A hacking group linked to the Chinese government is alleged to have stolen more than $20 million in COVID relief benefits, including U.S. Small Business Administration loans and unemployment funds in more than a dozen states.

NBC reported today that the allegation comes from the Secret Service, although the agency has not released a report on the matter. The group allegedly behind the theft, APT41 — also known as Wicked Panda and Winnti — is well-known and has been behind multiple attacks in the past, making the claim believable.

Referencing officials and experts, most speaking off the record, NBC said other federal investigations of pandemic fraud have also pointed back to foreign state-affiliated hackers. A spokesperson for the Secret Service declined to comment further, but one spokesperson did suggest that the attacks may have targeted all 50 states.

Presuming APT41 did steal $20 million in pandemic relief funds, the theft would be a drop in a bucket next to the figures believed to have been extorted, stolen or wrongly claimed. The Labor Department Office of the Inspector General believes that roughly 20% of the $872.5 billion spent on federal pandemic funds were improperly paid, with the fraud rate potentially higher yet.

The Justice Department indicated members and associates of APT 41 in September 2020 on allegations of state-sponsored hacking. At the time, the group was alleged to be behind computer intrusions affecting more than 100 companies and groups in the United States and abroad.

Groups and companies previously targeted by APT41 include software development companies, computer hardware manufacturers, telecommunications providers, social media companies, video game companies, nonprofit organizations, universities, think tanks and foreign governments, as well as pro-democracy politicians and activists in Hong Kong.

“The actions of Wicked Panda to steal from the U.S. Paycheck Protection Program post-COVID-19 comes as no surprise and should be a continued wakeup call,” Tim Kosiba, chief executive officer of government cybersecurity solutions and training provider bracket f Inc., a subsidiary of Redacted Inc., told SiliconANGLE. “This Chinese-backed organization will remain a strategic threat to our country to support the efforts of the CCP to commit espionage and attack our porous infrastructure in order to improve their competitive advantage.”

Kosiba added that “the PPP rollout was not implemented with cybersecurity at the forefront, but rather a means of supporting our society as a result of immediate COVID-19 impacts.” Hence, he said, “there should be little doubt APT41 remains present in some form within state government systems, as the CCP-directed efforts to collect information on U.S. citizens will continue.”

Indeed, given the information that has been collected on U.S. citizens by China over the years, fraudulently filing for benefits is far from difficult, said Erich Kron, security awareness advocate at cybersecurity awareness training company KnowBe4 Inc. “The U.S. government has a responsibility to protect our tax dollars from fraud and abuse, unfortunately, it seems in at least this case, it has failed to anticipate this outcome,” he said.

Photo: Pxhere