As first reported by NBC News, Chinese hackers linked to the Chinese Communist Party government have stolen at least $20 million in United States COVID-19 relief money funds. The US Secret Service declined to provide any further details but confirmed the report Monday.
The funds include Small Business Administration loans and unemployment insurance funds in over a dozen states, per NBC.
This is the first instance of pandemic fraud tied to foreign, state-sponsored cybercriminals or hackers that the US government has acknowledged publicly.
“I’ve never seen them target government money before. That would be an escalation,” commented John Hultquist, head of intelligence analysis at cybersecurity firm Mandiant.
The group reportedly responsible is well-known within the information security community as APT41, or Winnti. In September, reports attributed APT41 to increasingly targeting the US healthcare sector.
APT41 has targeted the healthcare sector for years – first noticed in 2014, and continuing nearly every year since. The group was first discovered by researchers back in 2012 and is on the Federal Bureau of Investigations’ Most Wanted List.
Several members of APT41 were indicted in 2019 and 2020 by the US Justice Department for spying on over 100 companies.
The primary purpose of APT41’s actions is believed to be collecting personally identifying information and data about American citizens, institutions, and businesses that can be used by China for the purposes of espionage.
The full investigative report is available on NBC.
