Cyber-espionage is a long time Chinese national priority aimed at strengthening its geopolitical position. Experts and officials describe the Chinese model of “state-sponsored” hackers as a network of semi-independent groups which are part of the country’s espionage efforts. One such group is APT41, also known to cyber-security firms as Winnti, Barium and Wicked Panda. The group is considered a prolific Chinese intelligence asset. The primary purpose of APT41’s state-directed activity is believed to be collecting personally identifying information and data about American citizens, institutions and businesses that can be used by China for espionage purposes. Recently, the US Secret Service revealed that APT41, the Chengdu-based hacking group, stole at least $20 million in US Covid relief benefits, including Small Business Administration loans and unemployment insurance funds in over a dozen states.
The Covid cyber-theft began in mid-2020 and spanned 2,000 accounts associated with more than 40,000 financial transactions. The theft of taxpayer funds is the first instance of pandemic fraud tied to foreign, state-sponsored cybercriminals that the US government has acknowledged publicly, but they may just be the tip of iceberg, according to US law enforcement officials and cyber-security experts. According to cyber experts and officials from multiple agencies, by the time Covid relief funds appeared as a target of opportunity in 2020, APT41, which emerged more than a decade ago, had already become the “workhorse” of cyber-espionage operations that benefit the Chinese government. The US Secret Service stated that it considers APT41 a “Chinese state-sponsored, cyber-threat group that is highly adept at conducting espionage missions and financial crimes for personal gain”. As soon as state governments began disbursing Covid unemployment funds in 2020, cybercriminals began to siphon off a significant percentage.
The US Labour Department of Inspector General has reported an improper payment rate of roughly 20% for the $872.5 billion in federal pandemic unemployment funds though, administration officials from multiple agencies claim that the actual amount of fraud 2 could be higher. In the past, American officials have blamed the Chinese hackers for breaches in the Office of Personnel Management, the Anthem Health and the Equifax among others. In another case, four Chinese nationals living in Sydney were charged for sophisticated cyber scam. They were part of an organized criminal syndicate involved in a cyber-enabled investment scam that has resulted in more than US$ 100 million in losses world-wide. The syndicate employed a sophisticated mix of social engineering techniques, including the use of dating sites, employment sites and messaging platforms to gain victim’s trust before mentioning investment opportunities.
The victims were then directed to both fraudulent and legitimate investment applications that deal in foreign exchange and crypto-currency, which were maliciously manipulated to show a false positive return on investments. An analysis of victim reports by police has identified more than US$100 million in losses world-wide attributed to this organised crime syndicate, with the majority of victims being based in the United States. It is no longer a hidden fact that these hackers work in tandem with Chinese government to carry forward their State’s agenda. These financial frauds do not appear to be happenstance rather they seem to be well thought out plans to break target countries’ backbone by destroying their economy.