US authorities have charged 32 members of an alleged international cybercrime operation that netted millions of dollars by targeting newswire services in order to profit from stock market trading.
The group allegedly hacked into three business newswires - Business Wire, Marketwired and PR Newswire - and stole unpublished press releases that contained non-public financial information that was then used to make stock trades.
The indictments, filed by the US Securities and Exchange Commission (SEC) and the US district court of New Jersey, place the earnings of the scheme between $30m and $100m, and stole up to 150,000 confidential press releases over a five-year period.
The group, said to have been spearheaded by Ukrainians Ivan Turchynov and Oleksandr Ieremenko, targeted corporate earnings announcements, press releases, financial data and product announcements.
Turchynov and Ieremenko are accused of hiding the intrusions using proxy servers to mask their identities and posing as newswire service employees and customers, according to the SEC's complaint.
The SEC charges that Turchynov and Ieremenko created a secret web-based location to transmit the stolen data to traders in Russia, Ukraine, Malta, Cyprus, France and three US states - Georgia, New York and Pennsylvania.
Law enforcement, in connection with the US Financial Fraud Enforcement Task Force, has charged each of the 32 defendants with violating federal antifraud laws.
Five defendants have been charged with wire fraud conspiracy, securities fraud conspiracy, wire fraud, securities fraud and money laundering conspiracy.
Turchynov and Ieremenko are additionally charged with computer fraud conspiracy, computer fraud and aggravated identity theft.
Acting US attorney Kelly Currie explained that the operation showed a high level of criminal cooperation.
"The defendants and their co-conspirators formed an alliance of hackers and securities industry professionals to systematically steal valuable inside information and profit by trading ahead of authorised disclosures to the investing public," he said.
Laura Galante, director of threat intelligence at security firm FireEye, said that the internal workings of the cyber operation are reminiscent of the FIN4 hacking group.
FIN4, as reported last year, stole insider information that was then used to manipulate stock trading.
"Given the information that's been made public, it does not appear to be the same group, but there are similarities," said Galante.
"There's targeting overlap in that these actors seemed to deliberately pursue market-moving information, like FIN4, to benefit financially on the stock trade. Unlike FIN4 it seems this group had a narrower scope in choosing to get their data from a consolidated place.
"FIN4 went after over 100 separate companies. The groups used slightly different tactics, although the indictment isn't super detailed when it comes to technical behaviour. FIN4 seemed to put more effort into social engineering, whereas this group used more typical attacks to get them in the door."
Equinox's Dave Millett explores how phone, mobile and broadband could be affected by a no-deal Brexit
Dust storm on Titan only the third Solar System body where such storms have been observed
New technique could enable quantum computers to scale-up to millions of qubits
Systrom and Krieger taking time off "to explore our curiosity and creativity"