Hackers from a cybercriminal group linked to the Chinese government stole at least $20 million from the U.S. in COVID-19 relief benefits, the first known instance of foreign, state-sponsored actors tied to pandemic fraud, Secret Service officials told NBC News.
The officials said that Chengdu-based cyber group APT41 was a “notable player” in its hundreds of open investigations probing pandemic fraud from both transnational and domestic players.
APT41 is a “Chinese state-sponsored, cyber threat group that is highly adept at conducting espionage missions and financial crimes for personal gain,” Secret Service officials told the outlet.
Since the rollout of pandemic money in 2020, billions have been stolen by fraudulent actors across the U.S. and in other parts of the world through the Paycheck Protection Program or expanded unemployment insurance.
The U.S. Secret Service said in August that it has recovered $286 million in stolen pandemic relief money.
Some of the recovered money included funds stolen by APT41, a group that emerged about a decade ago and often collects data on Americans for the Chinese government.
The fraud scheme so far unveiled by the Secret Service identified that APT41, which is known by other names including Wicked Panda, started stealing relief money in mid-2020, according to NBC News.
APT41’s scheme spanned 2,000 accounts associated with over 40,000 financial transactions.
Experts told NBC the cybergroup obtained access to backdoor state government software and may still be inside the systems.