According to the Secret Service, a prolific Chinese state-sponsored APT group known as APT41 has stolen at least $20 million from US Covid-19 relief funds. The campaign appears to the be the first of its kind and the group targeted Small Business Administration loans and unemployment insurance funds. The Secret Service stated that APT41 is based in Chengdu and targeted more than 12 states to pull off the theft. The service warns that the campaign might be much greater than what has already been identified. There are currently over 1,000 investigations open into theft and fraud related to these specific public benefits programs that were brought by the economic impacts of Covid-19 and the subsequent lockdowns.
The campaign reportedly began in mid 2020 and impacted 2,000 accounts associated with roughly 40,000 financial transactions. The nature of the attack remains somewhat unclear, and there are still questions as to whether the group was given orders by the Chinese government to steal the funds or if authorities just looked the other way. This is not the first time that APT41 has conducted attacks for financial profit, and it was identified by FireEye in 2019 using ransomware against gaming companies. So far, the Secret Service has been able to recover roughly half of the stolen funds that it has identified.