The stolen informationincluded non-public corporate earnings reports and other materialinformation. The Edgar breach lasted from May 2016 through at leastOctober 2016, according to the SEC. (Photo: Shutterstock)

(Bloomberg) –After the U.S. government shut down their schemetrading stocks on pilfered corporate press announcements, a team ofeastern European hackers moved on to an even more ambitioustarget: the Securities and Exchange Commission.

That's the startling claim laid out in a Tuesday courtfiling.

The SEC said the same group that infiltrated PRNewswire Associates LLC andBusiness Wire computer servers years ago to obtain unreleased pressstatements was also behind the 2016 attack on the regulator's Edgardatabase of corporate filings.

It's a remarkable allegation that shows the challenges U.S.regulators face in bringing overseas fraudsters to justice, even if they'rerepeat offenders.

The case is also the latest example of hackers going to greatlengths to brazenly steal secrets from American companies andgovernment agencies.

The defendants include a network of traders who were based inthe U.S., Ukraine and Russia, according to the SEC.

They made more than $4.1 million after placing market bets basedon information they received from Oleksandr Ieremenko, a27-year-old hacker based in the Ukraine who worked with others toobtain thousands of filings from the Edgar system, the SECsaid.

Earlier hack

The stolen information included non-public corporate earningsreports and other material information. The Edgar breach lastedfrom May 2016 through at least October 2016, according to theSEC.

All but one of the defendants sued Tuesday were also accused in2015 of stealing unpublished press releases.

Ieremenko, who was also accused of participating in the hack onPRNewswire and Business Wire, remains at large in the Ukraine, theSEC said in the Tuesday court filing.

Federal prosecutors separately unsealed a criminal indictmentTuesday against Ieremenko and Artem Radchenko, who's also based inthe Ukraine.

The two were accused of hacking into the SEC's computer networksand stealing unreleased financial reports of public companies. Bothmen are fugitives, New Jersey U.S. Attorney Craig Carpenito said ata press conference in Newark.

“The trader defendants charged today are alleged to have takenmultiple steps to conceal their fraud, including using an offshoreentity” to place their trades, Steven Peikin, the SEC'sco-enforcement director said in a statement. “Our staff'ssophisticated analysis of the defendants' trading exposed thecommon element behind their success, providing overwhelmingevidence that each of them traded based on information hacked fromEdgar.”

Embarrassing breach

The Edgar hack was an embarrassment for the SEC and led tobipartisan criticism of the agency from U.S. lawmakers. After thebreach was disclosed in September 2017, SEC Chairman Jay Claytonpledged to improve the regulator's defenses against cyberattacks.

Clayton said Tuesday that the SEC has pursued a number ofefforts to fortify Edgar and the the agency'sinformation-technology systems more broadly.

“We recognize that we must continuously use the resourcesavailable to us efficiently and effectively to bolster ourcybersecurity defenses and reduce our cyber risk profile,” he saidin a statement. “Our recent and ongoing work on both enhancedsecurity and risk reduction has involved many of our divisions andoffices as well as external consultants and governmentpartners.”

Edgar is best known for being a massive repositorywhere firms inform investors about everything from their earningsto top executives' share sales. The hacked aspect of the databasehouses test filings that companies submit to familiarize themselveswith using Edgar. Such filings are never intended to be madepublic.

  READ MORE:

Keeping clients' data safe

8 steps to protect employee benefits data fromhackers

One year later: The influence of Equifax and otherdata breaches on corporate culture

Copyright 2019 Bloomberg. All rightsreserved. This material may not be published, broadcast, rewritten,or redistributed.