IE 11 is not supported. For an optimal experience visit our site on another browser.

Congress presses Secret Service for more details about state-sponsored foreign hackers stealing Covid relief funds

At a House Oversight Committee hearing Wednesday, members from both parties cited an NBC News report about a group linked to China's government stealing millions.
Image: House Oversight And Reform Committee Holds Hearing On Waste And Fraud In Federal Pandemic Spending
From left, Gene Dodaro, Michael Horowitz and David Smith are sworn in Wednesday at a House Oversight and Accountability Committee hearing in Washington. Anna Moneymaker / Getty Images

At a House Oversight Committee hearing on Wednesday, members of Congress from both parties pressed the Secret Service for more information about foreign state-sponsored hackers stealing Covid relief funds, citing exclusive reporting from NBC News about fraud by hackers linked to the Chinese government.

In December, NBC News broke the story that APT41, a hacking group linked to the Chinese government, stole at least $20 million in U.S. Covid relief benefits, including Small Business Administration loans and unemployment insurance funds in over a dozen states, according to the Secret Service.

On Wednesday, Rep. Raja Krishnamoorthi, D-Ill, pushed witness David Smith, the assistant director of the Office of Investigations at the Secret Service, to reveal the full extent of cyberattacks by such groups on state computer systems. “Since that article came out, I got to believe that they’ve probably targeted a lot of states beyond a dozen,” Krishnamoorthi said.

Smith declined to elaborate and demurred when Krishnamoorthi asked whether any Russian state-sponsored hacking groups had stolen funds.

“Whether or not an entity is state-sponsored or not is generally not why we tend to focus on them. We follow money,” Smith said.

Rep. Kelly Armstrong, R-N.D., also referred to the NBC News report and asked Smith, “When do you think the Secret Service expects to have resolution on if the hackers acted on their own accord or by government direction?”

Smith answered, “Sir, sometimes in the context of a criminal investigation those answers never get reconciled.”

Asked for information about progress in the APT41 case, Smith said, “That case is a large, very broad case out of our Denver field office. And it will be unpacking that for some time, sir.”

The theft of taxpayer funds by the Chengdu-based hackers APT41 is the first instance of pandemic fraud tied to foreign, state-sponsored cybercriminals that the U.S. government has acknowledged publicly, but it may be the tip of the iceberg, according to U.S. law enforcement officials and cybersecurity experts.

In an interview on the eve of the hearing, the new chair of the committee, Rep. James Comer, R-Ky., called the theft of pandemic funds intended for taxpayers by a foreign adversary “a national security issue.”

“It’s one thing for American criminals to steal that money. But when we find out it’s our criminals in China and Russia and some other countries around the world that are adversarial to us, it makes it even worse. You pour salt in the wound,” Comer said. “This could be the largest transfer of wealth from the government to cyber attackers in American history.”

Comer told NBC News he has started a subcommittee on cybersecurity to explore options to reinforce the government’s defenses in hope of preventing similar incursions into state and federal computer systems.

The day after NBC News published its initial story in December, the state of Maryland banned the use of TikTok and other Chinese and Russian products by state agencies, citing NBC News' reporting that hackers linked to the Chinese government were stealing millions in Covid benefits from state governments in the U.S.

In announcing the emergency directive, the state said the entities “present an unacceptable level of cybersecurity risk to the state, and may be involved in activities such as cyber-espionage, surveillance of government entities, and inappropriate collection of sensitive personal information.”