employees into transferring funds into a separate account owned by the hackers.
• In March 2019, a phishing campaign dubbed "Beyond the Grave" was observed, that was designed to alter confidential data held by the targeted hedge funds. Active since January 9, 2019, it was targeting several renowned banking and financial institutions, including Elliot Advisors, Capital Fund Management, AQR, Citadel Baupost, Alliance Bernstein, and Group Marshall Wace.
• In October 2019, attackers had targeted the hedge fund management company, Arena Investors, sending malicious phishing emails posing as a C-suite executive.

Fund management companies leaking data

• In August 2019, Credia.ge, a Georgia-based microfinance company, exposed personal and loan information for thousands of its customers. The 2 GB of exposed data contained 142,571 user records, that were left exposed in a misconfigured Elasticsearch cluster.
• In December 2019, the Washington-based accounting and wealth management company, Moss Adams, notified that a staffer’s email account was accessed by an unknown third party, resulting in the exposure of sensitive information including names and Social Security numbers of an undisclosed number of customer and employees.

Another noteworthy fraud case