Federal authorities have charged nine defendants with participating in a scheme to hack a Securities and Exchange Commission database to steal confidential information that netted $4.1 million in illegal stock trade profits.

Two of the defendants, federal prosecutors in New Jersey said, breached SEC networks starting in May 2016 by subjecting them to hacks that included directory traversal, phishing attacks, and infecting computers with malware. From there, the defendants allegedly accessed EDGAR (the SEC’s Electronic Data Gathering, Analysis, and Retrieval system) and stole nonpublic earnings reports that publicly traded companies had filed with the commission. The hackers then passed the confidential information to individuals who used it to trade in the narrow window between when the files were stolen and when the companies released the information to the public.

“Defendants’ scheme reaped over $4.1 million in gross ill-gotten gains from trading based on nonpublic EDGAR filings,” SEC officials charged in a civil complaint. It named Ukrainian nationalist Oleksandr Ieremenko as a hacker, along with six individual traders in California, Ukraine, and Russia, and it also named two entities. A criminal complaint filed by federal prosecutors in New Jersey charged Ieremenko and a separate Ukrainian named Artem Radchenko with carrying out the hack.

The SEC first disclosed the EDGAR hack in 2017. The commission’s chairman said at the time that “cyber threat actors” managed to access or misuse SEC systems, but he provided few other details. EDGAR is the system that accepts electronic filings from corporations regarding their quarterly and yearly finance reports and events or activities that might have an impact on their business. While the filings are eventually made public, there is usually a window in which reports are stored on the system before they’re available for general viewing by people outside the company.

Prosecutors previously charged Ieremenko with being part of a similar large-scale conspiracy to hack three newswire organizations—Marketwired, PR Newswire Association, and Business Wire—and steal nonpublic financial disclosures. Defendants involved in that scheme stole 150,000 releases and executed trades in advance of the releases of about 800 of them. They realized more than $30 million in illicit trading profits, prosecutors alleged.

The SEC’s complaint alleged that after hacking EDGAR, Ieremenko obtained test files that companies can submit in advance of making official filings to ensure EDGAR processes the filings as intended. The test filings sometimes included information, such as the actual quarterly earnings results, that weren’t yet public. Ieremenko allegedly extracted nonpublic test files from SEC servers and then passed the information to different groups of traders.

The traders named in the SEC complaint include:

Sungjin Cho, Los Angeles, California

David Kwon, Los Angeles, California

Igor Sabodakha, Ukraine

Victoria Vorochek, Ukraine

Ivan Olefir, Ukraine

Andrey Sarafanov, Russia

Capyield Systems, Ltd. (owned by Olefir)

Spirit Trade Ltd.

The SEC complaint charges each defendant with violating federal securities anti-fraud laws and related SEC anti-fraud rules. It seeks a ruling that would order the defendants to pay penalties, return their profits with interest, and forbid them from committing future violations of the anti-fraud laws. The criminal complaint charges Ieremenko and Radchenko with 16 counts of securities fraud conspiracy, wire-fraud conspiracy, computer-fraud conspiracy, wire fraud, and computer fraud.