U.S. Secret Service officials confirmed an exclusive report Monday alleging prolific cybercriminal hackers tied to the Chinese Communist Party have stolen nearly $20 million worth of COVID pandemic relief benefits.
Secret Service officials did not comment further upon corroborating the NBC News report. However, U.S. law enforcement officials and cybersecurity experts, who spoke on the condition of anonymity, said the pandemic fraud instance is the first publicly acknowledged example of theft linked to foreign and state-sponsored cybercriminals.
Officials said the hacker group in question is APT41, which they described as a “Chinese state-sponsored, cyber threat group that is highly adept at conducting espionage missions and financial crimes for personal gain” that operates out of the southwestern Chinese city of Chengdu.
APT41 — also known as Winnti, Barium, and Wicked Panda — allegedly began stealing COVID relief money in mid-2020 from approximately 2,000 accounts associated with more than 40,000 financial transactions, including Small Business Administration loans and unemployment insurance funds in more than at least a dozen states.
“It would be crazy to think this group didn’t target all 50 states,” Roy Dotson, the national pandemic fraud recovery coordinator for the Secret Service, told NBC.
Billions of dollars in pandemic relief money have reportedly been stolen through the Paycheck Protection Program or unemployment insurance since 2020.
The Hill reports Secret Service said last August that $286 million in stolen pandemic relief money had been recovered.
According to the NBC News report, Justice Department officials familiar with the group said members use hacking methods on software to further weaponize against users, businesses, and governments, which also involves tracking public disclosures about security flaws. The group also collects information and data from American citizens, institutions, and businesses for Chinese espionage purposes.
A senior Justice Department official described APT41 as “dangerous,” adding the group presents “serious national security implications.”
John Hultquist is the head of intelligence analysis at the cybersecurity firm Mandiant, which is contractually linked to approximately 75 state and local government organizations and agencies. He said he had never seen the group target government money before, which he added would be “an escalation.”
Another federal law enforcement official familiar with investigations involving Chinese-based hackers said the agency would “never” be able to indict and locate such criminals because “with the internet and the dark web, it’s borderless.”
Officials said more than 1,000 other investigations of foreign and domestic criminals stealing public benefits are underway.
Chinese Embassy officials in Washington have not responded to requests for comment.