Security Experts:

Connect with us

Hi, what are you looking for?



Corporate Mergers Make Attractive Time for Attackers: FireEye

Mergers and acquisitions make for a busy time for businesses. Unfortunately for them, they can also be a busy time for attackers.

According to researchers at FireEye, a number of advanced persistent threat campaigns have selected mergers as opportune times to strike.

Mergers and acquisitions make for a busy time for businesses. Unfortunately for them, they can also be a busy time for attackers.

According to researchers at FireEye, a number of advanced persistent threat campaigns have selected mergers as opportune times to strike.

“Over the last few years, concerns over economic espionage have led to greater scrutiny of mergers and acquisitions involving foreign companies – particularly in industries with sensitive technologies and operations that could pose broader economic and security threats,” blogged FireEye’s Jen Weedon. “However, entering into a merger or acquisition with a foreign company is not the only way nation-states conduct economic espionage via cyber means, nor are nation-states the only perpetrators of intellectual property theft.”

Hackers Target Mergers and Acquisitions

These attacks typically take two forms: either breaching one of the merging company’s subsidiaries or partners to gain access to the target company’s environment, or compromising and stealing data from a corporation involved in business talks with a foreign company in order to provide the other side with insider information, Weedon blogged.

“We have seen China-based threat groups previously compromise targets by taking advantage of trusted relationships and bridged networks between companies,” she explained. “Regardless of their method of entry, these actors are often in search of the same thing: intellectual property and proprietary information that can provide their own constituents with a business advantage, whether through adopting a rival’s technology and products, securing advantageous prices, or any other tactic that could give them a leg up.”

“We investigated one incident,” she noted, “in which two threat groups compromised a company shortly after it acquired a subsidiary. The threat actors used their access to the initial company’s network to move laterally to the subsidiary, which had recently developed a proprietary process for a significant new healthcare product. Once inside the subsidiary’s network, the threat groups stole data that included details on the product’s test results. We believe the threat groups sought to give that data to Chinese state-owned companies in that industry for fast-tracking the development of their own version of the groundbreaking product.”

Getting inside information is also a key motive for attackers during acquisition periods, Weedon added. Rather than go after intellectual property, these attackers look for information such as executive emails, negotiation terms and business plans.

“During one investigation, we found that a China-based threat group had compromised a company that was in the process of acquiring a Chinese subsidiary – a move that would have significantly increased the victim company’s manufacturing and retail capacity in the Chinese market,” blogged Weedon. “The threat actors accessed the email accounts of multiple employees involved in the negotiations in what was likely a search for information pertaining to the proceedings. We believe that the threat group then used the stolen information to inform Chinese decision makers involved in the acquisition process, as the Chinese government terminated the talks shortly after the data theft occurred.”

Companies involved in mergers and acquisitions need to be aware of the risks they face from threat actors intent on conducting economic espionage, she added.

“Entering into a merger or acquisition with an organization that has unidentified intrusions and unaudited networks places a company at risk of compromise from threat actors who may be waiting to move laterally to the newly integrated target,” she blogged. “Similarly, companies, and the law firms representing them, involved in negotiations with Chinese enterprises face risks from threat groups seeking to provide the Chinese entity with an advantage in negotiations.”

“Compromise and economic espionage can have profound impacts on a company’s finances and reputation at any time, but particularly when they are risking hundreds of millions to billions of dollars on M&A,” she blogged.

Written By

Click to comment

Expert Insights

Related Content


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.


A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...


Video games developer Riot Games says source code was stolen from its development environment in a ransomware attack


CISA, NSA, and MS-ISAC issued an alert on the malicious use of RMM software to steal money from bank accounts.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.

M&A Tracker

The SecurityWeek editorial team huddled over the holidays to look back at the stories that shaped 2022 and, more importantly, to stare into a...