Hackers linked to China‘s government stole at least $20 million in U.S. Covid relief benefits, including small business loans and unemployment funds, across over a dozen states.
The cyber crime was the work of a hacking group called APT41 based in Chengdu, according to the Secret Service.
Those officials and experts told the outlet that other federal probes of pandemic fraud also seem to point back to foreign-state hackers. It wouldn’t be the first time that hackers linked to China’s government have caused security headaches in other countries.
The fraud linked to APT41 being in mid-2020 and spanned 2,000 accounts with more than 40,000 financial transactions – and the agency has been able to recover about half of the stolen funds, according to NBC News. Officials could not confirm whether the hackers still had access to state government networks after being discovered.
Although it’s unclear whether the Chinese government specifically directed the hacks or just allowed them to take place, American security officials the theft is a serious development with national security implications.
‘It would be crazy to think this group didn’t target all 50 states,’ Roy Dotson, national pandemic fraud recovery coordinator for the Secret Service, who also acts as a liaison to other federal agencies probing Covid fraud, told NBC News.
One high-level Justice Department official told NBC News it was ‘dangerous’ and the Secret Service said there are more than 1,000 ongoing investigations that involve criminals defrauding public benefits programs.
‘Once you are in these systems with intent to promulgate theft’ of personally identifying information,’ William Evanina, the former director of the National Counterintelligence and Security Center, part of the Office of the Director of National Intelligence, said, ‘you’re in forever,’ noting that there are many different systems sharing interconnected domain names at the state or local level.
‘Unless,’ he added, ‘you tear down the systems and replace everything.’
A Heritage Foundation analysis estimated that there were excess unemployment benefits totaling $350 billion between April 2020 and May 2021.
‘My analysis of the Department of Labor’s data shows that UI programs sent out 1.365 billion weekly benefit checks between April 2020 and May 2021 when covering 100% of all unemployed workers—an optimistic goal of the UI expansions—would have required only 807 million benefit checks,’ Rachel Greszler, a Heritage Foundation research fellow, told the Senate during her testimony last year.
‘So that’s an excess of 557 million UI checks and $357 billion of taxpayers’ money sent to people—likely criminals—who weren’t unemployed.’
Unfortunately, by the time the Covid relief funds were being disbursed, APT41 had become a prominent part of cyberespionage operations benefiting the Chinese government, experts said.
ATP41 is also known to cyber security groups by the names Wicked Panda, Barium and Winnti.
‘By putting an unprecedentedly high dollar value on unemployment insurance benefits, making them available for three times as long as usual, widening eligibility, and reducing verification requirements, unemployment insurance benefits were not only abused by some individuals, but they became a high value, easily accessible target for criminals,’ Greszler said.
U.S. officials warned at the pandemic’s beginning that hackers would use various phishing schemes to gather personal and financial data from unsuspecting victims.