Chinese Hackers Steal $20m US Covid Relief Benefits

Uploaded on 2022-12-12 in TECHNOLOGY--Hackers, INTELLIGENCE-Hot Spots-China, FREE TO VIEW

The US Secret Service have disclosed Covid benefits worth millions of dollars have been stolen by the Chinese hacking group APT41, otherwise known a as Winnt, that has links to the Chinese government. The money was extracted from a fund designed to help small businesses, including unemployment insurance funds and SBA loans in more than twelve US states. 

The hackers successfully took advantage of the chaos caused by the pandemic and other parts of the US and further afield are likely to have been hit with similar attacks. “It would be crazy to think this group didn’t target all 50 states,” Roy Dotson, the national pandemic fraud recovery coordinator for the Secret Service, told NBC.

A state-sponsored hacker group APT41 located in the southwestern Chinese city of Chengdu is believed to be behind the attack. They are a notorious criminal operation that has carried out a variety of government-supported hacks and commercially motivated data breaches is the prime suspect

The campaign began in mid-2020 and impacted 2,000 accounts associated with more than 40,000 financial transactions.

It’s unclear at this stage whether the group was specifically given orders to steal the funds or if government handlers simply looked the other way. According to reports, cyber criminals started siphoning off a sizeable portion as soon as state governments started distributing Covid unemployment funds in 2020. 

The federal pandemic unemployment funds totaling $872.5 billion have suffered a high degree of fraud and has an 'improper payment rate' of 20%, according to the Labor Department’s Office of Inspector General. 

US government officials from several agencies believe the true cost of the fraud is likely higher. Indeed, the Labor  department has told Congress that an extensive analysis of four states revealed 42.4% of pandemic benefits were paid incorrectly in the first six months.

The Secret Service said it has been able to recover around half of the stolen $20m, although this is a minor sum   compared to the amount lost through Covid-related fraud.

TEISS:     Pymnts:    NBC:    NYPost:     TechMonitor:       Daily Mail:   Infosecurity-Magazine

You Might Also Read:  

Britain's COVID - Driven Online Crime Wave:
 

 

« The Current Market For Cyber Security Founders & Investors
The Need For OT-centric Cyber Security Strategies »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Protegrity

Protegrity

Protegrity is an enterprise and cloud data security software for data-centric encryption and tokenization to protect sensitive data while maintaining usability.

Gigasoft

Gigasoft

Gigasoft provide secure online data backup & cloud backup services for the education sector and businesses.

ElcomSoft

ElcomSoft

ElcomSoft is a global leader in computer and mobile forensics, IT security and forensic data recovery.

Clearswift

Clearswift

Clearswift is trusted by businesses, governments and defense organizations globally for its Adaptive Cyber Security and Data Loss Prevention solutions.

Vanbreda

Vanbreda

Vanbreda Risk & Benefits is the largest independent insurance broker and risk consultant in Belgium and the leading insurance partner in the Benelux.

Reed

Reed

reed.co.uk is a leading job site in the UK, providing a full online service for anyone looking for a new job.

Aversafe

Aversafe

Aversafe provides individuals, employers and certificate issuers around the world with a first line of defense against credential fraud.

Melius CyberSafe

Melius CyberSafe

Melius CyberSafe has developed a world-leading SaaS platform built around continuous assessment and improvement through vulnerability scanning and penetration testing.

Qohash

Qohash

With a focus on data security, Qohash supports security, compliance and optimization use cases enhancing your risk management process.

TopSOC Information Security

TopSOC Information Security

TopSOC Information Security provide a wide range of security consultation, implementation and training services.

Tonex

Tonex

Tonex providing industry-leading technology training, courses, seminars, workshops, and consulting services to companies and government organizations around the world.

Threat Con

Threat Con

Threat Con is a one of its kind event in Nepal, a series of annual international security conventions similar to the famous Black Hat and DEF CON conferences.

Delta Partners

Delta Partners

Delta Partners is a venture capital firm investing in Ireland and the United Kingdom with a strong focus on early stage technology companies.

Vault Cloud

Vault Cloud

Vault Cloud, Australia's National Cloud, is an Australian owned and operated company specialising in secure, sovereign, hyperscale cloud infrastructure.

OpenZiti

OpenZiti

OpenZiti is the world’s most used and widely integrated open source secure networking platform. OpenZiti provides both zero trust security and overlay networking as pure open source software.

Rydal Group

Rydal Group

Rydal Group is an award-winning, fully pledged communications & managed IT, Security and Energy provider supporting over 1,500 businesses across the UK.