U.S. authorities on Tuesday charged two Ukrainian for their roles in a large-scale, international conspiracy to hack into the Securities and Exchange Commission’s (SEC) computer systems and profit by trading on critical information they stole.

In a 16-count indictment unsealed today in the District of New Jersey, Artem Radchenko, 27, and Oleksandr Ieremenko, 26, both of Kiev, Ukraine, are charged with securities fraud conspiracy, wire fraud conspiracy, computer fraud conspiracy, wire fraud, and computer fraud. The SEC also filed a civil complaint today charging Ieremenko along with several other individuals and entities.

The indictment alleges that from February 2016 to March 2017, Radchenko and Ieremenko hacked into the SEC’s Electronic Data Gathering, Analysis and Retrieval (EDGAR) system and stole thousands of files, including annual and quarterly earnings reports containing confidential, non-public, financial information, which publicly traded companies are required to disclose to the SEC. The defendants and others then profited by selling access to the confidential information in these reports and trading on this stolen information prior to its distribution to the investing public.

The EDGAR system allows companies to make test filings in advance of a public filing. These test filings often contain information that is the same as, or similar to the information in the final filing.

To gain access to the SEC’s computer networks, the defendants used a series of targeted cyber-attacks, including directory traversal attacks, phishing attacks, and infecting computers with malware. Once the defendants had access to the test filings on the EDGAR system, they stole them by copying the test filings to servers they controlled. For example, between May 2016 and October 2016, the defendants extracted thousands of test filings from the EDGAR servers to a server they controlled in Lithuania.

Ieremenko was previously charged in a hacking and securities fraud scheme in an indictment in the District of New Jersey. That indictment charged Ieremenko with being part of a large-scale, international conspiracy to hack the computer systems of three newswire organizations and steal press releases containing confidential non-public financial information relating to hundreds of companies traded on the NASDAQ and NYSE from three newswires. The members of the conspiracy profited from the theft by trading on the news ahead of its distribution to the investing public.

Radchenko recruited to the scheme traders who were provided with the stolen test filings so they could profit by trading on the information before the investing public. Armed with the stolen information, the traders profited by executing various trades in brokerage accounts they controlled.

The wire fraud conspiracy and substantive wire fraud counts with which the defendants are charged carry a maximum potential penalty of 20 years in prison and a $250,000 fine, or twice the gain or loss from the offense. The securities fraud conspiracy, computer fraud conspiracy, and substantive computer fraud counts with which the defendants are charged carry a maximum potential penalty of five years in prison and a $250,000 fine, or twice the gain or loss from the offense.