"Many of FIN4's lures appeared to be stolen documents from actual deal discussions that the group then weaponized and sent to individuals directly involved in the deal," FireEye said in the report.
"We've seen the actors seamlessly inject themselves into email threads. FIN4's emails would be incredibly difficult to distinguish from a legitimate email sent from a previously compromised victim's email account."
FIN4 has been operating since mid-2013 and are most likely U.S. based, FireEye said. All but three of the public companies targeted in the email hack are listed on the New York Stock Exchange or NASDAQ, with the remaining three listed on non-U.S. exchanges, the cybersecurity firm added.
FireEye noted that after information about a deal that FIN4 knew about went public, the stock "varied significantly" and that it is likely the group "used the inside information they had to capitalize on these stock fluctuations".
Read MoreRussian hackers target Nato, military secrets
To evade detection, FIN4 created a process in victims' Microsoft Outlook email accounts that automatically deleted any emails that contained words such as "hacked" or "malware". This prevented victims from receiving emails from other targets warning them that their account might be compromised.
On top of this, the hackers used the Tor network – a software that enables users to browse the internet anonymously – to access their target's accounts.
FireEye said that this group as different as it used targeted email attacks rather than malware, but the U.S. researchers said they "cannot say for certain what happens" once FIN4 gets access to insider information.
"What we can say is that FIN4's network activities must reap enough benefit to make these operations worth supporting for over a year—and in fact, FIN4 continues to compromise new victims as we finish this report," FireEye noted.