Privacy Ninja



        • Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Russian Hackers Made Millions by Stealing SEC Earning Reports

Russian Hackers Made Millions by Stealing SEC Earning Reports

A Russian national working for a cybersecurity company has been extradited to the U.S. where he is being charged for hacking into computer networks of two U.S.-based filing agents used by multiple companies to file quarterly and annual earnings through the Securities and Exchange Commissions (SEC) system.

Along with other conspirators, the individual made millions of U.S. dollars by trading on the material non-public information (MNPI) stolen from the two filings agents.

Also Read: September 2021 PDPC Incidents and Undertaking: Lessons from the Cases

Stolen creds used for access

In a press release on Monday, the Department of Justice announced that 41-year old Vladislav Klyushin has been extradited to the U.S. from Switzerland, where he had been arrested on March 21.

“Klyushin is charged with conspiring to obtain unauthorized access to computers, and to commit wire fraud and securities fraud, and with obtaining unauthorized access to computers, wire fraud and securities fraud” – the U.S. Department of Justice

Klyushin was part of a larger group that used MNPI for trading in the securities of publicly traded companies for at least two years, between January 2018 and September 2020.

Four other Russians that have been charged but are currently at large, have been identified as Ivan Ermakov, Nikolai Rumiantcev, Mikhail Vladimirovich Irzak, and Igor Sergeevich Sladkov.

The defendants used compromised employee credentials to access the networks of the targeted filing agent and view or download data related to earnings of multiple companies, including SEC filings and press releases.

According to FBI Special Agent B.J. Kang, the intrusions were carried out through a VPN connection and the compromise of one of the two filing agents started in October 2017.

The intruders looked at documents from companies in various sectors of activity, among them being: IBM, Steel Dynamics, Avnet, Tesla, Box, Roku, Kohl’s Corporation, Datadog, Altra Industrial Motion Corp, The Nielsen Company.

Having information about a company’s performance before it became public, the individuals allegedly acted on it and “traded accordingly, in brokerage accounts held in their own names or in the names of others,” reads an affidavit from FBI special agent BJ Kang, specialized in investigating financial crimes.

Also Read: The 5 Important Things To Know In Security Pen Testing

A pentester and a Russian GRU officer involved

Of the five Russians charged, Klyushin, Ermakov, and Rumiantcev worked for a Moscow-based IT company called M-13, which provides penetration testing services and red team engagements, which test the defenses of an organization by simulating targeted attacks.

The three M-13 employees, all of them holding deputy general director positions, also offered investment services, asking investors 60% of the profit, the DoJ says.

According to the company website, among M-13’s customers are “the Administration of the President of the Russian Federation, the Government of the Russian Federation, federal ministries and departments, regional state executive bodies.”

The connection with the Russian government, however, is deeper than this as Ermakov is a former officer in the Russian Main Intelligence Directorate (GRU), the country’s military intelligence agency.

If arrested, Ermakov also faces older charges related to hacking and influence efforts targeting the 2016 U.S. elections. Furthermore, he is suspected to have played a part in hacking and disinformation operations regarding the international anti-doping agencies, sporting federations, and anti-doping officials.

As per charging documents, the scheme was very lucrative. In about a year, one of the defendants, Irzak, traded ahead of public announcements of about 150 companies with a success rate of 66%.

Between December 2019 and August 2020, one account used by Irzak generated profits of about $4.3 million from illegally trading ahead of earnings announcements of around 47 companies.

Klyushin is risking a maximum penalty of five years in prison, three years of supervised release, and a $250,000 fine for conspiring to get unauthorized access to computers, wire fraud, and securities fraud charges. The same maximum sentence is for the hacking activity.

Securities fraud and wire fraud, however, each carries a maximum sentence of 20 years in prison, three years of supervised release, and a $250,000 fine.



Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection


We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.


Click one of our contacts below to chat on WhatsApp

× Chat with us