Chinese Hackers steal US Covid funds
The US Secret Service alleged that a Chinese hacking group stole tens of millions of dollars from US Covid-19 relief funds. The incident has increased the threat that the US and its citizens are facing from threat actors.
State-sponsored cyber criminal group APT41 scammed and stole $20 million that was used as a pandemic relief during Covid-19.
Experts say this is the first theft of APT41, it is known for cyber espionage and financial cyberattacks. But this time, it is confirmed that APT41 has targeted US government funds. The money consists of small business administration plans and unemployment insurance funds.
It also shows APT41's capability to defraud the US on a bigger scale, given the depth of details it has retrieved about American citizens.
"Fintech companies contracted by the federal government to process pandemic payouts rushed through processing applications in pursuit of higher fees, which contributed to the fraud that occurred, according to a report by the US House Select Subcommittee on the Coronavirus Crisis published on December 1. The key issue at hand is the state-sponsored group’s ability to scale future fraud attempts via automated technology and troves of taxpayer data China is believed to have obtained after security breaches at credit bureau Equifax and the US Office of Personnel Management, Hamilton said. OPM houses all federal employee data.ls it has retrieved about the American citizens," reports Bloomberg
APT41 believed behind the theft
It is not clear if agencies believe APT41 compromised government systems or citizens' personal accounts to get the Covid-19 relief funds, or if they hacked into already stolen information to engage in an identity scam.
Investigating agencies didn't disclose any more details about how the theft took place, saying “with respect to a potentially ongoing investigation, we have no further publicly available information.”
For individual US citizens, it may be hard to imagine themselves as victims of a states sponsored attack like China, however, the threat is rising.
“When you look at how many records they have, talk about massive fraud. If the Chinese-based hackers wanted to use that information for fraud, they would have a very easy time with that because they have it all," said Linn Freedman, cybersecurity partner of Robinson Cole LLP.
The threat scale has increased
Currently, not much information is available to determine the security loopholes that resulted in fraudulent activity related to the relief funds, it is believed that the money theft is not an isolated incident.
Mike Hamilton, the chief information security officer at cybersecurity agency Critical Insight, believes that the cyberattack was a "beta test" of APT41's capabilities to defraud the American government and also that APT41 attacked the funds because it was easy to steal.
Bloomberg reports, "APT41 recently compromised at least six state government websites and exfiltrated personally identifiable information as part of a deliberate hacking campaign targeting states, according to a report published by cybersecurity firm Mandiant in March 2022."
