Cybercriminals with ties to the Chinese government have stolen tens of millions of dollars in U.S. covid relief benefits, NBC reports.
APT41, a well-known threat actor, is said to have used various scams to siphon at least $20 million in relief benefits from state unemployment funds and Small Business Administration loans. That news comes from sources at the Secret Service, which has been investigating online fraud connected to covid relief programs. NBC calls this the “first instance of pandemic fraud tied to foreign, state-sponsored cybercriminals.”
In the past, APT41—also known by its monikers “Winnti” and “Barium”—has been tied to a number of high-profile hacking campaigns that targeted U.S. victims. Earlier this year, the cybersecurity firm Mandiant reported that the group had penetrated the networks of at least six state governments via bugs in a widely used farming app—a campaign broadly considered to be an espionage effort.
In 2020, the U.S. Justice Department indicted a number of APT41 hackers in absentia in connection to a long-running hacking spree that allegedly stole millions of dollars from U.S. businesses, universities, non-profits, and other organizations. The hackers were never caught or brought to trial.
Of course, China’s keyboard warriors aren’t the only ones to take advantage of America’s poorly watched welfare system. U.S. covid relief funds have been the subject of global fraud, totaling in the billions of dollars. NBC reports that, in addition to investigating APT41, the Secret Service is currently involved in over a thousand “ongoing investigations” connected to “transnational and domestic criminal actors” who may have exploited such programs.
Weirdly limited oversight of America’s benefits distribution has made the system easy prey for online scammers. Cybercriminals and fraudsters have used a host of unsavory tactics (like stealing the social security numbers of dead people) to create fake profiles and file for illegitimate funds. In California alone, experts “conservatively” estimate that at least $20 billion in benefits have been stolen—including by a guy who boldly filed for funds using the name “Mr. Poopy Pants.”
The grand total of stolen benefits nationwide is unknown. One estimate—made last December by the Secret Service—put the number at somewhere around $100 billion. Others believe it may be in the hundreds of billions.