The Home Choose Committee on China has formally issued an advisory warning of an “ongoing” collection of extremely focused cyber espionage campaigns linked to the Folks’s Republic of China (PRC) amid contentious U.S.–China commerce talks.
“These campaigns search to compromise organizations and people concerned in U.S.-China commerce coverage and diplomacy, together with U.S. authorities companies, U.S. enterprise organizations, D.C. legislation corporations and assume tanks, and at the least one overseas authorities,” the committee stated.
The committee famous that suspected risk actors from China impersonated Republican Get together Congressman John Robert Moolenaar in phishing emails despatched to trusted counterparts with an purpose to deceive them and trick them into opening recordsdata and hyperlinks that may grant them unauthorized entry to their programs and delicate info with out their data.
The tip aim of the assaults was to steal worthwhile knowledge by abusing software program and cloud providers to cowl up traces of their exercise, a tactic typically adopted by state-sponsored hackers to evade detection.
“That is one other instance of China’s offensive cyber operations designed to steal American technique and leverage it in opposition to Congress, the Administration, and the American individuals,” stated Moolenaar, who can also be the Chairman of the Home Choose Committee on the Communist Get together of China (CCP). “We is not going to be intimidated, and we are going to proceed our work to maintain America secure.”
The assertion comes days after a report from The Wall Road Journal, which revealed on September 7, 2025, that a number of commerce teams, legislation corporations, and U.S. authorities companies acquired an electronic mail message from Moolenaar asking their enter on proposed sanctions in opposition to China.
“Your insights are important,” the contents of the message allegedly learn, together with an attachment containing a draft model of the laws that, when launched, deployed malware to assemble delicate knowledge and achieve entrenched entry to the focused organizations.
The assault is believed to be the work of APT41, a prolific hacking group recognized for its focusing on of numerous sectors and geographies for cyber espionage.
“China firmly opposes and combats all types of cyber assaults and cyber crime,” the Chinese language embassy in Washington informed Reuters in a press release. “We additionally firmly oppose smearing others with out strong proof.”
“By impersonating Rep. Moolenaar (R-MI), a recognized Beijing critic, the attackers created urgency and legitimacy that inspired quick responses,” Yejin Jang, vice chairman of presidency affairs at Irregular AI, informed The Hacker Information.
“Political communication extends past official authorities gadgets or accounts. Refined adversaries perceive this actuality and actively exploit it. By masquerading as trusted officers by private or non-official channels, attackers bypass conventional safety controls whereas amplifying authenticity.”
The committee additionally famous that the marketing campaign follows one other spear-phishing marketing campaign in January 2025 that focused its staffers with emails that falsely claimed to be from the North America consultant of ZPMC, a Chinese language state-owned crane producer.
The assault used faux file-sharing notifications in an try to trick the recipients into clicking on a hyperlink that is designed to steal Microsoft 365 login credentials. The adversaries additionally exploited developer instruments to create hidden pathways and covertly exfiltrated knowledge straight to servers underneath their management.
It is value noting that the committee, in September 2024, printed an investigative report alleging how ZPMC’s dominance within the ship-to-shore (STS) port crane market may “function a Computer virus” and assist the CCP and China exploit and manipulate U.S. maritime gear and know-how at their request.
“Primarily based on the focusing on, timing, and strategies, and in keeping with outdoors assessments, the Committee believes this exercise to be CCP state-backed cyber-espionage aimed toward influencing U.S. coverage deliberations and negotiation methods to achieve a bonus in commerce and overseas coverage,” it stated.
