Russian hackers made millions stealing SEC earnings reports

A Russian national working for a cybersecurity company has been extradited to the United States where he is accused of hacking the computer networks of two United States-based filing agents used by several companies to deposit quarterly and annual income via the Securities and Exchange Commissions (SEC) system.

Along with other conspirators, the individual earned millions of US dollars by exchanging Material Non-Public Information (MNPI) stolen from the two filing agents.

Stolen credits used for access

In a press release on Monday, the Justice Department announced that Vladislav Klyushin, 41, had been extradited to the United States from Switzerland, where he was arrested on March 21.

Klyushin was part of a larger group that used MNPI to trade the securities of publicly traded companies for at least two years, between January 2018 and September 2020.

Four other Russians indicted but currently at large have been identified as Ivan Ermakov, Nikolai Rumiantcev, Mikhail Vladimirovich Irzak and Igor Sergeevich Sladkov.

The defendants used compromised employee credentials to gain access to the targeted filing agent’s networks and view or download data relating to the earnings of several companies, including SEC filings and press releases. hurry.

According to FBI Special Agent BJ Kang, the intrusions were carried out via a VPN connection and the compromise of one of the two filing agents began in October 2017.

The intruders looked at documents from companies in various industries, including: IBM, Steel Dynamics, Avnet, Tesla, Box, Roku, Kohl’s Corporation, Datadog, Altra Industrial Motion Corp, The Nielsen Company.

Having information on a company’s performance before it was made public, individuals would have acted accordingly and “traded accordingly, in brokerage accounts held in their own name or on behalf of others”, do we read in a affidavit FBI Special Agent BJ Kang, who specializes in financial crime investigations.

Russian pentester and GRU official involved

Of the five indicted Russians, Klyushin, Ermakov and Rumiantcev worked for a Moscow-based IT company called M-13, which provides penetration testing services and red team engagements, which test an organization’s defenses by simulating targeted attacks.

M-13’s three employees, all in deputy general manager positions, also offered investment services, asking investors for 60% of the profits, according to the DoJ.

According to the company’s website, customers of M-13 include “the administration of the President of the Russian Federation, the government of the Russian Federation, federal ministries and departments, regional state executive bodies. “.

The connection to the Russian government, however, runs deeper than that, as Ermakov is a former officer in the Main Russian Intelligence Directorate (GRU), the country’s military intelligence agency.

If arrested, Ermakov also faces older charges related to hacking and influence efforts targeting the 2016 US election. In addition, he is suspected of having played a role in hacking operations and misinformation about international anti-doping agencies, sports federations and anti-doping officials.

According to the billing documents, the program was very lucrative. In about a year, one of the defendants, Irzak, negotiated before the public announcements of about 150 companies with a success rate of 66%.

Between December 2019 and August 2020, an account used by Irzak generated profits of around $ 4.3 million from illegal transactions before profit announcements of around 47 companies.

Klyushin faces a maximum sentence of five years in prison, three years of supervised release and a fine of $ 250,000 for conspiracy to gain unauthorized access to computers, electronic fraud and securities fraud. The same maximum penalty is for hacking activity.

Securities fraud and wire fraud, however, each carry a maximum sentence of 20 years in prison, three years of supervised release and a fine of $ 250,000.