In July 2025, U.S. federal authorities initiated an investigation into a sophisticated cyberattack aimed at sensitive trade negotiations between the United States and China. The attack involved fraudulent emails impersonating Representative John Moolenaar, chairman of the House Select Committee on Strategic Competition between the United States and the Chinese Communist Party. These emails targeted U.S. trade groups, law firms, and government agencies, seeking to gather intelligence on America’s trade strategies with China.
The timing of the attack was particularly strategic, occurring just before crucial U.S.-China trade talks in Sweden. These discussions led to an extension of the tariff truce until early November, coinciding with a scheduled meeting between President Donald Trump and Chinese leader Xi Jinping at an Asian economic summit.
Cybersecurity experts traced the malware back to APT41, a notorious hacker group with established ties to Chinese intelligence operations. This attack is part of a broader pattern of Beijing-linked cyber espionage campaigns aimed at gaining insights into White House recommendations for contentious trade negotiations. The sophisticated nature of the operation suggests state-sponsored backing and advanced persistent threat capabilities.
The fraudulent emails employed social engineering tactics, containing subject lines such as Your insights are essential and requesting recipients to review what appeared to be legitimate proposed legislation. However, opening the attached draft legislation would have triggered the malware deployment, potentially granting the attackers extensive access to targeted organizational networks and sensitive communications.
The malware campaign demonstrated sophisticated infection mechanisms designed to establish persistent access while evading detection systems. The attack vector relied on malicious document attachments that likely contained embedded macros or exploited zero-day vulnerabilities in common office applications. Upon execution, the malware would have established command and control communications, enabling remote access to compromised systems.
The perpetrators employed advanced spoofing techniques to impersonate Representative Moolenaar’s official correspondence, likely harvesting legitimate email signatures and formatting to enhance authenticity. This approach demonstrates the attackers’ thorough reconnaissance capabilities and their understanding of U.S. political structures and communication patterns.
Detection of the campaign occurred when Moolenaar’s committee staff began receiving inquiries about emails they had never sent, triggering an internal investigation. The U.S. Capitol Police and FBI have since launched formal investigations, though authorities declined to comment on specific details of the ongoing probe.
China’s embassy in Washington denied involvement, stating they firmly oppose and combat all forms of cyber attacks and cyber crime while calling for evidence-based accusations rather than unfounded claims.
