Expanded charges link three men to JPMorgan hack, as well as other incidents Credit: REUTERS/Shannon Stapleton On Tuesday, Manhattan US Attorney Preet Bharara’s office unsealed an indictment against three individuals charged with hacking several financial institutions, financial news publishers, and other companies.In a statement to Reuters, JPMorgan confirmed that the recently unsealed indictment is connected to last year’s hack, which impacted 83 million households.Monday’s indictment focuses on Gery Shalon, Joshua Samuel Aaron, and Ziv Orenstein.In court documents shared with CSO Online, the prosecutors say that between 2012 and 2015, the three pulled off “the largest theft of customer data from a U.S. financial institution in history” by stealing the personal information of more than 100 million people. The three men were first named earlier this year in an indictment related to stock and trading fraud. In addition to JPMorgan, the group targeted eleven other companies, though the twenty-three count indictment doesn’t name the victims.The indictment overviews how the some of the attacks were conducted, which included social engineering and exploitation of the Heartbleed vulnerability against “one of the world’s largest financial services corporations” based in Boston, Massachusetts. Using a mix of legitimate access provided to customers by the victims, the indictment names Shalon as the core criminal hacker of the group. Court documents say he was responsible for probing the targeted networks vulnerabilities and installing malware to gain additional access.Data taken from one victim would be used in attacks against the other victims, including securities market manipulation. Later, the indictment says the group considered targeting email accounts owned by top executives and power traders for insider information, because “they have some interesting info in their mail.”The group leveraged servers in Egypt, the Czech Republic, South Africa, and Brazil to run their financial attacks and serve as a clearinghouse for their stolen data.Based on the charges, each of the three men indicted will face decades behind bars if convicted. In a related case, a separate indictment was unsealed against Anthony Murgio on Tuesday, who is also linked to the JPMorgan hack.The Manhattan US Attorney is expected to release additional details later this afternoon. Related content news Apple patches info-stealing, zero day bugs in iPads and Macs The vulnerabilities that can allow the leaking of sensitive information and enable arbitrary code execution have had exploitations in the wild. By Shweta Sharma Dec 01, 2023 3 mins Zero-day vulnerability feature The CSO guide to top security conferences Tracking postponements, cancellations, and conferences gone virtual — CSO Online’s calendar of upcoming security conferences makes it easy to find the events that matter the most to you. By CSO Staff Dec 01, 2023 6 mins Technology Industry IT Skills Events news Conti-linked ransomware takes in $107 million in ransoms: Report A ransomware campaign linked to the ostensibly defunct Conti malware group has targeted mostly US businesses, in a costly series of attacks. By Jon Gold Nov 30, 2023 4 mins Ransomware news Okta confirms recent hack affected all customers within the affected system Contrary to its earlier analysis, Okta has confirmed that all of its customer support system users are affected by the recent security incident. By Shweta Sharma Nov 30, 2023 3 mins Data Breach Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe