Chinese Hackers Stole Millions From US COVID Relief Benefits, Secret Service Reports

Hackers with ties to the Chinese government stole at least $20 million from U.S. taxpayer-funded COVID-19 relief benefits in more than a dozen states, the Secret Service reports.

The hacking group APT41, known as “the ‘workhorse’ of cyberespionage operations that benefit the Chinese government,” looted pandemic-related Small Business Administration loans and unemployment insurance funds, NBC News reported Monday. The theft is the U.S. government’s first publicly acknowledged incident of pandemic fraud linked to foreign, state-sponsored cybercriminals.

The Secret Service considers APT41 a “Chinese state-sponsored, cyberthreat group that is highly adept at conducting espionage missions and financial crimes for personal gain.” It is unclear if the Chinese Communist Party directed the hackers’ attack on U.S. taxpayer funds, but APT41’s targeting of government money—a move cybersecurity analysts have never seen before—is a “dangerous” and “serious” threat to U.S. national security, intelligence and cybersecurity officials told NBC News:

The experts and officials describe the Chinese model of “state-sponsored” hackers as a network of semi-independent groups conducting contract work in service of government espionage. … APT41, also known to cybersecurity firms as Winnti, Barium, and Wicked Panda, fits the model and is considered a particularly prolific Chinese intelligence asset, known to commit financial crimes on the side. …

The primary purpose of APT41’s state-directed activity, the experts and officials say, is believed to be collecting personally identifying information and data about American citizens, institutions, and businesses that can be used by China for espionage purposes.


Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s