Chinese Hackers Steal $20m US Covid Relief Benefits
The US Secret Service have disclosed Covid benefits worth millions of dollars have been stolen by the Chinese hacking group APT41, otherwise known a as Winnt, that has links to the Chinese government. The money was extracted from a fund designed to help small businesses, including unemployment insurance funds and SBA loans in more than twelve US states.
The hackers successfully took advantage of the chaos caused by the pandemic and other parts of the US and further afield are likely to have been hit with similar attacks. “It would be crazy to think this group didn’t target all 50 states,” Roy Dotson, the national pandemic fraud recovery coordinator for the Secret Service, told NBC.
A state-sponsored hacker group APT41 located in the southwestern Chinese city of Chengdu is believed to be behind the attack. They are a notorious criminal operation that has carried out a variety of government-supported hacks and commercially motivated data breaches is the prime suspect
The campaign began in mid-2020 and impacted 2,000 accounts associated with more than 40,000 financial transactions.
It’s unclear at this stage whether the group was specifically given orders to steal the funds or if government handlers simply looked the other way. According to reports, cyber criminals started siphoning off a sizeable portion as soon as state governments started distributing Covid unemployment funds in 2020.
The federal pandemic unemployment funds totaling $872.5 billion have suffered a high degree of fraud and has an 'improper payment rate' of 20%, according to the Labor Department’s Office of Inspector General.
US government officials from several agencies believe the true cost of the fraud is likely higher. Indeed, the Labor department has told Congress that an extensive analysis of four states revealed 42.4% of pandemic benefits were paid incorrectly in the first six months.
The Secret Service said it has been able to recover around half of the stolen $20m, although this is a minor sum compared to the amount lost through Covid-related fraud.
TEISS: Pymnts: NBC: NYPost: TechMonitor: Daily Mail: Infosecurity-Magazine:
You Might Also Read:
Britain's COVID - Driven Online Crime Wave: