The House Select Committee on China has formally issued an advisory warning of an “ongoing” series of highly targeted cyber espionage campaigns linked to the People’s Republic of China (PRC) amid contentious U.S.–China trade talks.
“These campaigns seek to compromise organizations and individuals involved in U.S.-China trade policy and diplomacy, including U.S. government agencies, U.S. business organizations, D.C. law firms and think tanks, and at least one foreign government,” the committee said[1].
The committee noted that suspected threat actors from China impersonated Republican Party Congressman John Robert Moolenaar in phishing emails sent to trusted counterparts with an aim to deceive them and trick them into opening files and links that would grant them unauthorized access to their systems and sensitive information without their knowledge.
The end goal of the attacks was to steal valuable data by abusing software and cloud services to cover up traces of their activity, a tactic often adopted by state-sponsored hackers to evade detection.
“This is another example of China’s offensive cyber operations designed to steal American strategy and leverage it against Congress, the Administration, and the American people,” said Moolenaar, who is also the Chairman of the House Select Committee on the Communist Party of China (CCP). “We will not be intimidated, and we will continue our work to keep America safe.”
The statement comes days after a report[2] from The Wall Street Journal, which revealed on September 7, 2025, that several trade groups, law firms, and U.S. government agencies received an email message from Moolenaar asking their input on proposed sanctions against China.
“Your insights are essential,” the contents of the message allegedly read, along with an attachment containing a draft version of the legislation that, when launched, deployed malware to gather sensitive data and gain entrenched access to the targeted organizations.
The attack is believed to be the work of APT41[3], a prolific hacking group[4] known for its targeting of diverse sectors and geographies for cyber espionage.
“China firmly opposes and combats all forms of cyber attacks and cyber crime,” the Chinese embassy in Washington told[5] Reuters in a statement. “We also firmly oppose smearing others without solid evidence.”
“By impersonating Rep. Moolenaar (R-MI), a known Beijing critic, the attackers created urgency and legitimacy that encouraged fast responses,” Yejin Jang, vice president of government affairs at Abnormal AI, told The Hacker News.
“Political communication extends beyond official government devices or accounts. Sophisticated adversaries understand this reality and actively exploit it. By masquerading as trusted officials through personal or non-official channels, attackers bypass traditional security controls while amplifying authenticity.”
The committee also noted that the campaign follows another spear-phishing campaign in January 2025 that targeted its staffers with emails that falsely claimed to be from the North America representative of ZPMC, a Chinese state-owned crane manufacturer.
The attack used fake file-sharing notifications in an attempt to trick the recipients into clicking on a link that’s designed to steal Microsoft 365 login credentials. The adversaries also exploited developer tools to create hidden pathways and covertly exfiltrated data straight to servers under their control.
It’s worth noting that the committee, in September 2024, published[6] an investigative report[7] alleging how ZPMC’s dominance in the ship-to-shore (STS) port crane market could “serve as a Trojan horse” and help the CCP and China exploit and manipulate U.S. maritime equipment and technology at their request.
“Based on the targeting, timing, and methods, and consistent with outside assessments, the Committee believes this activity to be CCP state-backed cyber-espionage aimed at influencing U.S. policy deliberations and negotiation strategies to gain an advantage in trade and foreign policy,” it said.