The US Securities and Exchange Commission (SEC) suspects cybercriminals have acted on the stock exchange with insider knowledge. A database of the commission has been hacked and gave access to documents that make this possible.
This reports the SEC in a statement. This is the database EDGAR, a database in which companies have to upload financial documents before they are made available to investors. This database was already hacked in 2016, after which the vulnerable vulnerability was shortly postponed. Now the SEC reportsthat the attackers have abused access to this database to deal with prior knowledge.
During the attack, a vulnerability was compromised in a database feature. This feature allows companies to review the uploaded data before uploading their financial documents before they are finally uploaded.