Federal authorities say Chinese hackers have stolen $20 million in COVID relief money since 2020.
The U.S. Secret Service has identified the group behind the theft as a hacking team known as APT41 or Winnti, according to media reports.
“Of the more than 1,000 ongoing investigations involving transnational and domestic criminal actors defrauding public benefits programs, APT41 has emerged a notable player,” said Roy Dotson, who coordinators the Secret Service’s pandemic fraud recovery efforts.
The thefts reportedly involved unemployment insurance and Small Business Administration loan funds in several states.
However, the $20 million figure pales in comparison to the funds the Secret Service has already recovered in cases of homegrown fraud.
As we noted in August, the agency has recovered $286 million in COVID-19 relief money that had been illegally obtained by people using false identities.
The conspirators in these cases apparently used fake or stolen credentials to apply for Economic Injury Disaster Loans, which was part of a relief program to help assist businesses during the pandemic.
This is part of a glut of fraud associated with pandemic programs. Since 2020, the Secret Service has seized more than $1.4 billion in ill-gotten funds, returning around $2.3 billion to state unemployment insurance programs.
The FBI reported earlier this year that the pandemic presented fraudsters with a wealth of opportunities for scams.
After getting close to 20,000 business email compromise (BEC)/email account compromise (EAC) complaints in 2021 and estimating “adjusted losses at nearly $2.4 billion,” the FBI noted that BEC/EAC scams have begun to rely more and more on social engineering and email intrusion “to conduct unauthorized transfers of funds.”
The agency’s report said that during the pandemic, fraudsters went into high gear, “using virtual meeting platforms to hack emails and spoof business leaders’ credentials to initiate the fraudulent wire transfers. These fraudulent wire transfers are often immediately transferred to cryptocurrency wallets and quickly dispersed, making recovery efforts more difficult.”