A Chinese APT group stole millions from the US COVID funds

December 20, 2022
Chinese Hackers APT41 Threat Group Stolen Funds US Government COVID

A Chinese APT group has swiped approximately $20 million from the United States COVID relief funds. According to researchers, the attack against the funds appeared to be the “first-of-its-kind.”

The advanced persistent threat group is connected to the Chengdu-based APT41, which recently targeted the Small Business Administration (SBA) loans. This group have also impacted the unemployment insurance funds in nearly a dozen states in the US.

Unfortunately, the true scope of the campaign may be vaster than what was identified by researchers. The US Secret Service revealed that it has more than a thousand investigations currently open and involved in fraud and theft-related issues to public benefits programs.

The national pandemic fraud recovery coordinator for the Secret Service also cannot believe that the group has yet to target all 50 states of the US since many of its attacks are lucrative.

 

The Chinese APT group initiated their campaign a couple of years ago.

 

A recent tally showed that the Chinese APT group started their campaign in the first half of 2020 and compromised 2000 accounts linked to over 40,000 financial transactions.

However, researchers needed to identify if the group was following specific orders to steal the funds of government handlers who were not involved with the attacks.

The APT41 has executed similar activities in the past, such as the 2019 FireEye incident, where they were using ransomware against crypto providers and gaming companies for personal profit.

The researchers also revealed that APT41 is unique in China since it utilises kits that are common for espionage campaigns but are used for personal interests. Furthermore, these actors have been notorious as an elusive group with sophisticated skills backed with good resources.

The Secret Service claimed they had recovered nearly half of the stolen $20 million. Unfortunately, the recovered funds are nothing compared to the amounts stolen from fraud campaigns.

Currently, US law enforcement agencies and other researchers are trying to track down these attacks to recover all the stolen funds from numerous cybercriminal campaigns possibly.

About the author

Leave a Reply