I'm more curious about how they hacked into the SEC database? Did they use an email trojan? Exploit an existing flaw or backdoor? If they did this via e-mail, who did they send the mail to?
> The hackers used malicious software sent via email to SEC employees. Then, after planting the software on the SEC computers, they sent the information they were able to gather from the EDGAR system to servers in Lithuania, where they either used it or distributed the data to other criminals, Carpenito said.
Looks like a way to say “exfiltrating data from the endpoints”.