Chinese Hackers Stole $20M of Covid-19 Relief Funds

Source: Tech Monitor | Published on December 7, 2022

BEC attacks

Washington officials say hackers backed by the Chinese government stole at least $20 million from Covid-19 relief funds in the United States. A security researcher told Tech Monitor that similar attacks are likely to have occurred in other countries, including the United Kingdom.

According to NBC, the raid was carried out by a Chinese APT group known as APT41, which stole at least $20 million.

The theft was discovered as part of the US Secret Service’s larger investigation into pandemic funds fraud, which announced on Friday that it had recovered $286 million in Covid-19 relief funds.

Chinese hackers have targeted the Covid-19 relief funds. APT41

It is believed that APT41 targeted small business administration loan funds, which were intended to assist businesses in dealing with the pandemic, as well as unemployment insurance funds in more than a dozen US states.

Though the United States was the first to report that its pandemic funds had been targeted by international hackers, others are likely to follow, according to Allan Liska, cybersecurity lead at security firm Recorded Future.

“There were a lot of funds sent out, and there wasn’t a lot of oversight in many countries,” Liska says. “Both cybercriminals and now nation-state actors have been able to use this to redirect funds.” The same thing will have occurred in other countries.”

The UK government announced in February that up to £16 billion had been lost due to “fraud and error” in Covid-19 loan schemes. According to Liska, some of the stolen money was most likely taken by cybercriminals. “This is exactly the type of thing that nation-state hackers, particularly from countries like North Korea, like to do in order to steal funds,” he says. “We just haven’t seen the proof yet.”

According to Liska, hackers could have easily used stolen data from the dark web to impersonate an application to one of the schemes. “Even if governments had good cybersecurity practices in place,” he says, “because there are so many stolen credentials available in underground markets, it would be very easy to fake a Covid application using someone else’s name.”