Chinese Winnti APT Group Stolen Covid Funds

Threat actors from a well-known APT group linked to the Chinese government are alleged to have stolen more than $20 million in COVID relief benefits, including U.S. Small Business Administration loans and unemployment funds in more than a dozen states.

The group allegedly behind the theft, APT41 aka Wicked Panda and Winnti — is well-known and has been behind multiple attacks in the past, making the claim believable.

Referencing officials and experts, federal investigations of pandemic fraud have also pointed back to foreign state-affiliated hackers and suggest that the attacks may have targeted all 50 states.

Presuming APT41 did steal $20 million in pandemic relief funds, the theft would be a drop in a bucket next to the figures believed to have been extorted, stolen, or wrongly claimed.

The Justice Department indicated members and associates of APT 41 in September 2020 on allegations of state-sponsored hacking.

Groups and companies previously targeted by APT41 include software development companies, computer hardware manufacturers, telecommunications providers, social media companies, video game companies, non-profit organizations, universities, think tanks, and foreign governments, as well as pro-democracy politicians and activists in Hong Kong.

An in-depth analysis of four states by the Labor Department Office of Inspector General (OIG) found that around a fifth (19%) of the $872.5bn in federal pandemic unemployment funds were improperly paid.