A hacking group linked to the Chinese government is alleged to have stolen more than $20 million in COVID relief benefits, including U.S. Small Business Administration loans and unemployment funds in more than a dozen states.

NBC reported today that the allegation comes from the Secret Service, although the agency has not released a report on the matter. The group allegedly behind the theft, APT41 — also known as Wicked Panda and Winnti — is well-known and has been behind multiple attacks in the past, making the claim believable.

Referencing officials and experts, most speaking off the record, NBC said other federal investigations of pandemic fraud have also pointed back to foreign state-affiliated hackers. A spokesperson for the Secret Service declined to comment further, but one spokesperson did suggest that the attacks may have targeted all 50 states.

Presuming APT41 did steal $20 million in pandemic relief funds, the theft would be a drop in a bucket next to the figures believed to have been extorted, stolen or wrongly claimed. The Labor Department Office of the Inspector General believes that roughly 20% of the $872.5 billion spent on federal pandemic funds were improperly paid, with the fraud rate potentially higher yet.

The Justice Department indicated members and associates of APT 41 in September 2020 on allegations of state-sponsored hacking. At the time, the group was alleged to be behind computer intrusions affecting more than 100 companies and groups in the United States and abroad.

Groups and companies previously targeted by APT41 include software development companies, computer hardware manufacturers, telecommunications providers, social media companies, video game companies, nonprofit organizations, universities, think tanks and foreign governments, as well as pro-democracy politicians and activists in Hong Kong.

“The actions of Wicked Panda to steal from the U.S. Paycheck Protection Program post-COVID-19 comes as no surprise and should be a continued wakeup call,” Tim Kosiba, chief executive officer of government cybersecurity solutions and training provider bracket f Inc., a subsidiary of Redacted Inc., told SiliconANGLE. “This Chinese-backed…