In a recent development, the House Select Committee on China has issued a formal advisory highlighting an ongoing series of cyber espionage campaigns attributed to the People’s Republic of China (PRC). These campaigns are strategically targeting entities involved in U.S.-China trade policy and diplomacy, including U.S. government agencies, business organizations, law firms, think tanks, and at least one foreign government.
The committee’s investigation has revealed that threat actors, suspected to be affiliated with the Chinese state-sponsored hacking group APT41, have been impersonating Republican Congressman John Robert Moolenaar. By sending phishing emails under his name, these actors aim to deceive recipients into opening malicious files and links, thereby gaining unauthorized access to sensitive systems and information.
The primary objective of these cyber attacks is data exfiltration. The attackers employ sophisticated techniques, such as exploiting software vulnerabilities and leveraging cloud services, to conceal their activities and evade detection. This modus operandi is characteristic of state-sponsored hackers seeking to gather intelligence without leaving discernible traces.
Congressman Moolenaar, who also serves as the Chairman of the House Select Committee on the Communist Party of China (CCP), responded to these developments by stating, This is another example of China’s offensive cyber operations designed to steal American strategy and leverage it against Congress, the Administration, and the American people. We will not be intimidated, and we will continue our work to keep America safe.
These revelations align with a report from The Wall Street Journal dated September 7, 2025, which detailed that several trade groups, law firms, and U.S. government agencies received emails purportedly from Congressman Moolenaar. These emails solicited input on proposed sanctions against China and included attachments that, when opened, deployed malware designed to harvest sensitive data and establish persistent access within the targeted organizations.
APT41, also known as Double Dragon, is a notorious hacking group with alleged ties to the Chinese Ministry of State Security (MSS). The group is known for its dual objectives: conducting state-sponsored espionage and engaging in financially motivated cybercrimes. Their operations have historically targeted a wide range of sectors, including healthcare, telecommunications, and technology, across multiple countries.
The Chinese embassy in Washington has responded to these allegations by stating, China firmly opposes and combats all forms of cyber attacks and cyber crime. We also firmly oppose smearing others without solid evidence.
Cybersecurity experts have noted the sophistication of these attacks. Yejin Jang, vice president of government affairs at Abnormal AI, commented, By impersonating Rep. Moolenaar (R-MI), a known Beijing critic, the attackers created urgency and legitimacy that encouraged fast responses. Political communication extends beyond official government devices or accounts. Sophisticated adversaries understand this reality and actively exploit it. By masquerading as trusted officials through personal or non-official channels, attackers bypass traditional security controls while amplifying authenticity.
This recent campaign follows a similar spear-phishing attack in January 2025, where staffers of the House Select Committee on China received emails falsely claiming to be from the North America representative of ZPMC, a Chinese state-owned crane manufacturer. These emails used fake file-sharing notifications to trick recipients into clicking on links designed to steal Microsoft 365 login credentials. The attackers also exploited developer tools to create hidden pathways and covertly exfiltrated data to servers under their control.
The House Select Committee on China has been proactive in addressing these cyber threats. In September 2024, the committee published an investigative report alleging how ZPMC’s devices could be exploited for cyber espionage purposes. The report emphasized the need for heightened vigilance and robust cybersecurity measures to counteract such sophisticated threats.
The persistence and adaptability of APT41 underscore the evolving nature of cyber threats in the context of international relations. As U.S.-China trade negotiations continue, it is imperative for organizations and individuals involved in these discussions to remain vigilant and implement comprehensive cybersecurity protocols to safeguard sensitive information.
