IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

US seizes millions in stolen COVID relief funds by China-backed hackers

APT41 had stolen at least $20 million intended for small businesses, but this is a drop in the water compared to the total lost

A total of $20 million in US government funds intended for coronavirus relief were stolen by Chinese state-sponsored hackers, according to the US secret service.

It believes that the threat group, tracked as APT41, operated more than 2,000 accounts across its fraud operation, which began in 2020. The group is known for taking advantage of victims who have not yet implemented crucial security updates, especially after their details have been shared by public bodies such as the Cyber security and Infrastructure Security Agency (CISA).

Related Resource

The long road ahead to ransomware preparedness

Getting to the bigger truth

Whitepaper cover with title and image of road with speeding light graphicsFree Download

Money intended for businesses and unemployed workers through a variety of government programmes was found to have been stolen by the fraudsters, the first time fraud of this nature has been linked, directly or indirectly, to a foreign state.

The discovery has raised serious questions around national security, and whether or not the group acted for profit or with government backing.

The total amount of money stolen through improper payouts of government COVID funds is unknown. Estimates range from $80 billion to more than $500 billion, of which only a small amount has been recovered or accounted for at the time of writing.

More than a thousand investigations are ongoing, with APT41 and other international actors under scrutiny.

NBC News cited anonymous officials as having indicated that state-backed hackers are seemingly involved in a number of ongoing federal fraud investigations, while investigators have previously indicated that a majority of the stolen funds were taken overseas and will therefore be difficult to track.

In August, the US secret service announced that it had recovered around $286 million, and the agency has since stated that a total of $1.4 billion in illicitly-acquired funds intended for small businesses have been accounted for.

The variety of pandemic schemes for businesses, including the Economic Injury Disaster Loans (EIDL) and Paycheck Protection Program (PPP), increases the difficulty in recovering the funds due to the varied sources.

Five Chinese nationals have been indicted as part of the investigation efforts, though no extradition process has been undertaken. 

APT41 is a widely tracked threat actor with a long record of incidents. Cyber security firm Mandiant, for example, this year discovered that APT41 compromised six US government networks since the start of 2021, utilising vulnerabilities such as the Log4Shell flaw.

At the time, researchers were unable to establish a specific motive, but noted that the group has worked for profit in the past. In 2020, the US Department of Justice (DoJ) charged APT41 members with computer intrusions into more than 100 victims in the United States and overseas. These included: software development companies, hardware manufacturers, video game companies, and more.

Concerns over breaches by groups such as APT41 have led to a tightening of security across US government agencies. CISA now requires agencies to patch recent exploits within two weeks of being discovered, and Congress has passed a bill that would ban the Department of Defense (DoD) from vulnerable software.

“If we can come together and really have open and honest conversations about what works well and what went very wrong, we would just be in a much better place to stop this,” Maryland labour secretary Tiffany Robinson told NBC News. “Because this is not over.”

Cyber crime increased noticeably across the pandemic, as fraudsters and threat actors took advantage of newfound hybrid working patterns, the increase of online deliveries, and government funding schemes for their own means. Account takeover fraud rose 2.8 times across the pandemic, and delivery fraud became the most common form of smishing.

Fraud detection and prevention is a rapidly-growing market, and according to a report by Acumen Research and Consulting its value is due to hit $176 billion by 2030.

Featured Resources

2023 Strategic roadmap for data security platform convergence

Capitalise on your data and share it securely using consolidated platforms

Free Download

The 3D trends report

Presenting one of the most exciting frontiers in visual culture

Free Download

The Total Economic Impact™ of IBM Cloud Pak® for Watson AIOps with Instana

Cost savings and business benefits

Free Download

Leverage automated APM to accelerate CI/CD and boost application performance

Constant change to meet fast-evolving application functionality

Free Download

Recommended

IRS mistakenly publishes 112,000 taxpayer records for the second time
data breaches

IRS mistakenly publishes 112,000 taxpayer records for the second time

19 Dec 2022
US begins seizure of 48 DDoS-for-hire services following global investigation
distributed denial of service (DDOS)

US begins seizure of 48 DDoS-for-hire services following global investigation

15 Dec 2022
Biden sets June deadline for $42 billion broadband funding outline
Network & Internet

Biden sets June deadline for $42 billion broadband funding outline

11 Nov 2022
FCC eyes formal ban of all Huawei, ZTE equipment sales
Policy & legislation

FCC eyes formal ban of all Huawei, ZTE equipment sales

14 Oct 2022

Most Popular

Yandex data breach reveals source code littered with racist language
data breaches

Yandex data breach reveals source code littered with racist language

30 Jan 2023
Dutch hacker steals data from virtually entire population of Austria
data breaches

Dutch hacker steals data from virtually entire population of Austria

26 Jan 2023
What's powering Britain’s fibre broadband boom?
Network & Internet

What's powering Britain’s fibre broadband boom?

3 Feb 2023