A Chinese state-sponsored APT group has stolen at least $20m from US COVID-relief funds, in what appears to be a first-of-its kind campaign, according to the Secret Service.
The service told NBC that it linked prolific Chengdu-based APT41 to the raids, which targeted Small Business Administration (SBA) loans and unemployment insurance funds in more than 12 states.
However, the true scale of the campaign may be much greater. The Secret Service said it has over 1000 investigations currently open into theft and fraud related to public benefits programs.
“It would be crazy to think this group didn’t target all 50 states,” said Roy Dotson, national pandemic fraud recovery coordinator for the Secret Service.
The campaign began in mid-2020 and impacted 2000 accounts associated with more than 40,000 financial transactions, according to NBC.
It’s unclear at this stage whether the group was specifically given orders to steal the funds or if government handlers simply looked the other way.
APT41 has certainly done similar in the past – in 2019 FireEye said it detected the same group using ransomware against gaming companies and attacking cryptocurrency providers for personal profit.
“APT41 is unique among the China-nexus actors we track in that it uses tools typically reserved for espionage campaigns in what appears to be activity for personal gain,” said FireEye SVP of global threat intelligence, Sandra Joyce. “They are as agile as they are skilled and well-resourced.”
The Secret Service said it has been able to recover around half of the stolen $20m, although this is just a drop in the ocean compared to the amount lost through fraud.
An in-depth analysis of four states by the Labor Department Office of Inspector General (OIG) found that around a fifth (19%) of the $872.5bn in federal pandemic unemployment funds were improperly paid.