The target: The SEC's EDGAR filing system.
The take: Nonpublic 'test filings' containing earning results and other material data were obtained and used to make profitable securities trades before the information was publicized. Seven individuals and two organizations were recently charged by the SEC in connection with the hack and are reported to have profited to the tune of $4.1M from the scheme.
The attack vector: An undisclosed software vulnerability reportedly allowed attackers to bypass the system's authentication controls.