NBC News reports that Chinese state-sponsored hacking operation APT41 was noted by the U.S. Secret Service to have stolen $20 million or more in COVID-19 relief benefits, including unemployment insurance funds across more than 12 states and Small Business Administration loans, nearly half of which have already been recovered.
Such a disclosure represents the first instance of publicly acknowledged pandemic fraud associated with state-backed hackers, and funds stolen by APT41 from relief benefits may be even higher than thought.
"It would be crazy to think this group didn't target all 50 states," said Secret Service National Pandemic Fraud Recovery Coordinator Roy Dotson. APT41 has long been an established force in cyberespionage efforts and targeting COVID-19 funds has become one of its means for furthering its operations, noted State Department Bureau of Cyberspace and Digital Policy Nathaniel Fick.
"The United States is target No. 1, because we are competitor No. 1. It's a really comprehensive, multi-decade, well-considered, well-resourced, well-planned, well-executed strategy," Fick added.
The Indianapolis Housing Agency has disclosed that 212,910 residents had their data exposed following a ransomware attack that commenced in September, reports The Record, a news site by the cybersecurity firm Recorded Future.
More than 1.5 million records of individuals banned to fly to the U.S., as well as the records of over 250,000 "selectees," or those who may need to undergo a Secondary Security Screening Selection when flying to the U.S., have been exposed following the public leak of the U.S. Transportation Security Agency's no-fly list obtained by Swiss hacker maia arson crimew from the database of Ohio-based airline CommuteAir, BleepingComputer reports.