Virtual Event: Threat Detection and Incident Response Summit - Watch Sessions
Connect with us

Hi, what are you looking for?



Hackers Profited $100 Million by Hacking Newswires: SEC

32 Charged in Scheme to Trade on Hacked News Releases

32 Charged in Scheme to Trade on Hacked News Releases

The Securities and Exchange Commission (SEC) said on Tuesday that a cybercriminal group allegedly hacked into newswire services to steal non-public information about corporate earnings announcements that were used to make financial trades that generated more than $100 million in illegal profits.

According to the SEC, two Ukrainian men and 30 other defendants in and outside the U.S. took part in the scheme.

The SEC charges that over a five-year period, ringleaders Ivan Turchynov and Oleksandr Ieremenko hacked into two or more newswire services and stole hundreds of corporate earnings announcements before the newswires released them publicly.

Global newswire service Business Wire said on Tuesday that it is investigating a cyberattack that allowed malicious actors to gain unauthorized access to non-public, market-moving information stored on its news distribution platform. PR Newswire also said that it was cooperating with officials on an investigation.

“This international scheme is unprecedented in terms of the scope of the hacking, the number of traders, the number of securities traded and profits generated,” said Securities and Exchange Commission Chair Mary Jo White. “These hackers and traders are charged with reaping more than $100 million in illicit profits by stealing nonpublic information and trading based on that information. That deception ends today as we have exposed their fraudulent scheme and frozen their assets.”

According to the SEC, Turchynov and Ieremenko used a web site to transmit the stolen data to traders in Russia, Ukraine, Malta, Cyprus, France, and three U.S. states, Georgia, New York, and Pennsylvania.

Advertisement. Scroll to continue reading.

The two allegedly recruited traders with a video showcasing their ability to illegally gain access to earnings information before its public release.

Citing an example, the SEC said that on May 1, 2013, the hackers and traders allegedly moved in the 36-minute period between a newswire’s receipt and release of an announcement that a company was revising its earnings and revenue projections downward. Roughly 10 minutes after the company sent the still-confidential release to the newswire, traders began selling short its stock and selling CFDs, realizing $511,000 in profits when the company’s stock price fell following the announcement.

“This cyber hacking scheme is one of the most intricate and sophisticated trading rings that we have ever seen, spanning the globe and involving dozens of individuals and entities,” said Andrew Ceresney, Director of the SEC’s Division of Enforcement. “Our use of innovative analytical tools to find suspicious trading patterns and expose misconduct demonstrates that no trading scheme is beyond our ability to unwind.”

Each of the 32 defendants are charged with violating federal antifraud laws and related SEC antifraud rules.

Other threat actor groups have targeted sensitive corporate data from public companies in the past.

In December 2014, Researchers at FireEye issued a report on an attack group dubbed “FIN4” that targeted C-level executives to get insider information that could be used to gain an advantage in the stock market. Since mid-2013, FireEye linked them to attacks at more than 100 companies, all which were either public companies or advisory firms that provide services to those companies, such as investment banking firms and legal firms. 

A FireEye spokesperson told SecurityWeek that the individuals charged today by the SEC are not part of the FIN4 group.

Written By

For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Artificial Intelligence

The degree of danger that may be introduced when adversaries start to use AI as an effective weapon of attack rather than a tool...