A Secret Service investigation has found that the theft of hundreds of billions of dollars of Covid benefits included about $20 million stolen by state-backed Chinese hackers, but that it is unlikely that the Chinese government directed the team to plunder the US treasury.
The money was stolen from a federal Small Business Administration loan fund and the unemployment insurance programs of several different states (these programs were greatly loosened and expanded during the pandemic). The Chinese hackers belong to a group that is known to perform espionage missions for the government, but also dabble in their own independent financial thefts when they are off the clock.
APT41 got in on mass pillaging of Covid benefits
The Secret Service has estimated that there was a total of about $100 billion in Covid benefits fraud; the $20 million that the Chinese hackers took is thus a relative drop in the bucket, but noteworthy in that it involved a state-backed group.
The group that has been accused, APT41, has been around for a long time and is unique among China’s state hackers in stealing money for themselves on the side. Given that, and the amount taken being relatively trivial as compared to the risk of an international incident, it seems likely that the group went into business for itself rather than the thefts being directed by the CCP.
The Chinese hackers reportedly started targeting the Covid benefits programs in mid-2020, shortly after they got underway. They made use of about 2,000 accounts and engaged in about 40,000 transactions in all. The attack was likely not difficult for this group, which has been collecting personal information from its assorted espionage campaigns in the US in the past decade. While foreign actors were responsible for a good deal of benefits theft, there was also widespread domestic fraud via simple misrepresentation of facts on applications that were not adequately screened.
Half of the money stolen by Chinese hackers recovered
Though it’s a small fraction of the Covid benefits that were pillaged during this period, the Secret Service says that it has recovered about half of what the Chinese hackers stole to date. More thefts could come to light, however, as thousands of state and federal investigations continue.
State benefits fraud was particularly acute, with some investigations finding that over 60% of fraudulent claims were paid out. In 2020 and 2021 most states greatly expanded the pool of people that qualified for unemployment benefits, reduced barriers to application and expanded the length of eligibility. This in turn led to logjams at unemployment offices as workers were unable to keep up with the massive new load. The federal business loans were also famously ransacked, with reportedly almost no scrutiny of any application that requested less than $10,000 and multiple loan payments sometimes being sent to residential addresses.
APT41 reportedly has had long-term access into the networks of several state governments, according to a 2021 investigation by security firm Mandiant. That year the group was also spotted probing state unemployment systems. A number of group members have been identified by US authorities and wanted since 2019, but as long as they stay in China they will likely remain free to continue to hack.