A federal judge, acting on behalf of the U.S. Securities and Exchange Commission (SEC), has frozen $3 million belonging to an Eastern European cybercrime gang that allegedly hacked into seven U.S. brokerage firms, then used stolen funds to mount a stock manipulation scheme.

According to a complaint filed by the SEC Tuesday in U.S. District Court in Washington, D.C., the gang's 20 members live in Russia, Latvia, Lithuania and the British Virgin Islands. The frozen assets, which include at least $733,000 in profits from the scam, are in a Latvian bank.

As with two other stock manipulation schemes the SEC has uncovered, this one relied on a multi-part scam. After buying lightly-traded "penny" stocks, the criminals hacked into accounts at a number of online brokerage houses, including Charles Schwab, E*Trade, Merrill Lynch, TD Ameritrade, Vanguard and others. Securities in those accounts were sold and the proceeds used to buy thousands -- and in one case, millions -- of the same shares. That, said the SEC, artificially drove up the price.

Court documents released in connection with indictments announced on Thursday in a massive international cybercrime operation that resulted in millions of dollars being plundered from domestic bank accounts provide a fascinating -- if scary -- glimpse into how the crooks operated within the U.S.

The U.S Attorney's Office in Manhattan announced on Thursday that it had charged 37 individuals for their role in a scheme that involved the use of a sophisticated banking Trojan program and numerous "money mules" to steal from dozens of U.S. business accounts.

The charges in the U.S. followed similar arrests in the U.K., where authorities on Tuesday charged 11 Eastern European citizens in connection with the same scam. The operation in the U.S. was code-named ACHing Mules, in apparent reference to the fact that unauthorized automated clearinghouse (ACH) transactions were typically used to siphon money out of business accounts.

All of the individuals charged in the U.S. so far are from Russia and East European countries and were either money mules who helped transfer stolen money out of the U.S., or individuals who managed or recruited them.

Most of those charged on Thursday entered the country on J-1 non-immigrant visas, which are frequently used by students in cultural exchange programs and other short-term training programs. The visas allow those holding them to remain in the country for months at a time and permit them to open U.S. bank accounts.

A statement released by the U.S. Attorney's Office said the actual thefts were perpetrated out of Eastern Europe by crooks who used the Zeus banking Trojan to break into computers at small businesses and small municipalities.

The malware was used to steal online banking credentials, which were then used to access bank accounts belonging to the small business or municipality. The perpetrators would then withdraw money from the compromised accounts, typically in amounts just under $10,000, and transfer it to fraudulent U.S. bank accounts set up by the money mules.