The hacking group APT41, known as “the ‘workhorse’ of cyberespionage operations that benefit the Chinese government,” looted pandemic-related Small Business Administration loans and unemployment insurance funds, NBC News reported Monday. The theft is the U.S. government’s first publicly acknowledged incident of pandemic fraud linked to foreign, state-sponsored cybercriminals.
The Secret Service considers APT41 a “Chinese state-sponsored, cyberthreat group that is highly adept at conducting espionage missions and financial crimes for personal gain.” It is unclear if the Chinese Communist Party directed the hackers’ attack on U.S. taxpayer funds, but APT41’s targeting of government money—a move cybersecurity analysts have never seen before—is a “dangerous” and “serious” threat to U.S. national security, intelligence and cybersecurity officials told NBC News:
The experts and officials describe the Chinese model of “state-sponsored” hackers as a network of semi-independent groups conducting contract work in service of government espionage. … APT41, also known to cybersecurity firms as Winnti, Barium, and Wicked Panda, fits the model and is considered a particularly prolific Chinese intelligence asset, known to commit financial crimes on the side. …
The primary purpose of APT41’s state-directed activity, the experts and officials say, is believed to be collecting personally identifying information and data about American citizens, institutions, and businesses that can be used by China for espionage purposes.
The U.S. government’s implementation of COVID relief programs was already rife with fraud, with millions of dollars sent to ineligible businesses and organizations. Of the $872.5 billion in federal pandemic unemployment funds, roughly 20 percent were improper payments, the Department of Labor reported. The Labor Department overpaid unemployment benefits by more than $350 billion between April 2020 and May 2021, a Heritage Foundation analysis estimates.