Chinese government-linked hackers stole millions in COVID funds

The U.S. government has just confirmed the first official case of pandemic fraud linked to foreign state-sponsored hackers.

At least $20 million in COVID relief funds have been stolen by the China-based, state-sponsored hacking group, APT41, according to the Secret Service per NBC News. And officials believe there is much more of this going on that’s yet to be discovered as over 1,000 related investigations are underway.

APT41 is a sophisticated group that has carried out high-level attacks on the U.S. before. The hackers have honed their craft targeting developers through software flaws in order to directly infiltrate platforms and systems. For example, in 2019, APT41 stole text messages from thousands of phone numbers by infecting telecommunications companies with malware. 

In 2020, cybersecurity experts reported a spike in hacking attacks amid the COVID-19 pandemic. A major player causing that spike? APT41. According to researchers, the group targeted numerous healthcare groups, media organizations, and manufacturers in North America, Europe, and Asia.

A new study from the Department of Labor concluded that an estimated $46 billion was procured fraudulently from the COVID-19 pandemic unemployment insurance relief funds in total. Some experts believe that figure could be even higher. And security researchers say it’s likely foreign-sponsored bad actors took up a chunk of that total amount, too. The Secret Service declined to give any more information about the attack, according to NBC News. Although officials confirmed that there are a multitude of investigations into this type of fraud, involving both domestic and international actors. And APT41 is a “notable player in these investigations.”

At this time, it’s unclear whether the Chinese government directed this specific APT41 attack, stealing COVID relief funds.

“I’ve never seen them target government money before,” said one expert from cybersecurity company Mandiant to NBC News. “That would be an escalation.”