In a 16-count indictment, Artem Radchenko, 27, and Oleksandr Ieremenko, 26, both of Kiev, Ukraine, were charged with “securities fraud conspiracy, wire fraud conspiracy, computer fraud conspiracy, wire fraud, and computer fraud”. The pair allegedly stole earnings reports filed by publicly traded companies ahead of their publication by the SEC, then used them to make trades over a period of six months.

“The defendants charged in the indictment… engaged in a sophisticated hacking and insider trading scheme to cheat the securities markets and the investing public,” U.S. Attorney Craig Carpenito said in a DOJ release. “They targeted the Securities and Exchange Commission with a series of sophisticated and relentless cyber-attacks, stealing thousands of confidential EDGAR filings from the Commission’s servers and then trading on the inside information in those filings before it was known to the market, all at the expense of the average investor.”

The SEC also filed a separate civil complaint, charging Ieremenko and a wider group of nine defendants — including companies in Hong Kong and Belize and individuals in the U.S., Russia, and South Korea — of earning more than $4.1 million as result of the hacking.

Some of the same people are also listed in a 2015 SEC complaint involving the hacking of news releases before their publication and making $30 million in illicit trading profits.

The most serious wire fraud charges carry maximum penalties of 20 years in prison and a $250,000 fine or twice the profit of the trades. Some of the 16 charges could also carry additional penalties of five years in jail and extra fines. The civil complaint seeks the return of profits, with interest, the payment of penalties, and restrictions on future fraud.