Chinese Hackers Stole Millions From US COVID Relief Benefits, Secret Service Reports

Xi Jinping (Feng Li/Getty Images)
December 5, 2022

Hackers with ties to the Chinese government stole at least $20 million from U.S. taxpayer-funded COVID-19 relief benefits in more than a dozen states, the Secret Service reports.

The hacking group APT41, known as "the 'workhorse' of cyberespionage operations that benefit the Chinese government," looted pandemic-related Small Business Administration loans and unemployment insurance funds, NBC News reported Monday. The theft is the U.S. government's first publicly acknowledged incident of pandemic fraud linked to foreign, state-sponsored cybercriminals.

The Secret Service considers APT41 a "Chinese state-sponsored, cyberthreat group that is highly adept at conducting espionage missions and financial crimes for personal gain." It is unclear if the Chinese Communist Party directed the hackers' attack on U.S. taxpayer funds, but APT41's targeting of government money—a move cybersecurity analysts have never seen before—is a "dangerous" and "serious" threat to U.S. national security, intelligence and cybersecurity officials told NBC News:

The experts and officials describe the Chinese model of "state-sponsored" hackers as a network of semi-independent groups conducting contract work in service of government espionage. … APT41, also known to cybersecurity firms as Winnti, Barium, and Wicked Panda, fits the model and is considered a particularly prolific Chinese intelligence asset, known to commit financial crimes on the side. …

The primary purpose of APT41's state-directed activity, the experts and officials say, is believed to be collecting personally identifying information and data about American citizens, institutions, and businesses that can be used by China for espionage purposes.

The U.S. government’s implementation of COVID relief programs was already rife with fraud, with millions of dollars sent to ineligible businesses and organizations. Of the $872.5 billion in federal pandemic unemployment funds, roughly 20 percent were improper payments, the Department of Labor reported. The Labor Department overpaid unemployment benefits by more than $350 billion between April 2020 and May 2021, a Heritage Foundation analysis estimates.

In its COVID fraud scheme, APT41 hacked 2,000 accounts connected to more than 40,000 financial transactions.

APT41 has "the patience, the sophistication, and the resources to carry out hacking that has a direct impact on national security," a former Justice Department official familiar with the group told NBC.

China has prioritized cyberespionage for years to strengthen its position in international politics, said Ambassador Nathaniel Fick, the head of the State Department's Bureau of Cyberspace and Digital Policy.

"The United States is target No. 1, because we are competitor No. 1," Fick told NBC News. "It's a really comprehensive, multi-decade, well-considered, well-resourced, well-planned, well-executed strategy."

The Secret Service has recovered half of the stolen $20 million so far.