The House Selection Committee on China has formally issued an advisory warning for a “ongoing” series of highly targeted cyberspy campaigns related to the People’s Republic of China (PRC) amid the US-China trade talks.
“These campaigns seek to compromise on organizations and individuals involved in US and China’s trade policy and diplomacy, including US government agencies, US business organizations, DC law firms, think tanks and at least one foreign government,” the committee said.
The committee has sent alleged threat actors from China via phishing emails sent to Republican Congressman John Robert Mourenard with the aim of tricking them into opening files and links that would allow them to unauthorized access to their systems and confidential information without knowledge.
The ultimate goal of the attack was to steal valuable data by abusing software and cloud services to hide traces of activity. This is a tactic often employed by state-sponsored hackers to avoid detection.
“This is another example of China’s offensive cyber operations designed to steal American strategy and use it against Congress, the administration and the Americans,” said Mourenar, who also chairs the House Selection Committee of the Communist Party of China (CCP). “We are not threatened. We will continue our work to keep America safe.”
The statement comes days after a report from the Wall Street Journal, which revealed on September 7, 2025 that several trade groups, law firms and US government agencies received email messages asking for opinions on proposals to sanction against China.
“Your insight is essential,” read the message along with an attachment containing a draft version of the law that included malware deployed at launch to collect sensitive data and deployed the malware to gain confirmed access to the target organization.
The attack is believed to be a work of APT41, a prolific hacking group known for targeting diverse sectors and targeting cyberspy regions.
“China will firmly oppose and fight all forms of cyberattacks and cybercrime,” the Chinese embassy in Washington told Reuters in a statement. “We are also firmly against painting others without strong evidence.”
“Shaking as known Beijing critic, Rep. Mourenar (R-MI), the attackers created the urgency and legitimacy that encourages quick responses,” Yejin Jang, government vice president of extraordinary AI, told Hacker News.
“Political communication is extended beyond official government devices and accounts. The sophisticated enemy understands and actively harnesses this reality. By spoofing trustworthy officials through personal or informal channels, attackers bypass traditional security management while amplifying trustworthiness.”
The committee also noted that the campaign was following another spear fishing campaign in January 2025, targeting staff in an incorrectly claimed email from a representative of China’s state-run crane maker ZPMC.
The attack used fake file sharing notifications to trick recipients into clicking on links designed to steal Microsoft 365 login credentials. The enemy also misused developer tools to create hidden paths and secretly extend data directly to servers under their control.
It is worth noting that in September 2024, the committee issued a research report arguing how ZPMC’s control in the ship-on-land (STS) port crane market “functions as a Trojan horse,” and advocated ways to help the CCP and China exploit and manipulate US marine equipment and technology.
“Consistent with external assessments based on targeting, timing and methodology, the committee believes this activity is a CCP-supported cyber espion that aims to influence U.S. policy deliberations and negotiation strategies and to favor trade and foreign policy.”
Source link
