U.S. Secret Service officials confirmed an NBC News report on Monday alleging that cybercriminals from China tied to the Communist Party of China (CCP) stole nearly $20 million worth of funds intended for COVID-pandemic relief.
According to NBC, law enforcement officials and cybersecurity experts who spoke under the condition of anonymity said that the heist is the first publicly acknowledged example of theft linked to a foreign government.
Officials, who described the group as “APT41,” called it a “Chinese state-sponsored, cyber threat group that is highly adept at conducting espionage missions and financial crimes for personal gain” that operates in the city of Chengdu.
“APT41,” which is also known as “Winnti,” “Barium,” and “Wicked Panda,” allegedly stole the COVID funds in mid-2020 from around 2,000 accounts tied to more than 40,000 financial transactions including loans from the Small Business Administration and unemployment insurance funds in at least a dozen states.
DOJ officials familiar with the organization say that the hackers used methods of software to weaponize against users, businesses, and governments, which involves tracking public disclosures about security flaws. In addition to committing the theft, the group also collects information on U.S. citizens, institutions, and businesses for the purposes of espionage.
“It would be crazy to think this group didn’t target all 50 states,” said Roy Dotson, the national pandemic fraud recovery coordinator for the Secret Service.
Beyond the Chinese hackers, billions in pandemic relief funds have been stolen through the Paycheck Protection Program and unemployment insurance.
Around $286 million of stolen pandemic relief funds have been recovered by the Secret Service, the Hill reported.