Secret Service Reports Chinese Hacking Operation

( This week, officials with the U.S. Secret Service confirmed a report from NBC News that prolific hackers that are tied to the Chinese Communist Party were able to steal almost $20 million in COVID-19 pandemic relief benefits.

The officials didn’t comment any further on the matter, beyond just corroborating the information that NBC News published. Other officials in federal law enforcement, as well as cybersecurity experts, did say that this instance of pandemic fraud is the first one linked to a foreign entity that’s state-sponsored that’s been publicly acknowledged.

The hacker group that’s at the heart of this attack is called APT41. The officials described this group as a “Chinese state-sponsored, cyber threat group that is highly adept at conducting espionage missions and financial crimes for personal gain.”

The group operates out of Chengdu, a city in the southwestern section of China. It also goes by various other names, such as Wicked Panda, Barium and Winnti.

According to reports, the group began their efforts to steal the pandemic relief funds in the middle of 2020. They targeted roughly 2,000 different accounts that were associated with in excess of 40,000 total financial transactions.

The source of their attacks were loans offered by the Small Business Administration, as well as unemployment insurance accounts in 12 states at least.

In speaking with NBC, the Secret Service’s national pandemic fraud recovery coordinator, Roy Dotson, said:

“It would be crazy to think this group didn’t target all 50 states.”

Since 2020, billions of dollars in COVID-19 relief funds have been stolen — either through unemployment insurance programs or the federal Paycheck Protection Program.

Media outlet The Hill reported that, last August, the Secret Service said $286 million in these stolen funds had already been recovered.

In regard to this recent Chinese-linked cyberattack, officials with the Department of Justice who know about the group said they use various methods of hacking through software, which they can then use as a weapon against businesses, governments and individual users.

Members of the group use public disclosures regarding security flaws in software to then target that particular software. The group also works hard to collect data and information on businesses, institutions and citizens in the United States for spying purposes for the Chinese government.

One senior DOT official said the APT41 group is “dangerous,” adding that it presents “serious national security implications.”

John Hultquist, who serves as the head of intelligence analysis at Mandiant — a cybersecurity firm that has contracts with roughly 75 local and state government agencies and organizations — said he’s never observed APT41 target money from government agencies in the past.

He did say that if it were true, it would certainly be “an escalation” of what the group has done in the past.

Another official with federal law enforcement commented recently that it would be next to impossible to track down the hackers and then indict them for crimes because “with the internet and the dark web, it’s borderless.”

There are more than 1,000 investigations of domestic and foreign criminals ongoing now for crimes related to stealing these public monetary benefits.